Data breaches and hacking scandals have become a regular part of the news cycle. In 2017, credit bureau Equifax reported a breach exposing almost 150 million consumers, compromising Social Security numbers, birth dates and addresses. In 2019, more than 540 million Facebook user records, including account numbers and IDs, were exposed on Amazon’s cloud service. In March, Marriott International announced more than 5 million guest accounts had been hacked, revealing mailing addresses and phone numbers.
You'd think most people would protect themselves against further breaches, right?
“No,” said Doug Pollack, chief marketing officer for ID Experts, an identity protection company. “It’s really bad. It’s extremely pervasive and not enough people are worried about it.”
Some of your data is likely available for sale right now, he said. Even if you’re careful to protect your financial information, third parties that hold your information (think of how many apps may have access to your Facebook info) may get hacked, exposing your data.
“I think people are really unaware of the consequences until it happens to them,” said Darren Guccione, CEO of Keeper, a password management software company. “Trying to stop data breaches is like whack-a-mole. The second someone shuts one down, another one comes up.”
Get the latest money news and money news with the Easy Money newsletter.
So how can you protect yourself?
Preemptive tasks, like monitoring your accounts closely (and filing your taxes early,) can prevent — or minimize the risk of — common online data exposures.
“The simple things are often the most important,” said Pollack.
It’s difficult to recover your data once you’ve allowed third parties access to it, but it’s not impossible, Pollack said. Look at your account’s privacy settings and see if there’s an option to exclude certain apps from accessing your account details.
Use strong passwords, especially on financial accounts (we’ve got tips here). Rethink sharing personal information online, or limit access to your public social media pages. A thief can use the information to answer security questions (what was your first pet’s name, what is your mother’s maiden name, etc.) on your accounts.
Avoid using public Wi-Fi, said Pollack. It’s an easy way for fraudsters to gain access to your devices. If you do use public Wi-Fi, consider buying a virtual private network, said Will LaSala, director of security solutions for cybersecurity company OneSpan. VPNs allow you to create a secure connection and protect your browsing history from others on public Wi-Fi.
Scams, like phishing emails and spam calls that attempt to trick you into handing over your financial information, are the most common way for hackers to obtain your data, said LaSala. We have a guide to the most popular scams and how to avoid them here.
What to do after a data breach
The sooner you report fraud or data exposure, the sooner you can minimize the damage. Guccione outlined the steps you can take if your personal data has recently been exposed.
- Get confirmation. When a data breach occurs, scammers may reach out to you posing as the breached company to get more personal information. To confirm a breach has happened, go to the company’s secure website or call to confirm. You can also use this website (it looks scammy but it’s legit) to learn if your information has been exposed. The same website allows you to sign up for email alerts in case another breach occurs.
- Figure out what was exposed. Understanding which information was exposed will help determine your next steps. For example, changing your email address or credit card number is much different and easier than your Social Security number.
- Find immediate help. See if the company is offering help in the form of data repair services or monetary assistance. After its breach, Equifax agreed to pay a $671 million settlement to those affected.
- Change your passwords. While you can’t un-expose your personal information, you can take steps to protect further information from being exposed. Change your login information, strengthen your passwords and add two-factor authentication, which requires multiple devices to sign in, if you haven’t already. A password manager like Keeper or 1Password can help you generate and securely store new, complicated passwords.
- Additional steps. Unfortunately, the fallout of the breach may last a while, depending on the information exposed. If your credit card information was revealed, cancel your cards as soon as possible and request new ones. Carefully monitor your credit card statements and report any suspicious activity. If identification like your driver’s license was stolen, you’ll have to replace that as well. The steps will vary depending on your state. Also, monitor changes to your credit reports — you can get a free report from each of the three credit bureaus each year via AnnualCreditReport.com. (The bureaus are offering free weekly online reports through April 2021.) If you see anything suspicious or wrong, file a dispute.
The worst-case scenario
Your Social Security number is among the worst pieces of your identity to have stolen. The thief can use your number to open new lines of credit in your name, use your number to get a job or even file a tax return in your name, said LaSala. If you believe this information has been compromised, visit the Federal Trade Commission website identitytheft.gov, where you can find comprehensive checklist on best next steps.
Consider purchasing identity theft insurance. It doesn’t guarantee against identity theft, but it provides monitoring to minimize the more serious consequences if your information is exposed. Learn more about identity theft insurance here.
You can’t control data breaches, but you can be proactive and keep your data as secure as possible. And if you do notice something suspicious in your accounts, it’s better to overreact than have your identity stolen.
Not sure when to freak out about your information being stolen? Check out our Identity Theft Index.
Image: Nastia Kobzarenko