What To Do If You Are Data Breached
1. Determine what was stolen.
You'll need to pin down exactly what kind of information was lost in the data breach. Sensitive information falls into three general categories:
Least sensitive: Names and street addresses. Such information was pretty harmless when it was printed in the phone book. Today, a name typed into a search engine can yield data useful to online marketers and nosy neighbors, but probably not enough to cause serious trouble.
More sensitive: Email addresses, dates of birth and payment-card account numbers. (Payment cards include debit cards, credit cards and charge cards like an American Express card.)
2. Change all affected passwords.
If an online account has been compromised, change the password on that account right away. If you used the same password for any other accounts, change those as well, and make up a new, strong password for each and every account.
Don't reuse the password for a second account. That way, you'll be limiting the damage next time there's a data breach, and you won't have to go through this process again.
If the online company offers two-factor authentication to protect an account, use it.
3. Contact relevant financial institutions.
If a payment-card number has been stolen, contact the bank or organization that issued the card — immediately. (Most credit cards have toll-free customer-service numbers printed on the back.) Make sure you speak to a live human representative. Explain that your account is at risk of fraud, and ask the card issuer to alert you if it detects suspicious activity on your account. The bank will almost certainly cancel the card and issue you a new one straight away.
4. Contact the credit-reporting bureaus.
Contact the major consumer credit-reporting bureaus and ask each to place a fraud alert on your name. This way, if anyone tries to steal your financial identity — for example, by trying to open a credit-card account in your name — you'll know. (You'll also learn when anyone tries to look up your credit.)