Data leaks are becoming very common in the US as government agencies and organizations store users' information online. According to a report by the Identity Theft Resource Center (ITRC), the number of data breach incidents increased by 68% from 2020 to 2021.
Individuals with exposed confidential information due to a company's data breach often lose money to identity fraud. An example of a data leak is the 2017 Equifax data breach, which affected more than 147 million residents with settlement claims worth $525 million. Knowing what to do after a data breach incident will protect you from financial losses.
In most cases, data leaks happen when fraudsters and hackers carry out organized cyberattacks to access a company or government agency system. However, some data leaks occur due to an organization's improper disposal of sensitive data. Personal information exposed after data leak incidents may include medical records, driver's licenses, email addresses and passwords, social security numbers (SSN), and financial details.
Generally, companies affected by data breaches often email users about these incidents. While the company or agency works to resolve the issue, individuals can take further steps to protect their identity from getting into the wrong hands. Here are seven steps you should take once you receive an email informing you of a data leak incident.
Receiving an email about a data leak is not enough proof that a breach occurred. Sometimes, hackers send emails about a data leak to access your confidential details. Scammers may also use fake breach emails to exploit emotional reactions to fraud, which forces many people to make the wrong moves. Once you get a data breach email, do not panic. Do not follow any link or call numbers provided in the message.
According to the Federal Trade Commission (FTC), each state in the US has laws mandating organizations to disclose data breaches. So, the best way to confirm a data leak incident is to check the company's main website. You can also reach out to the customer support team of the organization or agency involved. The company will also give you details of what personal information is exposed and how to handle the issue.
Once you are sure that your data was compromised, you must update your password immediately. If you're lucky, you'll make the necessary changes to your username and password before anybody else does.
Change all of your passwords first. Selecting a password with a minimum of 12 characters and a mix of capital and lowercase letters, digits, and symbols is important. Do not include personal details like your birthdate or pet's name.
You can strengthen your account security using multi-factor authentication (MFA) or two-factor authentication (2FA). This additional security precaution needs a one-time-use pin in addition to your password and username to access an account. Without this one-time pin, often sent to your unique phone number, hackers will be unable to access your account even if they have the username and password.
In some cases, scammers may also have access to phone numbers and use them to get your 2FA/MFA pins. They do this using a technique known as Caller ID Spoofing to mask their true identities. This allows them to convince individuals to reveal their passwords, usernames, or two-factor authentication details.
You can download a reverse phone lookup app to help you detect the true identity of callers. There are also reverse email lookup services that provide information on the identity of email senders. Once you discover the identity of scam callers requesting confidential information, use call blocking tools to stop them from making further calls.
Data leaks often result in identity theft or credit card fraud, which is increasing in the US. According to the FTC's Consumer Sentinel Network 2021 Data Book, more than 1.4 million citizens reported identity theft cases. Therefore, you should install a few fraud protection measures following a data breach to protect your accounts.
In general, be mindful of your bank's emails and phone calls. If you have any problem with your creditors or banks, call the main hotline on the back of your credit card or bank statement. Also, ensure that you are visiting the appropriate website when you Google your bank (for example, by typing in your bank's name). Fraudsters have been known to create fake pages that closely resemble legitimate ones.
Once you confirm a data leak and there is a real risk of financial loss, it is best to set up a fraud alert. With this in place, lenders must confirm your identity before approving any credit. Setting up a fraud alert makes it difficult for criminals to register new accounts or secure financing in your name.
You can establish a fraud alert by contacting one of the three main credit bureaus, Experian, Equifax, or TransUnion. Generally, you can only set up a fraud alert using one credit bureau, while the receiving agency will notify the remaining two. Note that fraud alerts are only active for one year. You may qualify for an extended fraud alert if you report an identity theft case to local authorities.
Placing a credit freeze on your credit report is another way to secure your funds after confidential data leaks to the public. Once you freeze your credit, it will be impossible for individuals or companies to investigate your credit history.
Although this cannot affect your credit score, you will not be able to get mortgages, car loans, or credit facilities until you disable the freeze. Unlike a fraud alert, you can only set up a credit freeze by contacting all the credit bureaus independently. For many, the best course of action is to have your credit indefinitely frozen and only unblock it when you need to make a credit application.
Generally, an agency or organization affected by a data breach incident does its best to secure customers' data. However, you should always monitor your financial activities even after the company declares that it is no longer vulnerable to data leaks. To avoid financial fraud, here are some activities to look out for:
Once identity fraudsters obtain your details, they can steal money from your bank account, make unauthorized purchases on your credit cards, start new utility bills, or even use your healthcare coverage to pay for medical care. In addition, anyone with your information can submit a tax refund application and receive your return. A thief can even provide your identity to the authorities following an arrest.
Common signs that fraudsters are stealing from you using the information gotten from a data leak include:
When you notice these signs, the first step is to contact your local police department. Afterward, report identity thefts to the FTC by calling 1-877-ID-THEFT (877-438-4338) or filing a report online. It is possible to recover some losses when you report the case to the FTC's IdentityTheft.gov.