How to Protect Against Identity Fraud After a Data Breach

September 24, 2021 - by Identity Champion

Has your personal data ever been affected by a data breach? In 2021 alone there have been data breaches at major companies, plus the leak of a file with potentially billions of passwords from past data breaches.

Depending on the data breach, customer information that a business has collected including email addresses, user names, passwords, credit card numbers, home addresses, and even Social Security Numbers could become exposed. 

What does this mean for you as a consumer? If your personal data is included in a breach, it may end up on the dark web — a hidden network of websites where cyber criminals can anonymously sell and trade stolen information which can then be used to commit identity theft and other crimes.1

In 2020, consumers lost almost $3.25 million to personal and corporate data breaches.²  While many companies are working to tighten their cyber security, data breaches continue to be a threat. As such, it’s important to know the steps you can take to protect against identity fraud if your data has been exposed.

Step 1: Determine if Your Data Was Exposed

If you hear the news that a company you’ve done business with has experienced a data breach, the first step is to find out if your personal data was exposed. 

The website Have I Been Pwned? is a quick way to check if your email address or phone number has been compromised. For more in-depth information, a dark web scan will search through databases of stolen data to see if your personal information is being bought, sold, or traded on illegal online markets. 

All AAA Members have access to Identity Champion Basic as part of their Membership, which includes dark web monitoring, as well as automatic alerts that keep you updated if your info is detected on the dark web. 

Many companies may follow best practice and notify you via email (or other communication method) to let you know if a breach has occurred. However, this type of email can also be faked by scammers trying to steal your personal information. 

If you receive an email about a data breach, use caution and do not click on any links within the email. Instead, go to the company’s website and use the email, phone number, or customer service portal provided on their site to contact the company and confirm if there has been a data breach and, if so, which data was compromised.

Step 2: Strengthen Your Online Security

Do you use the same password to log in to multiple websites? Being lax with cyber security can have big consequences.

If your password to a specific website was exposed in a data breach, cyber criminals may try “credential stuffing” (a tactic where they’ll use a username and password combo on popular websites to see if they can gain access to more of your accounts). This provides multiple opportunities to steal more of your personal information and commit identity theft. 

If one of your online accounts is compromised in a data breach you should change the password immediately, as well as the log-in info for any other sites that use the same password.

Be sure to create a unique, strong password that has at least 6 characters, includes numbers, symbols, upper and lower case letters, and does not include personal information (like your address or birthday) for each online account.

Using a password manager can help you create and store strong passwords so you’re not tempted to use the same password on multiple sites.

Whenever possible, you should also activate two-factor authentication to add an extra layer of security to your sign-in process. After you enter your username and password, two-factor authentication requires that you also enter a one-time security code that is provided via SMS, email, phone, or an authentication app. This process can prevent cyber criminals from logging into an account even if they’re able to steal the username and password.

Step 3: Protect Your Finances

Contact Your Financial Institutions 

If you’ve learned that your financial information was exposed in a data breach, you should review your financial statements for fraudulent activity and immediately notify the fraud department at your bank or credit card provider about the accounts that may have been compromised. Catching financial fraud as quickly as possible can help to limit the damage done by identity thieves.

Check Your Credit Report 

Whether or not you know for a fact that your financial information has been compromised, you’ll still want to request a free copy of your credit report from the three credit bureaus (Experian, Equifax, and TransUnion). Review your credit reports to see if there’s been any suspicious activity, and keep them on hand to use as a baseline for comparison in case fraudulent activity occurs in the future. 

Review Credit Alerts

If you have credit monitoring through your credit card provider or Identity Champion, you’ll receive alerts if there are any changes to existing credit accounts. Identity Champion Members with Protect and Complete plans also have access to new credit inquiry monitoring and receive alerts if fraudsters attempt to open new bank or credit cards, auto loans, telecom applications, prepaid credit cards, student loans, or payday loans.

Consider a Credit Freeze or Credit Lock

If you don’t see any fraudulent activity on your credit report but want to proactively protect your finances, consider activating a credit freeze or credit lock. Either of these will prevent your credit report from being shared with companies requesting your file, which will block scammers from opening most types of credit cards and loans in your name. Identity Champion Members with a Complete plan have the ability to instantly lock and unlock their Experian credit file with the click of a button through Identity Champion’s secure online portal. 

Request a Fraud Alert

If it turns out that you are a victim of financial fraud due to a data breach, you can contact any of the credit bureaus to request that a fraud alert be placed on your file. Any institution that is asked to issue credit in your name will see the fraud alert on your credit report and will take steps to verify that it’s really you they’re interacting with, and not an imposter. You should also ask the credit bureaus to remove any fraudulent information that is showing up on your credit report as this can negatively affect your credit score. The FTC provides a sample letter to help you draft your request. 

As data breaches continue to be a common hazard of doing business in our increasingly digital world, Identity Champion is providing more ways to protect and repair your identity, including hands-on identity restoration agents.

The content provided in this blog post is for informational purposes only. A3 Labs LLC makes no representations as to the accuracy or completeness of the information contained in this or any blog post on the Identity Champion website.

1 Source: Federal Trade Commision, The dark web: What your business needs to know,

2 Source: FBI ICCC Internet Crime Report 2020,

3 The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company under group or blanket policy(ies). The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.