Subscribe for insights, tips, and money-saving offers to help protect your identity and your finances from fraud.
By entering my email and clicking the "Subscribe" button, I expressly consent to receiving informational and marketing emails, including the Cyber News by Identity Champion blog, from A3 Labs LLC and its parents and subsidiaries. You will receive an email from us within an hour asking you to confirm your subscription.
Has your personal data ever been affected by a data breach? In 2021 alone there have been data breaches at major companies, plus the leak of a file with potentially billions of passwords from past data breaches.
Depending on the data breach, customer information that a business has collected including email addresses, user names, passwords, credit card numbers, home addresses, and even Social Security Numbers could become exposed.
What does this mean for you as a consumer? If your personal data is included in a breach, it may end up on the dark web — a hidden network of websites where cyber criminals can anonymously sell and trade stolen information which can then be used to commit identity theft and other crimes.1
In 2020, consumers lost almost $3.25 million to personal and corporate data breaches.² While many companies are working to tighten their cyber security, data breaches continue to be a threat. As such, it’s important to know the steps you can take to protect against identity fraud if your data has been exposed.
Step 1: Determine if Your Data Was Exposed
If you hear the news that a company you’ve done business with has experienced a data breach, the first step is to find out if your personal data was exposed.
The website Have I Been Pwned? is a quick way to check if your email address or phone number has been compromised. For more in-depth information, a dark web scan will search through databases of stolen data to see if your personal information is being bought, sold, or traded on illegal online markets.
All AAA Members have access to Identity Champion Basic as part of their Membership, which includes dark web monitoring, as well as automatic alerts that keep you updated if your info is detected on the dark web.
Many companies may follow best practice and notify you via email (or other communication method) to let you know if a breach has occurred. However, this type of email can also be faked by scammers trying to steal your personal information.
If you receive an email about a data breach, use caution and do not click on any links within the email. Instead, go to the company’s website and use the email, phone number, or customer service portal provided on their site to contact the company and confirm if there has been a data breach and, if so, which data was compromised.
Step 2: Strengthen Your Online Security
Do you use the same password to log in to multiple websites? Being lax with cyber security can have big consequences.
If your password to a specific website was exposed in a data breach, cyber criminals may try “credential stuffing” (a tactic where they’ll use a username and password combo on popular websites to see if they can gain access to more of your accounts). This provides multiple opportunities to steal more of your personal information and commit identity theft.
If one of your online accounts is compromised in a data breach you should change the password immediately, as well as the log-in info for any other sites that use the same password.
Be sure to create a unique, strong password that has at least 6 characters, includes numbers, symbols, upper and lower case letters, and does not include personal information (like your address or birthday) for each online account.
Using a password manager can help you create and store strong passwords so you’re not tempted to use the same password on multiple sites.
Whenever possible, you should also activate two-factor authentication to add an extra layer of security to your sign-in process. After you enter your username and password, two-factor authentication requires that you also enter a one-time security code that is provided via SMS, email, phone, or an authentication app. This process can prevent cyber criminals from logging into an account even if they’re able to steal the username and password.
Step 3: Protect Your Finances
Contact Your Financial Institutions
If you’ve learned that your financial information was exposed in a data breach, you should review your financial statements for fraudulent activity and immediately notify the fraud department at your bank or credit card provider about the accounts that may have been compromised. Catching financial fraud as quickly as possible can help to limit the damage done by identity thieves.
Check Your Credit Report
Whether or not you know for a fact that your financial information has been compromised, you’ll still want to request a free copy of your credit report from the three credit bureaus (Experian, Equifax, and TransUnion). Review your credit reports to see if there’s been any suspicious activity, and keep them on hand to use as a baseline for comparison in case fraudulent activity occurs in the future.
Review Credit Alerts
If you have credit monitoring through your credit card provider or Identity Champion, you’ll receive alerts if there are any changes to existing credit accounts. Identity Champion Members with Protect and Complete plans also have access to new credit inquiry monitoring and receive alerts if fraudsters attempt to open new bank or credit cards, auto loans, telecom applications, prepaid credit cards, student loans, or payday loans.
Consider a Credit Freeze or Credit Lock
If you don’t see any fraudulent activity on your credit report but want to proactively protect your finances, consider activating a credit freeze or credit lock. Either of these will prevent your credit report from being shared with companies requesting your file, which will block scammers from opening most types of credit cards and loans in your name. Identity Champion Members with a Complete plan have the ability to instantly lock and unlock their ExperianⓇ credit file with the click of a button through Identity Champion’s secure online portal.
Request a Fraud Alert
If it turns out that you are a victim of financial fraud due to a data breach, you can contact any of the credit bureaus to request that a fraud alert be placed on your file. Any institution that is asked to issue credit in your name will see the fraud alert on your credit report and will take steps to verify that it’s really you they’re interacting with, and not an imposter. You should also ask the credit bureaus to remove any fraudulent information that is showing up on your credit report as this can negatively affect your credit score. The FTC provides a sample letter to help you draft your request.
As data breaches continue to be a common hazard of doing business in our increasingly digital world, Identity Champion is providing more ways to protect and repair your identity, including hands-on identity restoration agents.