A data breach occurs when sensitive information is exposed to unauthorized parties. When this happens, the affected company typically notifies those whose data has been compromised, often via a letter or an email message. In some cases, such notification is legally required.
Be sure to read all notifications thoroughly. Various actions are necessary based on the type of data compromised. Even if seemingly unimportant information is exposed in the breach, scammers can use it to their advantage. When a database with emergency contact information is breached, for example, scammers may use that data to lend credibility to their schemes.
Types of exposed data and consumer responses:
Social Security number
- If the company that is the source of the data breach provides free credit monitoring, consider taking advantage of that offer. These services often include alerts for new credit accounts, dark-web monitoring and identity theft insurance.
- Visit www.AnnualCreditReport.com for free credit reports, available once a week.
- Consider a credit freeze, which locks your credit, preventing new creditors from accessing your reports. This helps shield you from unauthorized accounts being opened in your name. Note that a credit freeze doesn’t stop unauthorized charges on existing accounts, so it’s crucial to review your statements closely. Contact all three major credit-reporting agencies to initiate a freeze:
Online login or password
- Log in to that account and immediately change your username and password. If you can’t log in, contact the company to find out how you can recover or shut down the account.
- If you use the same password anywhere else, change it for the other accounts.
- Is your credit-card number stored in that account? Check your credit-card account for any charges that you don’t recognize.
- Use multifactor authentication for your accounts, which adds an extra security layer by requiring an additional step – such as a text to your phone, for access.
Bank-account or credit-card/debit-card information
- If your bank information was exposed, contact your bank to close the account and open a new one. If credit-card or debit-card information was exposed, contact your bank or credit-card company to cancel your card and request a new one. If you contact your credit-card company within two billing cycles, you are generally limited to $50 in liability, which may be waived by your credit-card company. With a debit card, if you report the incident within two business days after discovering the loss, you are liable for up to $50. After two business days, you might be liable for more.
- Examine all bank accounts and payment methods linked to the breach, including credit cards and services such as Venmo and Zelle.
Consumers who suspect an unfair business practice or want help in addressing a consumer problem should contact the Ohio Attorney General’s Office at www.OhioProtects.org or 800-282-0515.