Woman mobile banking on a bridge
Patrik Giardino/Getty Images

The Marriott data breach announced today contained the information of up to approximately 500 million customers. This breach affects those who had a reservation at a Starwood property on or before Sept. 10.

You need to act now. If you’re concerned that your identity may be at risk, here are five ways to protect yourself.

1. Don’t hesitate: Freeze your credit

Thanks to a new law that went into effect in September, there is no longer a charge to have a credit freeze, which is also known as a security freeze. A credit freeze may protect you if someone tries to apply for credit in your name using information that they accessed during a breach. Every data breach is another reminder that you should take advantage of this.

2. Monitor accounts and your credit

A data breach is a good reminder to always monitor your credit report. Being proactive allows you to see if there is any unusual activity on your credit report. You can get a free credit report from Bankrate.

Because some credit card numbers and expiration dates may have been compromised, you may want to talk to your financial institution about getting a new credit or debit card number issued. At the very least, it’s smart to have text, email or mobile notifications of purchases and to monitor your accounts on a daily basis for potential fraudulent activity.

While you’re generally not liable for fraudulent credit card charges, identity thieves are becoming more sophisticated. And, if you don’t discover a bogus charge, you’ll pay.

3. Add new layers of security

Safeguard your accounts by enrolling in two-factor authentication, which would require you to log on using both a password and a one-time code sent to your smartphone. That would make it more difficult for a criminal to gain access.

Many Americans fail to understand two-factor authentication. Only 10 percent could identify it correctly in a 2017 survey by the Pew Research Center.

You’ll also want to set up a PIN code with your wireless provider, so a customer service agent wouldn’t be tricked into allowing a hacker to commandeer your phone.

And, establish a system with financial advisers who have  access to your investment accounts so it would take more than just a simple email from you to get them to wire money from your funds.

Adding a verbal password to your account can also add another layer of security. Most financial institutions will allow you to add one. The representative should ask you for this verbal password when you call on the phone or visit in person, depending on that institution’s policies. But be warned, if you forget this verbal password, you’ll likely have to go through a lot of work to prove your identity. As with all passwords, keep these unique and hard for others to guess. Also, if the institution doesn’t ask for the verbal password or makes it too easy to reset, this method won’t protect you.

4. Be careful with your taxes

Identity thieves don’t stop with credit cards. In 2017, the IRS received 242,000 reports from taxpayers of identity theft. One way to remain vigilant when it comes to protecting yourself from identity theft is to file your return as early as possible, and change your withholding to lower a potential refund.

If you think you’re the victim of fraud, file the identity-theft affidavit, Form 14039, with the IRS.

5. Watch your emails and snail mail

Hackers also may use stolen information to send you a phishing email – a note that looks legitimate but contains links to malware.

It’s usually better to go right to the website and type in the address in your browser, rather than clicking on a link – if possible.

Fraudsters can use these emails to get you to click on encryption ransomware, which can block you out of your photos and sensitive files until you agree to pay a ransom to regain access. Backing up your data on a hard drive is key.

Get into the habit of reading email carefully before responding, paying special attention to the sender. A scammer might hide behind a name that looks familiar, but the spelling will be off by a letter or two.

Give the same close attention to “explanation of benefits letters” you receive from your health insurance company.