What to do if you’re impacted by a data breach
The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
Five years after the infamous Equifax data breach of September 2017, the threat of data breaches continues to loom large. They still happen, with hackers finding more savvy ways to surreptitiously access your information.
As an informed consumer, you should know what to do when you find out you have been impacted by a breach that has exposed your personal information.
What is a data breach?
A data breach occurs when an unauthorized person accesses your confidential or sensitive information. They could access data that you have provided to a business yourself. Or the data may have been provided from one business, such as a marketing firm, to another.
When hackers break into a business’s computer systems and find out personal information about you such as your credit card information, date of birth, Social Security number or passwords, that’s a data breach.
They may have accessed the system because of a weak spot in the technology or because they were able to lure someone into unwittingly providing them access.
In the Equifax data breach, the credit reporting agency’s store of information on 147 million people was exposed. The information leaked included their names, phone numbers, Social Security numbers, residential addresses and driver’s license numbers.
In today’s digital world, unfortunately, the Equifax breach is not unique in terms of the scope of its impact. Other businesses that have been impacted by large data breaches in recent years include:
- Marriott International in 2018 (impacting up to 500 million customers)
- Uber in 2016, exposing the information of 57 million Uber customers as well as that of Uber drivers, and another incident in 2022 that the rideshare company is investigating
- Yahoo (information leaked from 2013 to 2014 impacted about three billion customer accounts)
In the first half of 2022, there were 817 data compromise incidents, a slightly slower pace than the 851 reported for the 2021 first half, according to a report from the Identity Theft Resource Center. For all of 2021, there were 1,862 data breaches that were publicly reported.
“We see the criminals continuing to shift their tactics resulting in the significant drop in the number of victims impacted,” Eva Velasquez, president and CEO of the ITRC, said in a statement. “We also see a decrease in the number of publicly reported data breaches and the number of data breaches linked to ransomware attacks.”
She added that the declines could be misleading “since 40 percent of the data breach notices issued in the first half of the year did not include basic information like attack vector or victim count.” Moreover, a few large breaches, or even several smaller ones, later in the year could reverse this trend.
How do data breaches happen?
Hackers can adopt a variety of ways to gain unauthorized access to your information. One popular method is “phishing.” Criminals could send an email to a business’s employees that looks like it’s from a business they are familiar with or a personal or professional contact.
When the unwitting recipient clicks on a link in the email, it provides an entry for the criminal to access a computer system. Engaging in the same practice via text messages is called “smishing.” According to the ITRC, phishing was the leading cause of data compromises in the first half of 2022.
Another way to gain access to passwords that provide entry to a business’s system is through brute force attacks. As computers work faster and faster, it becomes easier for hackers to guess computer passwords. They keep guessing until they hit the right one by chance.
A ransomware attack could also lead to a data breach. In this sort of attack, bad actors encrypt files on a device so that a business cannot access or use the files and the system they work with. The hackers then ask businesses for ransom in order to decrypt the files and restore the business’ access to them.
Also, a computer’s operating systems, software, hardware or the network and server it is connected to could have security lapses. Hackers could seize on these chinks in the armor to inject malware and gain access to a computer system.
In the Equifax breach incident, the government alleged that the credit reporting agency did not take adequate steps to secure its network, putting consumer data at risk. It seems that even after being alerted about a system vulnerability that impacted an Equifax database, the company did not take timely action to patch up its system.
Later, its security personnel caught on to suspicious activity and found out that hackers had broken into its network via the vulnerable database and were able to access consumer information.
Don’t fall victim to a data breach
You could face financial fallouts and other personal repercussions when your personal information is exposed to criminals. With the growth in the number of smart devices and the variety of information that’s available on social media, there’s even more scope for criminals to infiltrate computer systems.
Making a bad situation worse, breach notices don’t provide adequate input to consumers that would allow them to take necessary action to protect their information, according to the ITRC. And (in the absence of a comprehensive federal law) each state has different standards for how, or even whether, consumers are notified when they have been impacted by a data breach.
If you find out that you have been impacted by a data breach, you can take steps to protect yourself.
- Take a look at your credit reports to see if there is any suspicious activity or transactions you don’t recognize. These sorts of things could mean that someone has appropriated your identity to open accounts in your name. The three major credit bureaus, Equifax, Experian and TransUnion, announced in September that they would continue to offer free weekly credit reports to consumers through 2023, a program they launched in the early days of the pandemic.
- Change any passwords relating to accounts that have been compromised.
- Freeze your credit so unauthorized people cannot open an account in your name. When you do this, credit reporting bureaus cannot release your credit information to lenders without first checking with you.
- If the business that exposed your information offers free credit monitoring services as restitution, you should sign up for it. This is one remedy that Equifax offered relating to its breach.
- If your credit card information has been exposed, contact your issuer and ask it to cancel the card and issue a new one.
If someone uses your information to commit identity theft and use your personal information for their own purposes, you should protect yourself and file a report with the Federal Trade Commission.
The bottom line
Though it’s been several years since the Equifax data breach made headlines in 2017, data breaches continue to impact consumers. With the growth in the number of smart devices and use of social media, there are even more ways today for criminals to break into business systems and gain access to your personal information. If your information has become exposed through a data breach, you should take action to ward off the consequences.