6 Steps to Take Right After a Data Breach

When an organization that retains your personal information suffers a data breach, you need to know what steps to take—and quickly. The steps will vary, depending on the severity of the breach and the sensitivity of the information exposed. But first, you need to consider your specific situation and ask the following questions:

• What type of data breach occurred?
  
• Was my information exposed in the breach?
• Has my Social Security number and other sensitive personally identifiable information (PII) been stolen, or is the exposed data more limited?
• Are the cybercriminals doing anything with my PII yet, such as using it to commit identity fraud?

To help you in the event of a data breach, we’ve put together this handy 6-step checklist. 

Your Data Breach Response Checklist

1. Find out what type of data was stolen.

Why does the type of information exposed matter? While stolen credit cards and the like can be easily cancelled and replaced, it's difficult to obtain a new Social Security number. And cybercriminals can do a lot more with your SSN and other unique, sensitive PII than they can accomplish with an email or credit card account.

2. Change and strengthen your online logins, passwords and security Q&A.

It's important to immediately change your online login information, passwords, security questions-and-answers for the breached account(s)—along with your other accounts if they have similar login information—to contain the damage. This step is especially important if your email account has been compromised. Take time to ensure that you have strong and unique passwords across all your online sign-ins, using a password management tool like Norton Password Manager. 

3. Contact the right people and take additional action.

This is where the type of data stolen really comes into play. If your credit and/or debit card information was stolen, you should reach out immediately to your bank to cancel your card and request a new one. However, if personal information like your Social Security number was exposed, it may be easier for you to become a victim of identity theft. The FTC recommends considering a credit freeze for your accounts with the three major credit report agencies so it’s more difficult for someone to open a new account in your name.

4. Ensure your information is up-to-date with Norton.

Your information should be your own, from your Social Security number and credit card numbers to your email. So, if we find the personal information you provide to us, for sale on the Dark Web, we will alert you.

5. Always remain vigilant and monitor your accounts closely.

It's important to watch for signs of new activity in the wake of a breach. Check your accounts regularly for suspicious activity. In cases where a Social Security number is compromised, cybercrimninals have been known to wait years before using it, and when you least expect it, so always remain vigilant.

6. File your taxes early.

If your Social Security number has been exposed or you just want to take precautionary measures, you may be able to beat cybercriminals to the IRS by filing your taxes early, making it less likely they will be able to obtain a tax return in your name.

For more details, visit the FTC's identity theft website.