SkipToMainContent

Emerging Threats

What to do after 5 types of data breaches

October 8, 2021

You’ve just heard the news there’s another data breach — and this time your personal information may have been exposed. You might start to panic, trying to find out if you’re one of the victims. Has your information been leaked? What can you do to protect yourself? 

If your personal information has been compromised in a data breach, you could be at an increased risk of identity theft. That’s why it’s important to learn what to do after a data breach.

The steps you should take after a data breach often depend on the category of the breached organization and the type of information revealed. For instance, a healthcare data breach may reveal more sensitive health information and compromise your medical care, while a financial data breach may have more to do with your credit, bank accounts, and other financial-related data.

It’s important to be aware of these five types of data breaches, and how you can help protect yourself against the different types of threats that could follow.

Steps to take after a healthcare data breach

A healthcare data breach occurs when information you’ve provided to your healthcare organization, doctors, or insurance companies has been exposed or accessed by an unauthorized person.

How does this happen? Cybercriminals may infiltrate the computer network in your doctor’s office, hospital, medical lab, healthcare insurer, or any of your medical providers. In some cases, your information could be stolen by medical staff — or unintentionally exposed through poor data security.

If your healthcare information has been leaked or stolen, criminals could use that data to commit various forms of fraud in a medical emergency or for other medical care. This could not only affect your healthcare coverage, but also compromise your safety if there’s misinformation on file when you need medical treatment.

Following a healthcare data breach, there are things you should do to help protect yourself.

1. Get confirmation of the breach and whether your information was exposed.

The first thing you should do is confirm the breach occurred. If you’ve received an email saying there’s been a breach, that isn’t enough — it could be from scammers posing as the potentially breached company in an effort to get your personal information.

Don’t respond to potentially fake emails. Go directly to the company’s secure website or call the company to confirm the breach.

You also will need to find out if your individual information was compromised.

2. Find out what type of data was stolen.

Make sure to find out what types of data were stolen.

Why does this matter? If the only data exposed was your credit card information, you can call your card issuer to cancel and replace your credit card. But if your Social Security number (SSN) was stolen along with other personally identifiable information (PII), that exposed data is more sensitive.

The risk? Such information could enable the thief to assume your identity to see a doctor, visit an emergency room, or use that data in other ways.

This is known as medical identity theft. If your healthcare data then becomes mixed up with your imposter’s, this crime could threaten your health when you seek treatment.

In the case of healthcare data breaches, identity thieves often want information that will help them impersonate you to receive medical treatment, prescription medications, or anything else covered by your insurance. This information could include:

  • Medicare or insurance policy numbers 
  • Social Security number and other personally identifiable information, such as date of birth.
  • Medical treatment and prescription history
  • Billing information, including checking and credit card account numbers

3. Consider accepting the breached healthcare company’s offers to help.

Recovering from identity theft can be costly and time-consuming. If the breached company offers to help repair the damage and protect your personal information for a certain amount of time, consider accepting the offers.

4. Change and strengthen your online logins, passwords and security Q&As.

Immediately change your online login information, passwords, and security questions-and-answers for the breached accounts — along with any other accounts that have similar login information and passwords.

Implementing two-factor authentication can help if someone has your password who shouldn’t. That’s because two-factor authentication adds an additional layer of protection after you enter your login credentials. For instance, you might be sent a security code to your smartphone. You enter the security code online to access your account.

If you want more help with this, password managers can be an additional layer of protection.

Keep in mind if you start receiving notices of password changes to your current accounts or find yourself locked out of your accounts, it could be a sign that one or more cybercriminals have attempted to access your accounts. It’s a good idea to act quickly to investigate the problem.

5. Contact the right people and take additional action.

If sensitive personal information like your Social Security number was stolen, you could become a victim of identity theft or fraud.

Trying to stay ahead of identity thieves by keeping up with your medical records and healthcare providers is important. Here are a few things you can do:

  • Ask your doctor’s office for copies of your medical records to see if your identity has been used fraudulently. This might show if inaccurate health and medical information is present in your records, indicating that someone posed as you and saw your doctor. More broadly, be sure to check the benefit statements from your healthcare insurance provider. The statements would show evidence of heathcare fraud, indicating doctor visits and care that aren’t yours, as well as dates and other details.
  • Ask your health care providers for a list of anyone with whom they’ve shared your protected health information. Medical providers are required under federal law to provide this accounting record free of charge once every 12 months upon request. 
  • Contact any medical facilities that have asked you for payment for services you didn’t receive and alert them that you may have been a victim of identity theft or mistaken identity. You could ask them what service was provided and prove you didn’t receive it. 
  • Check in with your Healthcare Savings Account (HSA) and Flexible Spending Account (FSA) to make sure thieves aren’t trying to use your benefits.
  • Check your credit reports at the three major credit bureaus. (More on this below.) You’ll want to make sure thieves aren’t using your credit cards, racking up charges, and damaging your credit history. This could involve cancelling your current accounts and opening new ones with unique, strong passwords. You also can place a fraud alert or security freeze on your credit accounts to help prevent thieves from using your information later on.

After checking your medical and credit reports, you may find you’re the victim of identity theft. If so, it’s smart to file an Identity Theft Report with the Federal Trade Commission.

If your Medicare or Medicaid information has been stolen, you’ll need to call their hotline: 1-800-MEDICARE (1-800-633-4227).

Also, you should file a police report in your local jurisdiction.

6. Stay alert; monitor your accounts closely.

Staying alert and watching for signs of new account activity is important. For example, you may receive a variety of signals that someone is using your PII to receive healthcare services in your name. This could include:

  • Bills and collections calls for medical services you didn’t receive. 
  • Unfamiliar collections notices on your credit reports. 
  • Notices from Medicare or other health insurers that you’ve reached your plan limit.
  • Denial of coverage because of misinformation.

Consider collecting current copies of your medical records — and those of your family members — from all of your doctors, healthcare providers, and insurers. If any information on your records is incorrect, it’s important to fix it.

Also, don’t throw away any bills or notes from healthcare providers you don’t recognize. They could signal and prove that your healthcare benefits are still being used fraudulently.

In addition to monitoring any changes to your medical and insurance accounts, keeping tabs on your financial and credit accounts is important. Identity thieves may have enough sensitive information to use your existing accounts or create new ones in your name.

Steps to take after a financial data breach

A financial data breach occurs when a company exposes financial information like your credit card or bank card account information.

If a cybercriminal uses your PII such as your Social Security number for financial gain, you’re a victim of financial identity theft.

Using a combination of your name and other personal information, the fraudster may fill out applications for loans, credit cards, or bank accounts or withdraw money from your accounts. Possible crimes might encompass credit card fraud, bank fraud, computer fraud, wire fraud, mail fraud, and employment fraud.

Victims of a financial data breach can take steps to help protect themselves against financial fraud and identity theft, and help prevent fraudsters from successfully using exposed personal information.

1. Get confirmation of the breach and whether your information was exposed.

Your first step? Contacting the source of the leak is the first step. Confirm there was a breach at the company and find out if your information or online account was accessed.

It’s important to act quickly to seek this information. One reason why? If you don’t, you might receive false information from scammers pretending to be the breached financial company and trying to get more of your information.

To help be informed, it’s a good idea to directly contact the breached company. A breached company may also set up a portal that provides breach-related information for their customers.

2. Find out what type of data was stolen.

Find out what information was exposed. It’s easy to replace a credit or debit card, if that’s the only data that was leaked. But if your Social Security number and other sensitive data like your bank account information and passwords have been stolen, all that data could make it easier for thieves to use your identity to commit fraud in your name.

Any financial breach in which a large amount of sensitive information is exposed could increase the risk of identity theft for months or years to come.

3. Accept the breached company’s offers to help.

Whether it’s a bank, credit card company, or other financial services company, a breached company might offer ways to help protect you against identity theft. Consider taking it. If your personally identifiable information and Social Security number were exposed, monitoring your credit and finances will be important.

In some cases, victims will be offered free credit monitoring and identity theft protection services.

4. Change and strengthen your online logins, passwords and security Q&As.

It’s important to change passwords and any other information the hackers may have for access to your accounts or to use in identity theft. Taking steps to prevent their use of this information can help limit future exposure.

5. Contact the right people and take additional action.

Contact your bank and credit card account companies immediately.

If someone has unauthorized access to your bank account, you’ll want to close that account and open a new one with a new account number. You’ll also want to work with the bank to resolve any fraudulent transactions.

If someone has stolen your credit card number, contact the issuer to alert them to any fraudulent charges. Ask them to close the account and issue you a new card.

Contacting at least one of the three major U.S. credit reporting agencies — Equifax, Experian, and TransUnion — is important in the event of a financial data breach.

Cyberthieves may have gathered enough sensitive information to use your current credit cards and open new ones. It’s a good idea to take immediate action to make sure fraudulent use of your credit and finances stops before it gets too widespread.

Here’s how to contact the credit bureaus.

  • Equifax
    Equifax Alerts
    888-766-0008
    Equifax Consumer Fraud Division
    P.O. Box 740256
    Atlanta, GA 30374
  • Transunion
    TransUnion Fraud Alert
    888-909-8872
    TransUnion Fraud Victim Assistance Dept
    P.O. Box 2000
    Chester, PA 19016

6. Stay alert and monitor your accounts.

If you spot suspicious or unfamiliar transactions on a bank or credit card account, you could be the victim of financial identity theft.

Here’s an action you can take. Ask the credit bureaus to place a fraud alert on your credit file. A fraud alert lasts for 90 days. Or, if your SSN and other more sensitive data is included in the information stolen, you could place an extended, seven-year fraud alert.

You also can put a freeze on your credit reports and watch for any activity that isn’t yours. A credit freeze works by blocking new lines of credit from being opened by blocking anyone (including you) from obtaining new credit using your information until you lift the freeze.

After checking your credit reports, if you do find you’re the victim of identity theft, you should file an Identity Theft Report with the Federal Trade Commission.

Also, it’s a good idea to file a police report in your local jurisdiction.

Steps to take after a government data breach

A government data breach occurs when confidential information is stolen or unintentionally exposed or leaked from federal, state, or local government agencies. This includes the military.

Government data breaches can be especially harmful if the information compromised includes more sensitive information like your Social Security number and birthdate.

Fraudsters may use your personal information in interactions with the government. One example is tax-related identity theft or tax refund fraud, also known as stolen identity refund fraud.

This type of fraud occurs when a thief uses your SSN and other personal information to file an income tax return in an attempt to claim your tax refund. This amounts to stealing money from the U.S. Treasury and could delay any tax refund due to you.

If you’re the victim of a government data breach, there are steps you can take to help protect yourself.

1. Confirm there was a breach and whether your information was exposed.

Contacting the breached agency is the first step. Confirm that there was a breach, and whether your information is involved.

2. Find out what type of data was stolen.

Check what type of information was exposed. Government agency breaches might expose information that includes personally identifiable information such as SSNs, taxpayers’ payment information, and voters’ information.

3. Accept the breached entity’s offers to help.

If the government agency offers help, consider taking it. If your PII and SSN were exposed, monitoring your credit, finances and identity will be important.

4. Change and strengthen your online logins, passwords and security Q&As.

It’s important to change passwords and any other information the cybercriminals may be able to use to gain access to your accounts or use your identity. Implementing two-factor authentication can help block access to your accounts, even if they have your login credentials.

5. Contact the right people and take additional action.

If sensitive data like your Social Security number and other personally identifiable information were exposed, you may need to contact several government agencies. These may include the Internal Revenue Service (IRS), the Social Security Administration (SSA), the Federal Trade Commission (FTC), and, in some cases, the Department of Justice.

6. Stay alert. Monitor your accounts closely.

Once thieves have your sensitive data, they may be able to access existing accounts and create new ones. Monitor all of your accounts closely and look for suspicious activity.

Steps to take after an educational data breach

Breaches at educational institutions have been increasing. Universities are often targeted because they collect a lot of sensitive data on students and their parents, faculty, and staff to fulfill the many obligations of applications, financial aid, attendance, and employment.

Students who are starting out on their own may be especially vulnerable. They may be managing their finances and other accounts for the first time.

Cybercriminals may target students to steal their identities, because students likely possess cleaner credit and finance histories.

Also, students may be vulnerable to hackers and malware if an institution doesn’t have robust, up-to-date security systems in place.

Given these considerations, there are several steps university staff, faculty, students, and their families should consider in the event of an educational data breach.

1. Get confirmation of the breach and whether your information was exposed.

The first thing faculty, staff, and students should do is contact the school to confirm there has been a breach and to see if their information was exposed.

2. Find out what type of data was stolen.

Victims should ask what kind of data was exposed to determine the level of data sensitivity and the extent of data stolen. Why is this important? If a student’s Social Security number and other personally identifiable information has been exposed along with financial information, the student will have to report not only to their college, but also to entities like their banks and credit bureaus.

Because educational institutions collect a lot of personal information, identity thieves may access a lot of data to commit cybercrimes. Universities may collect names, birth dates, addresses, driver’s license numbers, Social Security numbers, bank accounts, credit card accounts, and university ID numbers.

3. Accept the breached institution’s offers to help.

If a school offers to help with credit monitoring and other clean-up costs, consider taking them up on it. Taking measures to repair the damage caused by identity thieves — and help with future protection — can be costly and time-consuming.

Here are a few examples of what thieves can do with students’ personal information.

  • Gain access to those students’ email accounts and other accounts. 
  • Gain access to students’ devices through those accounts.
  • Use this knowledge maliciously to target students with spam, phishing emails, and malware.

4. Change and strengthen your online logins, passwords, and security Q&As.

Change your passwords immediately. This can help prevent thieves accessing your current accounts.

Next step? Check to see if new accounts have been opened. Given the many accounts students and staff may have at educational institutions, this could take time and effort — but it’s important. When hackers obtain certain pieces of information and gain access to one account, this access may enable them to infiltrate or open other accounts.

Keep in mind, even if the data compromised in one breach isn’t your Social Security number or other more sensitive information, cybercriminals could combine this information with sensitive data they access from other breaches.

That’s one reason why it’s a good idea to change your passwords and login credentials and monitor your accounts frequently.

5. Contact the right people and take additional action.

In addition to contacting the university directly to find out what happened and what steps they’re taking to help, victims will have to reach out to several other entities. Why? If personally identifiable information like their Social Security numbers have been stolen, along with other personal data, identity thieves can use this to create several other frauds.

Here’s a list of organizations you should consider contacting.

  • Credit bureaus and financial companies.
  • The IRS, in case identity thieves try to collect tax reimbursements in your name.
  • State and local law enforcement agencies, if cybercriminals committed crimes in your name.

6. Stay alert. Monitor your accounts closely.

Cybercriminals sometimes store your information to use months, or even years, after a breach. This might give you a false sense of security that you won’t become a victim of identity theft.

Cybercriminals may pool your information to gain access to even more of your accounts. They also can sell your data on the dark web for others to use now or later.

Because your sensitive information is out there, it’s smart to monitor your accounts closely and keep tabs on any new accounts or financial transactions that have been made in your name. This is another reason to consider accepting free help such as credit monitoring when it’s offered. But keep in mind, many offers will only monitor your accounts for a limited time.

Steps to take after an entertainment data breach

An entertainment data breach occurs when your personal information has been compromised at companies like video game developers or concert and sporting event ticketing services. How does it happen? A leak from inside the company — either intentionally or mistakenly, poor data security, a faulty program, malware, or other scams by hackers.

1. Confirm the breach and whether your information was compromised.

Take action quickly. Be proactive and contact the breached company. Confirming whether your data is part of the information exposed can determine your next step.

2. Find out what type of data was stolen.

It’s important to find out the sensitivity of the data stolen. That information will guide your next steps. Here’s an example.

Knowing what data was exposed could mean the difference between monitoring your accounts for unauthorized activity or taking additional actions like placing a credit freeze on your accounts.

3. Accept the breached company’s offer(s) to help.

Find out how the breached company is offering to help. For instance, it may offer credit monitoring or identity theft protection services. Consider whether the services are right for you.

You’ll have to decide whether the services are adequate or whether you should take additional steps to help protect yourself against identity theft.

If the breached company doesn’t offer much to help protect your information after a data breach, it’s smart to monitor your credit, consider identity theft protection, and other appropriate steps.

4. Change and strengthen your login credentials, passwords, and security Q&As.

Changing your passwords and ensuring they are strong can help protect your accounts. That includes strengthening your login credentials, passwords, and security questions-and-answers, as well as implementing two-factor authentication if it’s available.

5. Contact the right people and take additional action.

It’s a good idea to reach out to the breached company quickly. If the company isn’t willing to help or has not yet helped with your recovery, contacting other organizations is your next step.

To start, you can obtain free credit reports from AnnualCreditReport.com to watch for any suspicious or unfamiliar credit activity over the following months and years. Also, consider placing a fraud alert or credit freeze on your accounts with the three major credit bureaus, depending on the sensitivity of the data stolen.

If other methods of recovery and protection aren’t enough, you may decide to join a class action lawsuit.

6. Stay alert; monitor your accounts closely.

It’s a good idea to be proactive after a data breach. Monitor your accounts for suspicious activity. Keep in mind, cybercriminals sometime combine information from different sources to commit identity theft.

For instance, if cybercriminals access your Social Security number and a few other pieces of personal information, they may be able to commit a variety of crimes. This may include filing a tax return to collect your tax refund, collecting benefits and income, making purchases, setting up phone numbers and websites, establishing residences, using health insurance, and committing other crimes — all in your name.

Data breaches can lead to identity theft and other types of fraud. And it can take time and effort to untangle the mess.

That’s why it’s smart to know what to do after a data breach. If you you’re a victim of a data breach, taking these steps can help protect yourself against identity theft now and possibly in the months and years to come.

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.