Skip to content

What Should I Do After a Data Breach?

Monitor your statements closely and be alert for scam emails

En español | Q. I've just been informed by my credit card company that there was a security breach and that I should monitor my account for suspicious activity. What else should I do so I don't fall victim to identity theft?

A. Security breaches like those announced this year by Sony, Lockheed Martin, NASA, Citigroup and other businesses and public agencies are a growing problem. Hackers get inside a big institution's computers and steal confidential information about thousands of people.

See also: Are credit monitoring services worth the money?

Hackers can steal personal data with just one attack on data bases

Photo by Age fotostock

You can use a credit freeze to fight identity theft.

According to the nonprofit U.S. Public Interest Research Group, many institutions are not adequately protecting this data.

Most states have enacted legislation requiring organizations to notify consumers of such breaches, with 48 states and the District of Columbia allowing them to put a freeze on their credit reports to keep thieves out.

The Obama administration favors federal legislation that would override the state laws and create a national standard for cybercrime and notification of its consumer victims. American Bankers Association spokesman Doug Johnson says a single national standard would be less confusing and more effective for banks and their customers.

But the Public Interest Research Group contends that such a bill would water down tough state laws and ultimately harm consumers.

In the meantime, because there has been a breach of your data, be particularly suspicious of any email requests for confidential information, even if they appear to be from firms you do business with. These messages could be from scam artists who have stolen some confidential information about you and are trying to get the rest of what they need to commit fraud or identity theft.

Even without word of a breach, it's good to treat these kinds of messages carefully. When in doubt, look up the phone number of the bank or company that the email is supposedly from, then call to ask. And do check your financial statements regularly to make sure all transactions are legitimate.

Also of interest: Safeguard your personal information. >>

Carole Fleck is a senior editor at the AARP Bulletin.