Data Privacy: Resources for Losses and Compromises

Data breaches have become more common with more of our lives and business being conducted online. Being affected by a data breach can be alarming, and in the worst-case scenario, it can lead to identity theft and financial complications. But if you know what to expect, and take a few simple steps to protect yourself and stay vigilant, you can overcome the risks and hassles of a data breach.

Below are a few tips to protect your personal data as well as resources and steps you can take if you feel you or a company you do business with may have suffered a data breach.

Protecting Your Personal Data

Resources and Steps To Take After Personal Data is Compromised

If you believe you or a company you do business with has suffered a breach, consider taking the following steps to protect yourself.

    • Sign up for two-factor authentication: In addition to changing your passwords, sign up for two-factor authentication (also known as “2FA" or “two-step verification") wherever possible. This is an added layer of security for your account logins, and many services such as Gmail and Facebook now offer it. With two-factor authentication, your online account will require you to enter an additional level of identification to access your account – such as a code texted to your phone. This means that even if hackers get your email and password, they can't get into your account without that second factor of identity verification.
    • Check for updates from the company: If your data is involved in a major data breach, the company will likely post ongoing updates and disclosures about which customers were affected. For example, after a recent Facebook data breach, the company automatically logged out the users whose accounts were affected and sent them messages via the platform about what had happened and what to do next. After the Equifax data breach, the Federal Trade Commission (FTC) offered a series of advisories and steps that people could take to protect themselves.
    • Watch your accounts, check your credit reports: After a data breach, it's essential to be vigilant and pay extra attention to your account activity – that includes your account at the company that suffered the breach, as well as your bank account and other financial accounts. Read your credit card statements and watch for suspicious transactions. Also, sign up for your free annual credit report to check your credit reports from each of the three credit reporting bureaus.
    • Consider identity theft protection services: If you want additional peace of mind, you can consider signing up for identity theft protection services. However, these services are not cheap, and you can do many of the actions yourself. Often when there is a significant data breach, the company involved will give affected customers a free year of credit monitoring.
    • Freeze your credit: Another step you can take, whether you're affected by a data breach or not, is to freeze your credit. You can do this by contacting each of the three credit bureaus (Equifax, Experian, and TransUnion) and asking to freeze your credit. There is no cost to freeze your credit, and it will prevent any new credit accounts from being opened in your name. Even if identity thieves have access to all of your personal data, they can't open new accounts under your name if your credit is frozen. The only drawback of freezing your credit is that it prevents you from applying for new credit too – so don't do it if you are expecting to need a new car loan, home loan, or credit card account. You can un-freeze your credit at any time.
    • Go to If you are affected by a data breach, there is a government website that can help you assess the situation and understand your options for what to do next. There are a variety of resources with tips and advice on what to do if your personal information was lost or stolen.
    • Change your passwords: In the aftermath of a data breach or if you believe your username and password were compromised, it's especially important to change your passwords to something strong, secure, and unique. Best practice is to:
      • Keep changing your password on a regular basis
      • Have multiple “passwords," not just one. Do not use the same password for all of your online accounts.  
      • Create a “strong” password that is at least 8 characters with a mixture of letters, numbers, and symbols.
      • Consider using a password manager to help generate and keep track of your passwords.