Guide For Victims of a Data Breach

If you are the victim of a data breach, you may be wondering what your next steps should be. Some questions you may have include:

• What can a hacker do with my information?
• How can I protect myself from identity theft?
• Why did a company I trusted let this happen?
• Will this impact my credit or my job?
• Can criminals steal my benefits or apply for loans in my name?
• Do I have any options to be compensated for this?

Our consumer privacy lawyers have put together a list of steps you can take to lessen the impact and protect yourself from identity theft in the aftermath of a data breach. These steps are simple to follow and won't cost you a dime. The time it takes to do them, even for the busiest victims, is worth the protection they provide.

Here are 9 tips from our data breach lawyers:

1. Read the Data Breach Notification Letter

Upon receiving a data breach notification, it’s critical to take the matter seriously rather than dismissing it. It’s essential to thoroughly read the entire letter, despite the often unhelpful and irritating language, rather than just skimming it.

These notifications often use vague language, hinting at potential unauthorized access or data exposure without providing specifics. Companies typically claim a strong dedication to data security and express regret, but without concrete proof of data safety, leaving room for unfounded reassurance. It's important to note that a lack of evidence of misuse does not guarantee safety, especially when the full scope of the breach remains unclear.

Any data breach notification should detail the types of information leaked, which is critical to understand the risks you may face. Knowing whether your name, address, Social Security number, financial details, or other sensitive data have been compromised can help you gauge the severity of the breach and tailor your response accordingly. While notification letters usually frame this information as a maybe, you should assume that anything that might have been leaked was leaked.

File the letter away someplace safe. If you become a victim of identity fraud or decide to pursue a data breach lawsuit, the letter will be important. 

2. Contact The Parties Who Are Relevant To Your Breached Information

That notification letter helps you understand the risks you face by detailing the type of information that the leak compromised. For instance, you may need to change your financial account credentials and request new credit and debit cards if your financial information was compromised. There are also many people you’ll want to contact if you suffered a breach of healthcare data, your Social Security number, or any significant personal data. 

If A Hacker Stole Your Social Security Number:

If a malicious actor is able to steal your SSN through a data breach, you could have to deal with all sorts of harmful consequences. The most obvious danger is that someone would open lines of credit and bank accounts under your name, or access and drain your existing accounts. However, they could also use your SSN to falsely identify themselves as you if they commit a crime, or they could obtain medical care under your name. If your SSN might have been stolen, reach out to the following organizations: 

• IRS
• Department of Justice
• Federal Trade Commission
• The Social Security Association

Handling Leaked Financial Data:

Financial information is one of the most common types of compromised data, especially in retail data breaches. This includes information such as:

• Bank account, credit, and debit card numbers
• Security codes on credit and debit cards
• Billing information (addresses, names, ZIP codes)
• Login credentials and PINs
  

If there’s any likelihood that your financial accounts have been compromised, it’s important to either close and reopen the affected account or change your security credentials. While it might be a hassle to deal with now, it’s much better than having to resolve fraudulent payments in the future. Make sure to review the financial activity on your accounts so that you can detect any fraudulent activities. 

After a Healthcare Information Breach:

Health and healthcare information are surprisingly lucrative targets for hackers. Not only does this expose a person’s medical history, but it can potentially put their personal information and SSN in the wild as well. The information at risk from a healthcare data breach includes:

• Demographic information
• Medical account information including Medicare and Medicaid numbers 
• Medical history and related records, including diagnoses and treatment history
• Information on your prescriptions and healthcare provider 
• Age, date of birth, SSN

If it’s possible that your SSN or financial data were stolen via a healthcare breach, make sure to follow up with the relevant organizations. When it comes to healthcare-specific information being stolen, though, you’ll want to take the following steps:

Contact Your Healthcare Providers And Relevant Third Parties

For starters, ensure that your healthcare providers, healthcare billing services, and other third parties know about the breach. By informing them, you’ll help to prevent any wrongful use of your health insurance. The next step is to request your medical records so that you can see if any fraud has already occurred. 

Your Health Insurance Provider

Notify your health insurance provider of the data breach right away. If there are any reports of medical services that you don’t remember receiving, report them to your health insurance provider. You should also be able to replace your compromised account, as to help restore your privacy and prevent theft of your benefits. 

Administrators of Health-Related Accounts (HSAs and FSAs)

If a cybercriminal has stolen your health information, they might be stealing your healthcare savings benefits. Regularly monitor your accounts and look for any illegitimate activity, and make sure that there are no improper changes in your balance. Change your login credentials as soon as possible, as well. 

Unrecognized Medical Bills: 

If you receive such a medical bill for services you didn’t receive, don’t ignore it. Instead, reach out to the billing company so that you can inform them of the data breach and the fraudulent use of your benefits. While you’re at it, ask for copies of records related to the unrecognized bill. After all, proving you didn’t receive that service is an important step to avoid the consequences of medical information theft. 

If You Experience Identity Theft:

File a police report at the first sign of identity theft. After that, file an Identity Theft Report via the FTC (Federal Trade Commission). This organization is responsible for consumer protection, and they’ll provide you with an account, a plan to restore the integrity of your identity, and other assets to help you deal with identity theft. Filing this report also qualifies you to place an EFA (Extended Fraud Alert) on your credit accounts. For the next seven years, your credit reports will have extra security to help deter credit fraud on your accounts. 

3. Accept Offered Credit Monitoring and Identity Protection Services

According to CNBC, the 2019 Equifax breach settlement involved ten years of credit monitoring for the victims. While not all benefits are this long-lasting, they’re all worth making use of. While some people decline to use the services, this is a big mistake. Making use of these services can go a long way in helping you protect your identity, and there’s no downside. You still have the right to pursue legal action against the company, and it won’t weaken your case if you accept any assistance they offer. 

With that said, there are two important caveats when it comes to these credit monitoring services. First of all, you need to affirmatively opt-in to the services, they don’t take effect automatically. If you don’t opt in, there’s no protection. Second, their protection is helpful but it isn’t everything. It often only lasts for a year or so, and even in that time, it’s not a replacement for the other steps on this list. 

4. Change Your Login Credentials

Changing all of your passwords is a hassle, but it’s necessary after a data breach. If one of your accounts has been breached, then that means that your name, email address, at least one password, and any security questions are available too. This might be enough for a cybercriminal to crack your other accounts. Likewise, activate security features such as two-factor authentication to add an extra layer of security to your accounts. 

There are several great resources you can use, such as Have I Been Pwned (recommended by Consumer Reports) to help secure your accounts. Another helpful tool to try is a password manager, which helps you generate and store strong passwords without having to memorize any of them. 

5. Set Up a Fraud Alert

A cyberattack doesn’t always need to compromise your SSN to put your credit at risk. You never know what personal information of yours is already out in the wild. It’s possible that your Social Security number is already in the hands of criminals, and that a leaked password is just the puzzle piece to make it all the more dangerous. As such, you should react to a data breach by requesting a fraud alert from the largest credit bureaus:

• Equifax
• TransUnion
• Experian

6. Check Your Credit Reports.

After you notify the primary credit bureaus of the breach, send in requests for copies of your credit report. This should be available for free, and you’ll be able to examine them for any suspicious activities. If you find any unfamiliar activities on your credit report, contact the credit bureaus to correct the error as soon as possible.

7. Freeze Your Credit, If Necessary

Consumers have the right to freeze their credit accounts free of charge. In doing so, you prevent anyone from opening lines of credit in your name. If you need to access credit you can lift the freeze temporarily, and you can remove the freeze when you feel ready to do so.

8. Monitor Accounts for Suspicious and Fraudulent Activity

Protecting your identity is an active process. Even after you complete all of these precautions, there’s no replacement for staying vigilant and watching out for fraudulent activities on your accounts. This is always a good habit to have, and it's a habit that's worth developing even more if you've become the victim of a data breach.

9. Contemplate Pursuing a Data Breach Lawsuit

There’s little that’s more frustrating than becoming the victim of a data breach. The violated sense of personal privacy, the risk of financial harm, and the time you spend cleaning up the mess are all terrible. What makes it even worse is that many data breaches are preventable, and originate from human error or inadequate preparation.

Losing your data doesn’t automatically make a company liable. After all, it’s possible for a company with an outstanding security system and good data practices to still suffer a breach. However, there are several types of malpractice that could make a company liable for the emotional and financial harm you suffer as a result of the leak.

Did The Company Take Proper Precautions?

Cybersecurity isn’t a new issue – hackers have been causing more and more breaches every year. As such, it’s known that companies need to incorporate software precautions, organizational measures, and employee training to minimize the risk of a breach occurring. However, maintaining comprehensive data security measures takes time and money, and many companies aren’t interested in the expense. If weak security contributed to the leak, you may be entitled to compensation.

Did the Company Notify You Promptly? 

Admitting to a data breach is a PR disaster for many companies. As such, they often avoid notifying those affected by a breach until months have gone by. When your personal data is at risk, every day counts. Each day that goes by without you taking precautions to protect your identity increases your chances of suffering identity theft, breached accounts, and other issues. This is why failing to properly inform customers of a breach may make the company liable, even if it wouldn’t be found liable for the original breach. If this or any other sort of malpractice contributed to the breach, our data breach lawyers can help you get justice.

Get In Touch With a Data Breach Lawyer

Sometimes no lawsuit is necessary after a data breach. However, it’s always advisable to reach out to a data breach class action lawyer if you’ve been a victim of a data breach. They can offer insightful advice on how to handle your leaked information while investigating any potential wrongdoing on the part of the company. We offer a free data breach consultation that can help you decide whether or not legal action is the right choice for you.