Although the year 2020 brought many aspects of life to a halt, data breaches, unfortunately, were not among them. In fact, according to Forbes, 2020 was unprecedented in the amount of data lost and “sheer numbers of cyberattacks on companies, government, and individuals.” Meanwhile, organizations continually monitor and protect their data while cyber thieves seek out new ways to get it.

You can count yourself lucky if you haven’t experienced the unease of receiving a notice regarding theft of your personal or financial information. Experts estimate the cost of cybercrime will escalate to $10.5 trillion annually by 2025, and by the odds, it is only a matter of time until your personal information is caught in a data breach. It’s smart to understand how best to prevent your personal information from being stolen and what to do if it happens.

What You Need to Know


Most states have enacted legislation requiring notification of data breaches involving personal information, however, requirements vary by state. When you are notified that your information has been compromised as the result of a data breach, read the notification carefully. Make sure you understand what information was exposed or stolen. Your data falls into two categories:

1. Personal information — such as your name, email address, birthdate, or physical address.

2. Financial information – includes financial account numbers, Social Security numbers, and passwords. While any data breach involving your information is disconcerting, by the time you receive notification, the breached company is taking action to resolve the issue. Find out what they’re doing to remedy the situation and take advantage of any assistance they offer, such as free credit monitoring.

An Ounce of Prevention


Organizations are becoming more proactive at protecting their data from cyber thieves; however, you can amplify your security by implementing the following steps to protect yourself.

Strengthen your passwords!

Creating a secure password is the first step in taking control of your password security. A strong password consists of at least eight characters, uses a combination of lower- and upper-case letters, numbers, and symbols. Don’t succumb to the temptation to use the same password for multiple accounts. Additionally, it is recommended that you change passwords that are over a year old, especially if you don’t have two-step authentication in place. Make sure to read “Five Tips for Choosing a Password Manager” so you don’t have to remember a lot of complex passwords.

Brian Elmer holding paper and talking

Adopt two-step authentication

Also called multi-factor authentication, this is an added layer of protection that can slow down or prevent a breach – even if your password is stolen. When it’s available, turn it on. It will prompt you to verify it’s you by sending a code via text or email as you log in.

Beware and reduce information sharing

Cyber criminals rely on fear and vulnerability to access your accounts and will use any means available – phone, email, letters, or text — to extract your sensitive information. Never provide your Social Security number (or other critical data) without being absolutely certain who you are dealing with and why they need the information. Be prudent in disclosing information on social media, as well. Viral social media quizzes may seem like innocent fun, but in reality, they reveal information about you that allows hackers to guess your security questions and passwords on other accounts.

Review your accounts

Check in with your critical accounts at least monthly, preferably weekly. The sooner you recognize questionable activity, the sooner you can notify your financial institution. Frequently reviewing your accounts reduces the risk of financial accountability. Also, never use a public Wi-Fi network to log in to any account that contains sensitive personal information, as these network connections are often unencrypted and unsecured, which leaves your data vulnerable to theft.

Review your credit report

Obtain a free copy of your credit report from each of the three national credit reporting agencies (Equifax, Experian, and TransUnion) every 12 months. Request your reports and find additional information at annualcreditreport.com.

Use a credit monitoring service

Once a company has suffered a data breach, that company is likely to provide free access to a credit monitoring service for a length of time. This service tracks your credit files and alerts you of changes in activity, such as new account openings or address changes.

Set up a credit freeze

Also called a security freeze, a freeze prevents new credit or accounts from being opened in your name. This action helps prevent identity thieves from applying for credit or opening fraudulent accounts in your name, however, your ability to open a new bank account, make large purchases, or apply for a job also are affected. If you have children, consider placing a freeze on their credit reports, as well. According to a study by Javelin Strategy & Research, more than 1 million children in the United States were victims of identity theft in 2017, resulting in $2.6 billion in losses. Families paid an estimated $540 million in out-of-pocket costs because of the fraud.

To place a freeze on your credit report, you must contact each credit reporting bureau separately. When you wish to apply for credit in the future, you will be required to contact all three credit bureaus and follow their specific guidelines to lift the freeze. Individuals can freeze and unfreeze their credit with zero fees.

Actions to Take As a Victim


If you receive notice or suspect that an account has been compromised, you may wish to initiate your recovery with these action steps.

  • Create a personal recovery plan. A good place to start is with the Federal Trade Commission’s tool at identitytheft.gov. This site provides checklists and sample letters to guide you through the recovery process. The service also allows you to track your recovery progress.
  • Issue a fraud alert. This is a notice placed on your credit report that alerts credit card companies and other organizations that you may have been a victim of fraud, including identity theft. Potential lenders and creditors will be required to verify your identity before extending any existing credit or issuing new credit in your name.

To request a fraud alert, you must contact one of the three major credit reporting bureaus. Once you place a fraud alert on your credit report with one of these bureaus, your fraud alert request will be passed along to the two remaining bureaus. Fraud alerts are free and typically expire after 90 days. If you hadn’t already done so as a preventative measure, this would be an advisable time to place a freeze on each of your three credit reports. Unlike a fraud alert, a credit freeze is permanent and stays on your credit report until you unfreeze it. By taking steps to improve your own data security, you’ll be in a better position to protect yourself in the future and act quickly if your data is compromised.