Heads Up: Dealing with data breaches

Data breaches are a problem – and not just for the businesses and organizations whose computer systems get hacked.

< Back to Articles
Security

By Joel Dresang

Data breaches are a problem – and not just for the businesses and organizations whose computer systems get hacked. Anytime personal data leaks out, there’s a chance for individuals’ private, sensitive information to be shared. Identity thieves can feast on harvested data, using it to borrow, withdraw and spend money in someone else’s name.

“(P)eople are now living more of their lives online, meaning that corporations, governments, and other types of organizations collect more and more personal data — sometimes with little choice from individuals,” a researcher from the Massachusetts Institute of Technology wrote in a recent report. “And because people’s most personal data can be exploited and sold for a significant profit, it’s become a growing target for cybercriminals.”

Your best one-stop resource:
IdentityTheft.gov, from the Federal Trade Commission

Based on public reports compiled by the nonprofit Identity Theft Resource Center, U.S. organizations suffered a record 3,122 data breaches in 2023. In the last three years more than 6 billion personal records were affected by breaches, the MIT report estimates. The federal Bureau of Justice Statistics has found that individuals whose information is lost in a data breach are twice as likely to be victims of identity theft, which in 2021 cost 24 million Americans $16.4 billion.

Overall, there’s precious little you can do to prevent your information from being leaked through data breaches. However, you can limit your losses from the fallout.

Here’s some advice from the nonprofit Identity Theft Resource Center and IdentityTheft.gov:

  • Upon receiving notice of a breach, log in to the affected account and change your password and username. Use a strong password that it is unlike any of your other passwords.
  • Contact the breached entity directly to learn what other protections you can arrange, such as enabling multifactor authentication and changing your account number.
  • If the account requires security questions, update your security questions and answers.
  • If possible, request removing or altering personal information affiliated with the account.
  • Monitor your affiliated account statements for fraudulent activity. Review recent statements and scrutinize ongoing. Report suspicious transactions to the organization.
  • Access your free credit reports from annualcreditreportcom. Look for accounts or charges you don’t recognize.
  • Consider placing a free credit freeze to make it harder for an ID thief to open a new account in your name. (The freeze might add extra steps when you apply for a car loan, credit card, cell phone or anything that requires a credit check.)
  • If you don’t place a credit freeze, at least consider placing a fraud alert.

Joel Dresang is vice president-communications for Landaas & Company.

Learn more:
What to do If You Receive a Data Breach Notification? from the Identity Theft Resource Center
Identity Theft, from the Criminal Division of the U.S. Department of Justice
How to be safer online: Passwords, a Money Talk Video with Jason Scuglik

(Heads Up is an occasional alert on consumer and investment scams.)
--
(initially posted March 28, 2024)