Skip to content

As you sort your mail on a typical day, opening Amazon packages and quickly tossing any junk, suddenly you discover you have been the victim of a data breach.  Perhaps this is the first letter you have received informing you that your personally identifiable information (PII) has been compromised, but for many clients I have spoken with recently, it may be the 2nd or 3rd letter they have received within the past year. 

As cyber-attacks become more common, you may be tempted to say, “C’est la vie,” and simply hope for the best.  But, there are steps you can take both proactively and reactively that help ensure you are controlling the things you can so that you can worry little about the rest.

As a guardian of your own data, you are one of the first lines of defense against scammers.  For helpful tips and essential reminders, check out Jonathan Millican’s recent blog post, Avoiding Scream-Worthy Scams.

For day-to-day business, it is often necessary to provide our PII to third parties, and hopefully, they are taking strong measures to protect it.  But once a data breach occurs, there is not an easy fix.  Should you be the recipient of a data breach letter, it is essential to NOT simply toss it aside, but rather read it thoroughly to understand WHAT information was targeted and HOW the company is responding to the compromise. 

The Federal Trade Commission (FTC) lists steps to take depending on what information was exposed at https://www.identitytheft.gov/#/Info-Lost-or-Stolen.  For example, if your Social Security Number (SSN) was exposed, it can now be used to open new accounts in your name.  On the other hand, if your credit card or bank information is uncovered, a hacker may be able to charge those accounts for fraudulent purchases, and therefore, you may need to close these accounts.  In instances where your online information (user IDs and passwords) was released, criminals may now be able to access additional PII using your login credentials, so this information must be changed/updated immediately.

Once you have determined WHAT information has been exposed, the letter may address steps it has taken to assist you, such as providing monitoring services for a period of time.  Some of these services focus solely on credit monitoring, looking for any changes within your credit reports, while others take additional steps to monitor and alert you for any use of your PII on any sites across the web (ex., data sold on “dark” website, criminal activity, etc.).

So, what should you do?

  1. Take advantage of any free monitoring services offered.  You will be required to opt-in, as this service is not provided automatically, and typically there is a deadline to enroll.  This is a great start, as it will help you monitor for any changes that may occur over the time the service is provided.
  2. Place a freeze on your credit to limit anyone from opening unauthorized accounts.  This step places YOU in control of opening new loans or lines of credit by preventing access to your credit report.  And it should be noted that you do not have to wait until a data breach occurs to take this step; you can place a freeze proactively.
  3. Change your passwords frequently and enable two-factor authentication where possible.  While it can be frustrating to keep up with multiple passwords, two-factor authentication provides an additional layer of security by requiring a text/email/app code before allowing access to a website.
  4. Self-monitor your credit and bank statements for any unknown activity.  Even taking the steps above, it is crucial to monitor your accounts and watch for any transactions that you did not authorize. 

Last, if you have been the victim of identity theft, be sure to file a report at https://www.identitytheft.gov/#/.  The FTC will provide additional resources, such as a recovery plan.  A data breach is a lot like spilt milk – you can’t get it back in the container, but there are steps you can take to clean up the mess.  If you need assistance or would like more information, contact a Bridgeworth advisor today.

Bridgeworth Wealth Management is a Registered Investment Adviser.