Wednesday, 4 August 2021

Target, Home Depot, LinkedIn and many other large companies have been victims of data breaches in recent years.

And when a big brand experiences a data breach, there's a chance that all of its customers' or users' personal data has been compromised.

In most cases, the brand will send a letter to potentially affected customers to let them know of the breach. But if you receive such a letter, it can be difficult to know what steps you should take. Instead of panicking, take a deep breath and start going through the following five steps.

1. Find out what damage was done

Read the details of the data breach to find out what kinds of personal data were stolen. It could be financial data, social media account login information, healthcare information, or other types of personal data. In most cases, cyber thieves steal personal information and then try to sell it to other criminals on the dark web. You can verify whether your personal information was included in a breach by searching for your email address or phone number on Have I Been Pwned?, a website that tracks breaches to help consumers learn about the damages.

It is also a good idea to order your credit reports from all three credit bureaus. You can do this at Look closely for unauthorized accounts and credit inquiries.

2. Contact your bank

If you believe any of your financial information was compromised, such as creditor debit card numbers or online banking login details, contact your bank (or your credit card's issuing bank). Alert them of the possible theft and find out what steps they can take to help you. They may need to issue you a new card and refund fraudulent charges. With a credit card, you will not be responsible for paying more than $50 of fraudulent charges thanks to the Fair Credit Billing Act, but with a debit card, there may be fewer protections.

3. Change your passwords

Immediately change your password on any accounts that may have been compromised. Try to use a strong, unique password on each site, and use a password manager to keep track of them. A strong password is at least 12 characters; uses a mix of letters, numbers and symbols; and doesn't contain any of your personal information or dictionary words.

4. Implement multi-factor authentication on your accounts

Multi-factor authentication means a user has to present two or more authentication factors to access an account. That might mean entering a password on a site or in an app, and then entering a code sent to your personal phone. Requiring two layers of authentication lowers the likelihood that a fraudster could access your account.

5. Consider signing up for a credit monitoring service

You can sign up for a monitoring service for a monthly fee, and it will alert you to any new activity or fraud on your credit reports as soon as it happens. When fraudulent activity appears, you can contact the credit reporting agency immediately to have it removed.

Keep a close watch on your monthly statements

Even if you haven't seen any fraudulent activity on your account as a result of a data breach, that doesn't mean you won't see some later. Each month, take time to closely inspect your bank and credit card statements to look for unauthorized transactions. If you receive monthly statements by mail, it's easier to remember to do this. But even if you've gone paperless, your bank or credit card issuer supplies you with a monthly electronic statement. Set a monthly appointment on your calendar to help you remember to log into your account, download the statement, and closely review it for any inaccuracies.

The content provided is for informational purposes only. Neither BBVA USA, nor any of its affiliates, is providing legal, tax, or investment advice. You should consult your legal, tax, or financial consultant about your personal situation. Opinions expressed are those of the author(s) and do not necessarily represent the opinions of BBVA USA or any of its affiliates.

Links to third party sites are provided for your convenience and do not constitute an endorsement. BBVA USA does not provide, is not responsible for, and does not guarantee the products, services or overall content available at third party sites. These sites may not have the same privacy, security or accessibility standards.