Insights & Advice From Bank Of Tennessee

Advice

If You're a Victim of a Data Breach

If You're a Victim of a Data Breach

Technology and online security see continuous enhancements each year, but unfortunately, not those upgrades have not been enough to protect databases from being breached by hackers. As a result, identity theft remains a serious issue in the United States. How serious? According to the Identity Theft Resource Center, more than 233.9 million records were exposed to identity theft in 2023, arising from over 2,116 total data breaches.

The data breach analysis reports 733 compromises for Q3 2023. The financial services sector accounted for 27.8 percent of data breaches, healthcare and hospitality were 16.8 percent, the government had 3.5 percent and education with 5.7 percent.

How to Know if Your Data Has Been Compromised

In most cases, a company will notify you via email or postal mail after discovering a data breach. They will likely tell you the stolen information, such as your name, email address, username, password, mailing address, Social Security number, and financial account numbers.

Another way you may discover your data was in a breach is if you notice fraudulent activity on your accounts. For example, you may see a credit or debit card charge you did not make, or you may get a phone call or piece of mail about an account you did not open. The thief may have obtained your information through a data breach where the company has failed to notify you or where the breach has gone unnoticed.

Steps to Take to Protect Your Identity After a Data Breach

  1. Change your password if that was one of the pieces of information involved in the data breach. Also, if you use the same or a similar password for other things, change those passwords as well.
  2. Sign up for the free credit monitoring service offered by the breached company, if applicable. This service will likely check your credit report regularly and notify you immediately regarding any new information that appears. However, do not let the credit monitoring service give you a false sense of security. You should still take other steps to protect yourself and your identity.
  3. Place a fraud alert on your credit report by contacting one of the three credit bureaus: Equifax, Experian, or TransUnion. This alert will automatically transfer to the other two bureaus as well. When there is an alert on your credit report, creditors are supposed to contact you directly before issuing credit in your name.
  4. Review your credit reports for unusual activity. In particular, focus on the section that lists credit inquiries initiated by you. If you see something here that you do not recognize, this can indicate that someone has attempted to apply for credit using your name and Social Security number. Also, look at the section listing active accounts. If there is an account there that you did not open, contact the financial institution that manages the account and the credit bureau that provided the report to tell them it is fraudulent.
  5. Consider issuing a security freeze on your credit reports if you found evidence that someone is actively trying to open accounts using your information. The security freeze prevents new accounts from being opened unless you lift the freeze for a specific financial institution and a specific time frame.
  6. Protect existing accounts by monitoring your monthly account statements and checking all activity to ensure you initiated it. Monitoring your account is especially important if you know your credit card number, debit card number, or bank account number was compromised. If you notice any unusual activity on your statements, notify the financial institution that manages the account immediately. They may issue a new account number for you.
  7. Be vigilant about requests for personal information. Do not give your personal information if you receive a call or email from someone who claims to be with one of your financial institutions. Instead, call your financial institution directly through the number listed on your account statements or by typing in their website address. You should only reveal personal information if you have initiated the contact and are sure you are not talking to someone trying to defraud you.