How to Protect Yourself Against Data Breaches
Data breaches can induce fear in consumers who are at the mercy of security measures (or lack thereof) maintained by companies that carry their most private information.
This fear is not unfounded.
A multitude of cyberattacks, hacks, and data breaches plagued the cybersecurity landscape in 2019, resulting in the theft of internal sensitive data, emails, medical information, and account credentials. Some of the worst breaches of the year affected:
- Apple FaceTime
- Oklahoma Department of Securities
- Facebook and Instagram
- American Medical Collection Agency
- Capital One
The average data breach costs almost $4 million when notification costs, investigation expenses, lawsuits, regulatory fines, and damage control fees are considered. However, this number does not include out-of-pocket losses incurred by consumer victims.
Out-of-pocket costs incurred by consumer victims of data breaches totaled $1.7 billion in 2018.
Bank accounts, lines of credit, loan accounts, and medical records hold the most personal information we have. It may seem impossible to prevent the identity theft that can follow data breaches, but that’s not the case.
In this article, we’ll look at ways to protect yourself against data breaches, hacks, and cyberattacks, along with what you should do if you learn you’ve been a victim of a breach.
How to Protect Your Identity
It’s possible that your information may have been compromised months or years ago without your knowledge. Just because you haven’t noticed fraudulent activity to date doesn’t mean your information won’t be used in the months or years to come.
To protect your future, it’s vital that you find out if your information has been compromised in the past.
Be proactive and make sure your identity, credit, and online accounts remain under your control. This means:
- Finding out if you’ve been a victim of any breaches in the past
- Securing your information prior to future cyberattacks
Find Out if You’re a Victim of Past Data Breaches
Don’t assume everything is fine if you haven’t been alerted about a breach. It can take weeks or months before affected consumers are notified, allowing plenty of time for hackers to take control of stolen information. By the time you receive notice that you may have been the victim of an attack, significant damage to your credit and financial health may have already occurred.
Detecting identity theft early yourself can save you thousands of dollars, hours of time, and a lot of stress and anxiety.
Staying alert and recognizing signs of identity theft can mean the difference between a little inconvenience and total financial disaster for you. The Center for Identity at University of Texas, Austin lists five signs of possible identity theft1:
- Calls from bill collectors
- Suddenly not receiving bills
- Unfamiliar card charges
- Errors on your credit report
- Contact from the IRS
Calls from Bill Collectors
If you receive calls for unpaid bills that you know nothing about, someone has likely used your identity to rack up debt. Your account information may have been stolen and used for unauthorized purchases. Contact your issuing account company right away to dispute the charges and launch an investigation.
Suddenly Not Receiving Bills
Identity thieves can steal your mail and change the mailing address to a fraudulent one they’ve set up. They usually do this for one of two reasons:
- To access your mail and gain your identity information
- To keep you unaware of purchases for which they are using your credit cards
Stay diligent with your mail service. If you realize that you haven’t received bills on time, contact your creditors right away to check the address that they have on file.
Unfamiliar Card Charges
Reconcile your accounts regularly online and watch for charges you didn’t make – even small amounts. Thieves often test accounts to see if a charge will go through. When it does, they’ll move on to bigger charges later. Contact your credit company or bank immediately when you notice a suspicious charge in any amount.
Errors on Your Credit Report
Keep an eye on your credit report to spot accounts and new credit cards that you didn’t open. If you know you have a good credit score but are suddenly denied a loan or line of credit, an unauthorized user may have damaged your score.
You are entitled to one free credit report annually from each credit reporting firm (TransUnion, Experian, and Equifax). You can also visit www.annualcreditreport.com, which is the only credit site authorized by the federal government. File disputes right away to strike fraudulent activity from your credit and close fraudulent accounts.
Contact from the IRS
If your social security statement shows that your annual earnings are higher than they truly are, someone might be using your social security number for wage reporting. If you file your taxes but receive notice that a return has already been filed with your social security number, someone may have used your information to walk off with your tax refund. Contact the IRS immediately to fix the situation.
A helpful tool for searching past breaches is a website called haveibeenpwned.com. This service allows you to enter your email address and search across thousands of data breaches to see if any associated accounts have been compromised.
If any have, change your passwords immediately. Haveibeenpwned.com has a handy tool to help you do that, too. Once you sign up for the notification service, you won’t need to visit the site again – you’ll be alerted any time your information is leaked in a data breach.
Haveibeenpwned.com lists more than 9,319,713,483 accounts that have been compromised as of January 21, 2020.
Google Chrome will also add a feature to its browser that will let users know if their login credentials have been compromised. This new feature will extend the browser’s current service that authenticates account sign-ins from unrecognized devices.
Secure Your Information Prior to Future Data Breaches
Now that you know how to check if your information has been hacked in past data breaches, the second part of total identity protection is knowing how to secure your credentials before future breaches happen.
It’s much easier to protect your information prior to data breaches than it is to try and recover from identity theft.
Temporarily Freeze Your Credit
Freezing your credit allows you to restrict access to your credit information. This makes it harder for identity thieves to open new accounts. When you request a credit freeze, the credit bureau will send you a unique, confidential PIN. Without the PIN, the freeze cannot be lifted.
Visit Equifax, Experian, and TransUnion to place a free credit freeze at each credit bureau. Once you’re ready to use your credit to open a new account or get a loan, be sure to unfreeze your credit with each bureau beforehand. (You will not want to place a credit freeze if you are already in the process of getting a loan approved.)
Lock Debit and Credit Cards
Many financial institutions, including Axos Bank, offer the ability to lock and unlock debit and credit cards within a mobile app. It’s a quick and easy way to make sure stolen cards may not be used.
To place a temporary or permanent lock on your Axos Bank debit card:
- Log in to online banking from your computer or mobile device.
- Select Accounts.
- Select the account that is connected to your debit card.
- Select the Debit Cards tab.
- If you’re using a mobile device, swipe left, then select the “Debit Cards” tab.
- Select the button to lock your debit card or order a replacement card.
Choose Unique Passwords and Change them Often
Do not use the same password for your accounts. A large portion of black hat hacking is cracking reused passwords. If you reuse your passwords, you will make it much easier for hackers to break into your accounts.
To keep track of your passwords, use a password manager like LastPassword or 1Pass. When you use a password manager, you only need to remember the master password – the rest of your passwords will be auto-generated. (You can also create a password spreadsheet to track your passwords and secure it with a unique password.)
When you create a password, don’t use identifying number or word patterns. For example, your birthdate should never be used as a PIN. Make sure passwords are long, easy to remember, and difficult for anyone else to guess. For example, [email protected]!ngAdv=ntur=s is much better than C66eKZ$rp61Su%*6.
Use Non-SMS Two-Factor Authentication
Thanks to the rise of SMS swapping and port out scams, SMS-based two-factor authentication is not enough. Instead, set up physical authentication for your accounts. This includes:
- Biometrics, such as fingerprint scans and face recognition
- Security keys
- Authentication apps, which link to your physical mobile device
By adding a physical layer to your security, you will make it much harder for online hackers to access your accounts.
Set Up Account Alerts
Account alerts will help you act immediately when unauthorized users withdraw money from your account. Whenever a withdrawal passes a threshold (that you determine), the alert will send you a text message and/or email, depending on your preference.
Stay on top of these alerts when they arrive – if a transaction looks suspicious, contact your bank immediately to resolve the matter.
Diligence is the Key to Data Breach Protection
While data breaches may seem like a topic reserved for cybersecurity professionals, consumers must stay up-to-date as well.
The key to protecting yourself is diligence. Routinely check your accounts, verify credit reports, and stay informed. Look for signs that your information has been compromised – from unfamiliar charges to fraudulent accounts in your name. When it comes to minimizing the damage of identity theft, acting quickly makes all the difference.
- "Five Signs of Possible Identity Theft," University of Texas at Austin, Center for Identity, https://identity.utexas.edu/id-perspectives/the-top-five-signs-your-identity-has-been-stolen, (accessed 10/20/2018).
How to Protect Yourself Against Data Breaches
This blog post was published by Axos Bank on April 14, 2020 and last updated on April 14, 2020.