You Received a Data Breach Notice—Now What?

Living in a digital world means sharing your personal information with third parties. If you want to sign up for basic utilities like electricity and internet service, it’s a non-negotiable. While most companies have their own safeguards in place, there’s no guarantee that a scammer can’t get around them.

Considering that the Identity Theft Resource Center (ITRC) reported more than 2,000 data compromises in the first nine months of 2023, impacting millions of victims, there’s a good chance you could be notified of a data breach at some point. So, how should you respond if you receive a data breach notice—even if you don’t see any evidence of fraud?

The Next Steps

Whether or not you detect any signs of fraud, a data breach necessitates that you tighten security on personal information. These next steps will help you take control in the wake of a breach.

1. Confirm legitimacy. If you receive notice that your data was leaked in a data breach, contact the company directly to confirm that it’s legitimate. Use a number you know to be valid rather than a number listed on the notice, thus avoiding contact with potential phishers.
2. Find out what was stolen. The company should be able to tell you what information was compromised. What you do next will depend on the type of information that was stolen. If your Social Security number (SSN) is compromised but you don’t have any evidence of fraud occurring, place a fraud alert that asks businesses to verify your identity before offering credit in your name. If your driver’s license is compromised, immediately request a copy of your official driving record from the DMV and file a police report. This will serve as a safeguard against the thief racking up traffic violations in your name. If your credit or debit card information is compromised, cancel your cards and request replacements. Similarly, if your bank routing info is compromised, move your funds to a new account as soon as possible. For more information, check out the Federal Trade Commission’s list of resources for victims of data breaches.
3. Tighten up passwords. Whether or not you see any signs of fraud, you should change your password for the breached company immediately. Take this opportunity to review all of your important passwords. If any passwords are used more than once, change them. Make sure that the passwords you have in place are complex enough that a fraudster can’t easily guess them.
4. Look out for follow-up fraud. Fraudsters may send phishing messages that appear to be sent from the breached company and are designed to elicit further info. If a company pressures you to respond immediately, it’s almost certainly a scam. Other tell-tale signs of phishing emails are typos and sender email addresses that are slightly different from the company (for example, IRS.com instead of IRS.gov).
5. Be vigilant. Take this opportunity to beef up security on your personal information. Reach out to your bank and credit card companies and ask what alerts you can set up. You can also set up credit monitoring so that you’re notified if anyone tries to open a new account in your name. Pro tip: Existing AAA Members have access to credit monitoring, included at no additional cost with AAA Membership. 
6. Review your social media accounts. Strange as it may sound, many scammers are turning to social media as a platform for fraud. Check your profile(s) to make sure that you aren’t giving hackers any extra information (i.e., your birth date, full name, phone number, or email address).

More Identity Protection Articles

• How to Tell If Someone Is Using Your Identity
• How Scammers Can Steal Your Mail—and Your Identity
• What You Need to Know about the Dark Web
• 7 Ways to Protect Your Passport While You Travel
• What College Students Need to Know about Identity Theft