It’s easy to fall into one of two different traps when you receive a data breach notification letter. On the one hand, you might go into panic mode and begin to take action, even if that action isn’t really in your best interest. Sadly, a lot of people respond to those letters by tossing them on the countertop, fully intending to take the steps outlined by the sender but never quite getting around to it.
First of all, it’s important to remember that data breach notification letters will come in the mail, not via email or other online communications. If you receive some kind of online notice that your information has been compromised, it’s almost certainly a scam.
The reality is that identity theft is on the rise, so it can be tempting to brush off a notification letter that informs you your personal identifiable information has been compromised. The flip side is also perilous, since it can also be tempting to cancel all of your credit cards, checking account, even kids’ school lunch accounts. That’s not the best course of action either.
So what is the appropriate response to a data breach notification letter? It’s outlined for you, right there in print.
Depending on the state you live in, a notification letter may be required to contain certain pieces of information. Even if your state has yet to legislate how and what gets shared with victims of a breach, most letters of this type will still keep you informed about a few key things.
Typically, the letter will tell you the place of business and the date range when the information was accessed. This will help you piece together where you shopped and what payment method you may have used. It will also tell you what information was believed to have been stolen, such as names, addresses, email addresses, phone numbers, Social Security numbers, account numbers, and passwords.
It’s important to remember that just because a hacker only made off with names, addresses, and email addresses, that doesn’t mean you’re in the clear. With the abundance of email communication these days, even having your email address can mean you’re open to receiving spam emails, phishing attempts, and attempts at taking over your email account. If a hacker does manage to take over your email, he can change the password and lock you out, then go to all of your other accounts (like Facebook or your online banking) and request new passwords there as well.
But what if the information that was lost included everything? Your SSN, your passwords, even your medical records?
It’s extremely important that you read the rest of the letter and follow the steps that are outlined. You may be advised to sign up for free credit monitoring, to place alerts and freezes on your credit report, or maybe just to request a free copy of your credit report and monitor it for the foreseeable future. Do not dismiss these recommendations, as they may uncover even deeper criminal misuse of your information.
Finally, remember that the aftermath of a hacking event or data breach isn’t always immediate. Scammers might buy your information online months from now, and your tax return could be in jeopardy next year. It could be quite some time before anyone actually uses your data for harm, so be prepared to monitor your identity for a long time to come.