Skip to content

How to Protect Yourself After A Data Breach

Published: 08/23/2021

By: First American Credit Union

After a company announces a breach, it is in your best interest to assume your information is out there.  When details such as Social Security numbers and addresses fall in the hands of criminals, identity and fraud quickly become problematic.

Here are a few steps you can take to protect yourself if you've been notified your information has been compromised.

Freeze Your Credit 

Contact all three credit bureaus individually to get a freeze, which is the best protection for your credit files.  This is one of the most important steps you can take if you believe your data has been compromised. Freezing your credit blocks lenders from being able to review your credit report to approve a new line of credit. That means you won’t see any surprise credit cards or auto loans taken out in your name.

Freezing your credit requires contacting each of the three major credit bureaus—Equifax, Experian and TransUnion—directly. The bureaus will require information to verify your identity, such as Social Security number, a copy of a photo ID and proof of residence to approve the freeze. Some bureaus assign a PIN that’s required to unfreeze the credit report.

It costs nothing to freeze your credit report and doing so won’t affect your credit score. A freeze can be temporarily or permanently lifted at any time.

Key takeaways:

  • A freeze blocks access to your credit reports, protecting against scammers' attempts to open fraudulent accounts.
  • You have to contact each of the three credit bureaus individually.
  • Placing a credit freeze is free for you and your children, as is lifting it when you want to apply for new credit.

Use Multi-factor Authentication

Our Partners at KnowBe4 Security recommend using Multi-factor Authentication (MFA).   Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.

Get Serious About Passwords 

When passwords are exposed, hackers can buy them for a small sum, giving them unlimited access to your accounts and sensitive information. And, if you’ve used that password for multiple online accounts, bad guys could access those accounts too. So, if you’re still using an old password for your multiple accounts, change that password immediately!

Here are some tips from our partners at KnowBe4 Security to keep in mind when creating new passwords:

  • Make your passwords complex
    • Complex passwords use at least eight characters with a combination of upper and lower case letters, numbers, and symbols.
      • Example: a3D$8k0*
  • Use passphrases
    • Passphrases are a phrase or sentence. Don’t use the lyrics of your favorite song or a quote from a book! Make it unique but make it something you can remember.
      • Example: Pa$$wordSafety1sC0ol
  • Use a password generator
    • Password creators such as LastPass and 1Password can generate passwords for you.
  • Don’t use variations of your old passwords
    • Hackers know that untrained users will do this, so they use automated tools to figure out these variations.
      • As a simple example, if your password is “Password”, don’t make it “Password1”. Hopefully, none of your passwords are actually “Password”!

Whether or not you’re sure that your password has been exposed, make the safe choice and make all of your passwords unique.

Stay Vigilant

Remain vigilant against threats of identity theft or fraud, and to regularly review and monitor your account statements and credit history for any signs of unauthorized transactions or activity.

If you ever suspect that you are the victim of identity theft or fraud, you have the right to file a report with the police or law enforcement. In addition, you may contact the FTC or your state’s attorney general to learn more about the steps you can take to protect yourself against identity theft.

It is always a good idea to be alert for “phishing” emails by someone who acts as if they know you or are a company that you may do business with and requests sensitive information over email, such as passwords, Social Security numbers, or bank account information. We do not ask for this type of information over email.

If you believe you are a victim of fraud or identity theft, you can contact your local law enforcement agency, your state’s attorney general, or the Federal Trade Commission (FTC).


If you are affected by a data breach, there is a government website that can help you assess the situation and understand your options for what to do next. There are a variety of resources with tips and advice on what to do if your personal information was lost or stolen.

Being affected by a data breach can be alarming, and in the worst-case scenario, it can lead to identity theft and financial complications. However, if you know what to expect, and you take a few simple steps to protect yourself and stay vigilant, you can overcome the risks and hassles of a data breach.





View all posts