If You Think You’ve Been Hacked, Here’s What to Do
Wondering what to do if you've been hacked? Fortunately for many of us, the most dramatic encounters we’ll ever have with hacking are in movies and TV.
Any Friends fan remembers “The One With the Fake Monica,” where Monica finds out her identity has been stolen. In the episode she tracks down the culprit, only to find she’s been living Monica’s best life for the both of them.
While it’s unlikely that someone will want to write a TV show based on realistic hacking scenarios, if there is a security breach at a company that has your personal data, there are immediate steps you can take to lessen the inconvenience and avoid any tap-lesson-related pain.
Time matters: The sooner you make moves, the better. Here are tips to follow once you receive an alert about a data breach. (And no, the first step isn’t—as it was in case of Fake and Real Monica—get drunk with the person who stole your identity.)
Tip #1: Go straight to the source
If you know that a company you have an account with has experienced a data breach, reach out to them first. Don’t wait for them to contact you—scammers will sometimes contact those affected after a breach to get even more info. Also, you want to be sure that the data breach is real in the first place. Talking to an actual person can be reassuring, and they’ll let you know exactly what kind of information has been compromised.
If you live in the EU, you may not have to reach out. Because of GDPR, companies are obligated to alert their national supervisory authorities should a breach occur and, on top of that, reach out to individuals affected if they could be at risk.
If your personal data is exposed, e.g. your Social Security number or passwords, you could be the victim of identity theft, meaning someone could commit fraud in your name. Read on for what to do if your identity is stolen.
Tip #2: Contact your bank if your payment details have been stolen
If your credit card is compromised or your bank account is hacked, your info can be used to open other lines of credit or withdraw money from your account. If you notice charges you didn’t make or other unusual activity, it’s likely that your credit or debit card information has been stolen. If this happens, you should:
- Contact your bank or credit card company as soon as possible to freeze or cancel your card
- Make note of any charges that seem fraudulent and contest them
- Monitor your bank and credit card accounts to ensure no other fraudulent charges take place
Most banks and credit card companies have a dedicated number to report potential fraud, but if you call customer service, someone can connect you to the fraud department.
Tip #3: If you live in the U.S., contact the three major credit bureaus
Take advantage of the services provided to you if you think you've been hacked. If your information has been compromised due to a data breach, especially your personal identification information like your Social Security number, you’ll likely be offered free credit reports and credit monitoring, identity theft protection services, and in some cases, cash for expenses while this whole fiasco gets sorted.
But you’ll want to cover your bases by contacting all three major credit reporting agencies (details below). They can put a fraud alert on your credit file for free that you only need to renew once a year. You can request this online or by calling the numbers listed above. Creditors and lenders will have to verify your identity before granting loans, so if someone is trying to use your Social Security number for this purpose, you’ll get an alert.
You can also request a credit freeze for free. Why? If someone has access to your personal info, they can open new lines of credit. A freeze makes this more difficult because creditors and lenders can’t pull your credit score in order to approve a loan. Unfortunately, it also prevents you from applying for new credit cards during this time. Contact Equifax, Experian, and TransUnion by phone or by mail to request a credit freeze.
Tip #4: If you live in the U.S., file an identity theft report with the Federal Trade Commission (FTC)
Call 877-438-4338 or go online: identitytheft.gov. You can contact your local police department, but that’s only really necessary/helpful if you know the identity of the thief or if you need to show a police report to a creditor or debt collector. In most cases, contacting the FTC is your best bet.
If you think a company or organization has failed to respect your data protection rights, you can make a complaint directly to your national data protection authority (DPA). DPAs are independent public authorities that make sure companies are following data protection laws—and in turn, keeping your data safe. If you file a complaint, your DPA will begin an investigation and give you a response within three months. If you wish, you can also file a case directly against the company in question rather than going to your DPA.
Tip #6: Change your passwords
You should always change your passwords after a breach. There’s a good chance the password you’re using on a compromised account is also being used elsewhere, which means your stolen info could be used to hack into another one of your accounts.
Really, you should use a strong, unique password on every account. Sound like an impossible feat of memory? That’s where password managers like Dashlane can help. Dashlane has a built-in Password Generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.
What to do if your healthcare data and medical records were hacked
Just when you thought people couldn’t get any worse, you learn there is such a thing as “medical identity theft.” This is where someone impersonates you to get medical treatment and prescription drugs. This could affect you down the line if you are seeking medical care or medication.
If your medical data has been breached, ask for copies of your medical records from your doctor’s office, as well as your benefits statement from your healthcare provider, to see if anyone has used your information to receive treatment or medication. Your healthcare provider is required to share with you a list of anyone with whom they’ve shared your protected health information, so contact them immediately to ask who might be on that list.
Think about the info that they have on file: your banking information, Social Security number, etc. This will help you decide how to move forward. Consider taking the same steps you would take in a financial security breach (see above), like contacting major credit bureaus and checking your credit report, in case your credit card number or other personal data was exposed during the breach.
In the U.S. and have an HSA or FSA? Check your balance to make sure all those charges look legit.
Also, look at that bill! Sometimes we put off paying medical bills, but open your bills in a timely manner and make sure they are for treatment you actually received. If not, be sure to take it up with the medical facility and let them know that you may be a victim of medical identity theft.
What to do if your passport was stolen
What are the risks if you lose your passport? It’s harder to commit identity theft with just a passport number; more likely, someone would be forging your passport to be sold on the dark web. Of course, if the number is stolen in conjunction with other financial information, this will definitely make identity theft easier. That’s why it’s important to (see again, tip #1) go straight to the source and find out exactly what information was exposed during a data breach.
Where else might your personal info be?
Your Social Security number, email address, and driver's license info is tossed around pretty recklessly these days. You’ve put them on countless forms, like job and apartment applications, and places like the university you attended have them as part of your personal records. If there is a breach at any company or financial institution, you’ll want to find out if your personal data was part of the information that was exposed. And if that’s the case, you’ll want to take proactive measures to protect your info and identity.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.