With so many security breaches in the news, at so many types of companies, you have probably received a notice that your personal information “may be affected.” What should you do?

First, confirm that your personal information was included in the breach. If you get a notice from a company about a security breach, make sure it is legitimate and not a scam. Contact the company by using a phone number or email you found through a trusted source, such as information listed on your bill or the company’s website.

If confirmed, this means any personal information you shared with the company could be in the wrong hands. It’s possible criminals could apply for loans or new credit cards in your name, or break into your existing accounts with the stolen data.

A message from your device provider or password manager that your AT&T online account password appeared in a data leak could mean you used the same credentials on a different online account that experienced a data leak. It does not mean AT&T experienced a data leak. However, once a bad guy has your log-in credentials, any accounts accessible with the same credentials are at risk. If you see a message like this related to your AT&T account, or another account, reset the password through the account management tools and settings.    

Take the following steps to help protect yourself if you hear you “may be affected” by a data breach:

If your Social Security number is affected…

  • Consider a credit freeze. You’ll need to create credit freezes separately at each of the three credit bureaus (Equifax, Experian and Transunion). There is contact information for the credit bureaus on our Resources page. Once in place, you’ll receive a unique PIN which is necessary to get credit information from the bureaus and to lift the freeze. If you are afraid the PIN has been compromised, you can create a new PIN. To learn more about credit freezes, visit the Federal Trade Commission Credit Freeze FAQs.
  • Set up a fraud alert. An alert usually means a business must call you to verify that you are the person asking for a credit request. This service is free through the three credit bureaus mentioned above but it expires after 90 days so you must actively renew the alert.
  • Enroll in a credit monitoring service. Companies affected by a breach may offer a subscription to a monitoring product for free. The length of the monitoring and terms vary, so make sure you check it out completely before applying.
  • Monitor your free credit reports. You can check your credit report for free each year at annualcreditreport.com.
  • File your taxes early. A Social Security number can enable criminals to file a tax return in your name and claim a refund. If you file early, you can help to reduce the chances of a fake filing.

If your debit card number and/or bank account is affected…

  • Report any unauthorized transactions within 60 days of receiving your statement. If you see unauthorized payments on your credit card or bank account, you will need to contact the bank or the financial institution to have them reverse the unauthorized charge to your account.
  • Cancel the card and change your PIN.
  • Close your bank account and open a new one with a new number. Consider asking your bank for a verbal password. This prevents bank employees from discussing your account with anyone unable to provide that password.

If your credit card number is affected…

  • Call your credit card company and request a new card with a new number.

If your password is affected…

  • Change your password immediately. If you can’t log in, contact the company and ask them how you can recover or shut down the account. If you use the same password for other accounts, change those as well.

If your email address is affected…

  • Keep an eye on your inbox for messages requesting information, or requesting you to click on a link. Visit Fake Email or “Phishing” to learn more.

You can also ask companies if there are additional security features you can add to your accounts to help protect them.

Be sure to also file a police report and report the incident to the FTC online at www.ftc.gov/idtheft. Visit identitytheft.gov for more information and tips.