How to Protect Your Identity After a Data Breach

Data breaches are becoming increasingly common. Here’s what to do if your information has been exposed.

If you feel as though you’re hearing more about data breaches than you once did, you’re not imagining things — they’ve become increasingly common in recent years. According to a report compiled by Risk Based Security, data breaches exposed 8.4 billion records in Q1 2020 — an increase of 273% compared to Q1 2019. Unfortunately, 19% of exposed consumer data is sensitive in nature, including information such as Social Security numbers and financial details.

While it can be easy to underestimate the gravity of a data breach — particularly when it involves something like your fitness tracker or a store loyalty program — every data breach should be taken seriously. Even the exposure of basic data can be problematic, particularly when it falls into the wrong hands.

“Any information that is relevant to you and your behaviors — an email address, your home address, or even where you went on vacation — can be used as an opportunity to social engineer other information from you,” explains Jeff Kennedy, Chief Information Security Officer at Regions Bank. “The more information that’s exposed, the easier it is for criminals to use that data to commit fraud or sell your data to someone else.”

How to Protect Yourself After a Data Breach

If your personal information has been exposed in a data breach, there are a few steps you should take to help lessen the potential impact.

1. Change your password

It’s important to change your password as soon as possible after a data breach has occurred. If you’ve used that same login information on other websites, you’ll need to update those, too.

“If your fitness tracker experiences a data breach, fraudsters may take that same user ID and password and try using it on other websites, like your PayPal account, for example,” Kennedy explains. “Once fraudsters have access to a valid user ID and password, you are at greater risk of a compromise on another website.”

2. Find out what information has been exposed

It’s a good idea to reach out to the company that experienced the breach for more information. Not only is it important to find out what information was exposed, but you should also find out when the data breach occurred. According to Kennedy, exposure of sensitive personal data like your Social Security number or driver's license number can put you at an increased risk of identity theft or new account fraud in the future.

3. Monitor your credit

Under normal circumstances, it’s a good idea to review your credit report on an annual basis in order to check for inaccuracies or fraudulent activity. However, if your personal data has been exposed in a breach, you may wish to monitor your credit report more frequently. You can request a free credit report by visiting

If more sensitive information has been exposed, you should take additional steps to safeguard your finances. Consider placing a freeze on your credit through Equifax, Experian and TransUnion. If you’d prefer to keep your credit available, you may find it beneficial to sign up for a credit monitoring service.

“Depending on the credit monitoring service, there may be other services that they can offer you, such as dark web monitoring. If they find some of your information published on the dark web, they will report that to you. You may see that as a value-added service,” explains Kennedy.

4. Remain vigilant

Be aware that cybercriminals may not use your data for months, or even years after a breach occurs. Some criminals will use stolen data in creative ways, so it’s important to remain vigilant. For example, they may attempt to social engineer more information out of you through phishing emails. Recently, the FTC has reported an increase in phony extortion emails designed to frighten recipients into sending money via Bitcoin. If you receive a suspicious email, do not respond. Simply flag the email as spam, change your password, and block the sender. You may also wish to report the matter to the FTC via their website:

Safeguarding Your Data

With a few precautionary measures, you can help minimize the potential impact of any future data breaches. First, follow best practices for password creation and management. It’s recommended that you use a strong combination of letters, numbers and symbols when creating passwords. Likewise, it’s important to use a unique password for every login you create.

“There are a number of companies that ask for a user ID and password, ranging from your fitness tracker to your bank,” explains Kennedy. “If you use the same user ID and password across all websites and one is compromised, the rest are at risk.”

For increased protection, consider enabling two-factor authentication whenever possible. This simple step can provide an extra layer of security to your most sensitive accounts, such as your primary email and your financial accounts.

Finally, Kennedy advises consumers to limit the amount of information being shared with companies whenever possible.

“Don't share information with businesses that you don't believe they need. For example, if a fitness tracker app is asking for your Social Security number or address, that’s not really relevant. You may lose a feature or capability that they're offering, but I think that's a matter of personal choice,” he explains.

To learn more about protecting your finances after a data breach, listen to our podcast interview with Jeff Kennedy via the audio player below.

For more tips on preventing, reporting, and recovering from fraud, be sure to visit