Security News & Best Practices

Get the scoop on the latest security threats and how to protect yourself

What to do when a company with your personal information gets hacked

Online shopping has become a central part of modern consumerism. This is especially true during the holiday season, when people all over the world are scrambling to find the perfect gift for their loved ones. Sadly, many hackers use this convenient technology as an avenue to illegally snag financial information from shoppers and use it for personal gain.

While there are some actions you can take to help protect yourself, sometimes a breach isn’t your fault. Regardless, if a company’s defenses are compromised, you need to act quickly and decisively to help ensure your data’s safety. Here’s what you should do:

Change all passwords and security questions immediately

As soon as you hear about a breach, you absolutely must log into your account and change both your password and any security questions used to access your information. While many organizations do try to prompt users to do this – Yahoo has been forcing people to alter their login credentials after one billion users had their data stolen – it’s best to simply take the initiative yourself.

“Many hacks take months, if not years, for the organization to discover.”

The reason you need to act so quickly is that many hacks take months, if not years, for the organization to discover and make public. The Yahoo data breach actually occurred in August 2013, which means that cyber criminals have had more than three years to comb through the data. Although this is an extreme example, it does show that hackers often have a big head start during a breach and that you need to act fast.

That said, you should take this as an excuse to beef up your password security across all of your profiles. This is especially true if you use the same login credentials on different sites, as hackers love to hop from one account to another when you do.

Keep an eye on your inbox

Another dirty trick hackers like to pull following a hack is gathering all of the email addresses they’ve acquired and sending them phishing emails. This sometimes includes them being so bold as to masquerade as the hacked organization itself.

It’s important to know here that an institution that’s been compromised will almost never email you about it. If you do receive a message from this company, you should treat it as a phishing email and avoid clicking any links. Try calling the company at their official number to verify if the message is legitimate.

Stay vigilant following a hack. That new message in your inbox might not be legitimate.

Cancel your cards if they were involved

Under the Fair Credit Billing Act, you are not liable for any charges on your credit card if the number alone was stolen rather than the physical card itself. The same goes for debit cards as long as you report the hack within 60 days of your discovery of fraudulent charges on a statement under the Electronic Funds Transfer Act.

While that’s certainly good news, you’ll still want to act fast to mitigate the risk of having to go through a lengthy claims process. Cancelling your card and changing your PIN are the best course of action.

Getting hacked may be scary, but it doesn’t have to be a life-altering event. By taking simple yet effective steps, you can lower the chances of your information being used improperly.