7 Steps to Prevent Identity Theft After a Data Breach

Published: | By IRINA MALTSEVA

In a perfect world, the businesses you trust with your personal information and financial data would always be able to keep these details under lock and key.

Unfortunately, data gets stolen all the time, which leads to identity theft. It happens more than you think—an estimated 15 million Americans had their identities stolen in 2021.

Identity theft happens when a hacker steals your personal information and uses these details to open credit card accounts, spend your money, make health insurance claims, or file tax returns without your consent.

Article Shortcuts:

  1. Change your passwords often
  2. Set up two-factor authentication (2FA)
  3. Monitor credit card and bank accounts
  4. Freeze your credit
  5. Enact a fraud alert
  6. Check for updates from the company with a data breach
  7. Sign up for an identity theft monitoring service


Identity theft often occurs when personal information is compromised in a data breach. This occurs when a thief gains access to an organization's consumer data without authorization. 

When they do, they often steal full names, passwords, social security numbers, and credit card numbers. Data breaches can happen to all types of companies -- big and small. 

In fact, 43% of all data breaches involve small and medium-sized businesses. 

Thankfully, just because your data was compromised, you don’t have to fall victim to identity theft. Follow these seven steps to protect yourself from identity theft in the event of a breach.

1. Change your passwords often

The first step you should take after you’ve been involved in a data breach to prevent identity theft is to change your passwords for any accounts you may have on the internet. 

You should change your password for:

  • Email addresses
  • Social media platforms
  • Banking and finance applications 
  • Subscription services

If your password for any of these accounts is weak, meaning too short or easy to guess, this is your opportunity to strengthen it.

So, as you change all of your login credentials, choose a password that has the following elements:

  • At least 12 characters long -- try for 14 if you can
  • A combination of uppercase letters, lowercase letters, numbers, and symbols
  • Something significantly different from your other passwords

There are also some elements to avoid, like:

  • Passwords that include your first or last name
  • Passwords that include your birthday
  • Passwords that include other things someone could guess, like your pet’s name, address, or spouse’s name


Source: Bitwarden

Get creative here, but also ensure it’s something you can remember! And try to make each password something different. 

You don’t want to use the same password for your email address for your favorite social media platform. Switching up a symbol or two can make a big difference in ensuring security.

2. Set up two-factor authentication (2FA)

Once you’ve changed your login credentials to something unique and secure, take security up a notch by setting up two-factor authentication (2FA) on a free VPN browser.

Many services, like Facebook and Google, have already started offering this added layer of security. 

With 2FA, your online accounts require you to provide an additional level of identification to access or log into an account. 

For example, once you enter a username and password, the account may text a code to your phone. 

You’ll then need to enter this code before accessing the account. In addition to a text code, some accounts allow for a fingerprint scan or facial recognition if your device allows it.

When you set up two-factor authentication, you ensure that even if someone breaches your data, hackers won’t be able to gain full access to your account without the second element of verification. 

Incorporating these cybersecurity measures ensures that your online presence is guarded against unauthorized access, substantially reducing the risk of identity theft following a data breach.

3. Keep a close eye on bank and credit card accounts

After a data breach, pay close attention to your bank accounts and credit card statements. 

Staying vigilant and paying extra attention to your account activity is an absolute must, and it includes not only the accounts impacted by the breach but also other ones, especially bank and credit card accounts.

Read your credit card statements and watch for both small and large purchases on your cards.

A small purchase could be a criminal's way of testing the waters before attempting to make a larger purchase. 

In addition to looking out for charges you don’t remember making or recognizing, sign up for text or email alerts regarding credit transactions. 

Credit card companies often allow cardholders to sign up for these alerts after every charge made using their card or after charges over a certain dollar amount. 

Call your card issuer or bank immediately if you receive a text message or email with a suspicious purchase. 

Also, contact your bank and credit card companies to inform them that a data breach impacted you. They can set up text or email alerts on your behalf that will make monitoring easier and help you avoid credit card scams. 

4. Consider freezing your credit

Another proactive step to prevent identity theft is to freeze your credit. A credit freeze makes it extremely unlikely that your stolen financial data can be used to open new accounts in your name. 

Since most creditors will check your credit history as part of their application process, if your credit has been frozen, creditors are unable to access your credit history and will deny any new accounts from being opened.


Source: BankersTrust

So, even if identity hackers have access to your personal information after a breach, they won’t be able to open new accounts under your name, which would likely damage your credit score.

To freeze and unfreeze your credit, call each of the three bureaus: TransUnion, Equifax, and Experian. Doing so is free and doesn’t affect your score. 

5. Enact a fraud alert

Freezing your credit isn’t an option for everyone. If you’re in the middle of applying for a car loan or a mortgage, locking out creditors isn’t a step you can take.

If this is the case, you can add a fraud alert to your credit reports instead. You can set it up with the help of credit protection services.

A fraud alert is a warning within your credit report that lets potential lenders contact you, usually by phone, to verify your identity before extending any new loans or credit. 

So, if your identity has been stolen and you receive a phone call about opening a new credit card, this call will let you know it’s time to take action to stop this new account from being opened. 

6. Check for updates from the company with the data breach

If your data has been involved in a data breach, the company at fault will likely post ongoing updates and disclose information about how the breach impacted customers. 

It is a critical time for data activation, where you should actively use the provided information to enhance your security measures and responses to the breach.

For example, in 2021, when records of over 530 million Facebook users, including account names, phone numbers, and Facebook IDs, were involved in a breach, the social media company automatically logged these users out of its platform. 

Additionally, the platform sent these users messages about what had occurred and what they should do next to protect themselves.

The company involved in a data breach and exposed your personal information will provide updates regarding the breach. If not, consider contacting this organization to ask for additional information. 

7. Sign up for an identity theft monitoring service

Once you’ve done all six steps to protect yourself -- get a little extra help from an identity theft protection company. 

These services can help by:

  • Keep your personal information safe and away from identity hackers
  • Notify you if there are signs of any malicious activity within your accounts, and 
  • Help you recover any loss of finances or identity if you become a victim of identity theft. 

So, even if you’re remaining vigilant and doing everything you can after a data breach, these tools take your protection up a notch.


Source: Aura

These services are especially worth it after a data breach. Your identity can be used for standard identity theft, tax fraud, social media account takeovers, credit card fraud, and medical identity theft. 

At the end of the day, you already have a ton on your plate, especially if your information is involved in a data breach.

Checking your credit, monitoring who’s using your social security number, and securing your online accounts each day can all be done by these tools -- giving you one less thing to worry about or remember to do.

Protect yourself and your identity at all costs

Having your personal information, credit card numbers, and passwords in the hands of a hacker is a situation no one should ever have to find themselves in. 

But identity thieves are out there, and data breaches happen to even the most well-known and reputable companies. That's why having cybersecurity measures in place is crucial.

It’s crucial that you stay vigilant about taking steps to prevent identity theft after a data breach. Changing your passwords and reading over your credit card statements can ultimately protect your identity. 

You can also invest in identity theft protection software that can keep a watchful eye on your sensitive information.


Author Bio

Irina Maltseva is a Growth Lead at Aura, a Founder at ONSAAS, and an SEO Advisor. For the last eight years, she has been helping SaaS companies to grow their revenue with inbound marketing.



Share this Article: