What to do after a data breach

Capital One announced a massive data breach on Monday, July 29, reporting a hacker accessed the information of over 100 million Americans who have applied for credit cards, since 2005, which contained consumers’ personal information including names, addresses, zip codes, email addresses, phone numbers and dates of birth. Capital One has said it has since fixed the vulnerability in its system and apprehended the hacker responsible for the breach. However, there are still a few steps Better Business Bureau (BBB) recommends consumers take that are concerned their credit or debit cards may have been compromised by the breach.

“Each time we hear about a data breach we become a little less alarmed than before because they have become so common. The reality is that criminals can put together data they have stolen from multiple different breaches, from phishing attacks and even from what is publicly available about individuals online. Considered together it is increasingly vital that consumers take the proper steps to protect themselves. This means not only checking your credit cards and accounts for suspicious activity, and reporting it right away, but monitoring  your credit reports because criminals might open entirely new accounts in your name, give your information when they are arrested, and much more,” says Michael Sedio, VP and COO of Better Business Bureau Pacific Southwest.

1. Stay calm. Consumers are not liable for fraudulent charges on stolen account numbers.
    
2. Check the website of the company that was breached for the latest information. Type the company name directly into the browser but do NOT click on a link from an email or social media message.
    
3. If a credit card has been compromised, consumers will likely hear from their bank or card-issuer first. If there are questions, consumers can call the customer service number listed on the back of the card.
    
4. Consider requesting a credit freeze with the three major credit reporting agencies (bbb.org/creditfreeze). Credit freezes prevent anyone from accessing credit reports or scores. However, this will eliminate the consumer’s ability to apply for new credit card, without lifting the freeze.
    
5. AnnualCreditReport.com is the only website authorized by the Federal Trade Commission to provide individuals with a free annual credit report. Be wary of ads, emails and social media messages for other services. Everyone should check their credit reports annually, whether or not they have been the victim of a data breach.
    
6. If one’s credit card has been breached, one should monitor their credit card statements carefully (go online; do not wait for a paper statement). If there is a fraudulent charge, report it immediately so the charge can be reversed and a new card can be issued. Keep receipts in case there is a need to prove which charges are legitimate.
    
7. If one’s debit card has been breached, consumers should do all of the above and pay careful attention to their account. Debit cards do not have the same protection as credit cards and debit transactions withdraw funds directly from their bank account.
    
8. Beware of scammers who claim to be from a retailer, bank or credit card issuer, telling consumers their card was compromised and suggesting actions to “fix” the problem. Phishing emails may attempt to fool individuals into providing their credit card information, with harmful links or attachments which can download malware onto your computer.

To monitor credit scores and reports, consumers may wish to visit the consumeradvocate.org website for a list of top agencies that provide this service.