Steps To Take After A Data Breach

Dec 15, 2021 | Class Action, Data Privacy

Sooner or later, it happens to just about everyone: You receive a letter or email from a retailer, bank, credit card company, health care provider, the government, or some other entity notifying you that your personal information may have been compromised. Hackers have exploited a security flaw to obtain your financial records, Social Security number, medical files, or other sensitive data. Now what?

Data breaches are an increasingly common threat in our technology-infused society. According to statistics compiled by the cybersecurity company Varonis, the number of data breaches has skyrocketed in the past decade and now approaches 4000 incidents a year, encompassing hundreds of millions of personal data records. The pandemic response has only increased opportunities for hackers, from breaching vulnerable remote-work platforms to a spike in identity thefts associated with filing fraudulent unemployment claims. Such breaches can be incredibly costly to businesses and also wreak havoc on the credit scores and peace of mind of individual victims.

If you do get the dreaded notice of a possible data breach, it’s important to take the situation seriously — but there’s no reason to panic, either. Here are some steps that experts recommend to help neutralize the threat and get your life back on track.

  1. Confirm the breach and what was stolen. Online scammers sometimes claim a data breach has occurred in the hope of extracting passwords, bank account numbers, or other key info. Don’t respond directly to a suspicious email about a data breach. Instead, go to the company’s website or phone them to confirm that a breach has occurred and try to determine exactly what was stolen. This is crucial to figuring out what steps to take next; if the breach only involved credit card account numbers, those accounts are easy to cancel or change. But a breach involving your Social Security number, driver’s license, or other personally identifiable information (PPI) will require more extensive action on your part.
  2. Change and strengthen your login data. After confirming that there really was a breach, you should immediately change and beef up your passwords, security questions, and other login information for any breached accounts (or other accounts using similar passwords). There are several resources that can make it more difficult for intruders to access your information, such as two-factor authentication. If you’ve been putting off enhancing your data privacy, now’s the time to get busy.
  3. Notify credit reporting agencies and others. Federal law allows you to request one free credit report a year, and access to the reports has become even easier during the pandemic. Check for any suspicious activity on your report, but don’t stop there. You should notify at least one of the big three reporting agencies (Equifax, Experian, TransUnion) if you believe you have experienced a breach of financial data. You may want to put a credit freeze on your report, which prevents any new accounts, loans, or services being opened in you name, or a fraud alert, which can last from 90 days to up to seven years. You should also consider filing a local police report, to document the situation before the fraudsters get busy. Other responses will depend on what sort of information was stolen; contact Medicare if that data was breached, or the DMV about your driver’s license, and so on.
  4. What can the breached company do for you? Often companies that have experienced a data breach will offer their customers some form of assistance in dealing with the fallout from the breach, such as a free credit monitoring service for a year. While you should definitely consider offers to help, you should also be careful that you’re not waiving any claims or signing away your rights by accepting such offers. You may want to consult a lawyer before agreeing to accept the company’s assistance, especially if you have reason to believe the company has not been transparent about the scope of the breach or timely in notifying its customers of the incident.
  5. Remain vigilant. When your personal info is at stake, it’s not enough to simply cancel or change a few accounts. Personal data is traded on the dark web and may not surface in a fraud plot, such as a phony income tax return or unemployment claim, until months or years after the breach occurred. It’s important to continue to monitor your credit card statements, healthcare savings accounts, credit reports, or other pertinent records for unusual charges or activity, so you can respond quickly if a threat emerges.
  6. Keep track of your time and damages. If the data breach turns out to be a major one, requiring you to devote considerable time and expense to monitoring your accounts, repairing your credit, replacing your identification, and so on, you may want to consider consulting a class-action lawyer experienced in data breach claims. While the hackers typically remain elusive, in some cases the victims of a breach have successfully banded together to battle companies that have been negligent in protecting their personal data, holding them accountable for losses the customers have suffered as a result of inadequate cybersecurity measures.


Franklin D. Azar & Associates is one of the largest plaintiff law firms in Colorado, known for championing the rights of individuals who have suffered damages at the hands of large corporations. Over the past 30 years, our attorneys have secured more than $1.5 billion in compensation for our clients. Our class action department is staffed with experienced and knowledgeable attorneys who focus on litigating large, complex cases.

If you have suffered damages as a result of unfair business practices, data breaches, or corporate misconduct, the class action attorneys at FDAzar may be able to help. Speak with a member of our class-action team today at 1-800-716-9032 or contact us here. The consultation is free.