What to do if you are part of a data security breach

Pam and I had our personal data stolen from the Harvard Pilgrim Health Care data breach that happened in March of this year. It took Harvard Pilgrim 3 months to actually send us a letter admitting to the breach and then offering us 2 years of complimentary credit card monitoring and identity protection. We think this was way too long and gave the hackers more time to utilize the data.  Of course, we reacted right away with the steps outlined below but many people wouldn’t be so cautious.

Back in the day, news of a breach or hack was shocking and scary. Now, it happens so often that you might not think twice when you get that notification. That’s a big mistake.

How often does this stuff happen?
Way more often than you might think. In 2022, 1,802 data breaches were reported, affecting over 422 million individuals — just under the record high in 2021.

Cybercriminals get their hands on your data through hacks, leaks, human error, phishing attacks, ransomware and other means. The data can include Social Security numbers, bank account and credit card details, health records, passwords and so much more, just as ours did.

Companies and institutions are legally required to disclose data breaches, so if you’ve been involved, you’ll get some kind of communication informing you what was accessed (if that info is available at the time – this might not be very timely though).

So, what should you do?

Just because there has been no indication of any misuse of personal information and protected health information as a result of the incident, you should still be vigilant!  Hackers often wait to use the stolen data later, when you’ve let your guard down.  It’s worth taking steps to safeguard your data after you’ve been exposed. It can, and very well might, get worse if you don’t.

1: Call your bank and credit card providers. Freeze and replace all your cards.

2: Place a fraud alert on your credit file. You only need to contact one of the three major credit bureaus: Equifax, Experian or TransUnion.

3: Monitor your bank and credit card statements for any suspicious activity. It could take time for anything strange to show up, so stay vigilant.

4: Change your account passwords. It’s a pain, but this is your first line of defense. Remember, once a password is exposed, it’s off-limits for any other accounts.

5: Consider an identity theft monitoring or protection service. In the case of a major breach, the exposed company will often offer this for free. Take advantage. These services do a lot of the hard work for you.

A little prevention goes a long way
Being smart about how you react is one thing, but it pays to be proactive, too.

Use strong, unique passwords: Your passwords should be a mix of uppercase and lowercase letters, numbers and special characters. This is critical, use different passwords for all of your accounts. A Password manager is a big help here – you only have to remember ONE master password and you’ll be able to create very secure passwords for all of your accounts.

Request a credit report: You can do this once a year for free at AnnualCreditReport.com. Look for any suspicious loans, lines of credit or anything else suspect.

Use multi-factor authentication everywhere: Adding another step to the login process is annoying, but it’s worth it. Make this mandatory for any financial or medical accounts. Better yet, do this for every single account that allows it.

Stay up to date: Regular updates are your best protection against flaws and security vulnerabilities. Judging by the number of patches in the tech world this year alone, security pros and hackers are working equally hard. Don’t wait if you see a new update for your phone, tablet, computer, smart speaker or any other electronic devices.

Resources:
https://www.harvardpilgrim.org/public/notice-of-data-security-incident