Skip to main content

What a data breach means and what to do if it happens to you

Data breach

Most of us have received one of those dreaded emails. The subject line may sound bland, almost harmless: “Notice of data security incident,” or “We're committed to your security.” But as you read it, you realize something serious has happened—someone has stolen your personal information. What should you do?

Last year, more than 290 million people had their personal information exposed, according to a recent report by the Identity Theft Resource Center, a California-based nonprofit. Yet only 48% of those who knew their information had been hacked chose to change their passwords. Sixteen percent did nothing at all.

At Asurion, we help people learn more about their tech every day, including how to protect your personal information both online and off. Here's our guide to everything you need to know to prevent a data breach.

What is a data breach?

A data breach occurs when someone exposes your confidential, protected, or sensitive information without your knowledge or permission. Anyone can be a victim—a company, an individual, a government. The stolen data may include:

  • Social Security numbers.
  • Personal health information.
  • Driver's licenses.
  • Bank account or credit card numbers.
  • Passwords or emails.
  • Trade secrets.

Why do data breaches keep happening?

There have been hundreds of data breaches over the past decades, exposing millions of people's information, and they've affected prominent companies such as Equifax®, Capital One®, and Illuminate Education®, the creator of a leading student data tracking software. The reasons they keep happening include:

  1. Weakness in technology. As new tech comes to market, the gap between innovation and security seems to get larger each year, leaving opportunities for hackers to pounce.
  2. Human error. Even when tech is secure, there's still human error. Some people will always have poor digital security habits—and even make seemingly simple mistakes with catastrophic consequences—all of which put others at risk.

How do data breaches happen?

A data breach can be accidental (an employee unknowingly releases your personal information online) or intentional (a cybercriminal steals private data from a company). Here are some other ways you can lose control of your personal information:

  • Payment card fraud. Criminals place skimming devices on a credit card reader, like you might find at a gas pump terminal or an ATM, to steal personal and financial information.
  • Insider leak. A trusted individual or company insider steals data, sells it, or uses it to start a new company.
  • Lost or stolen devices. Laptops, files, office computers, and other physical properties get lost or stolen.
  • Point-of-sale (POS) intrusions. Commonly used at restaurants and small businesses, POS terminals and payment systems are vulnerable to malware attacks with the goal of stealing payment card information.
  • Web app attacks. Hackers steal names, addresses, and other personal information when you sign up for a web application.
  • Unintended disclosure. Sensitive data is exposed due to mistakes or negligence.

What your information can be used for in a data breach

Once cybercriminals have your personal information, they can wreak havoc in your life by:

  • Stealing your identity.
  • Opening and using new credit cards under your name.
  • Taking money out of your banking and investment accounts.
  • Applying for government benefits.
  • Accessing medical care with your health insurance.
  • Filing a tax return under your name, then taking the refund for themselves.

What to do if your data has been breached

If you discover that you've been involved in a breach, follow these steps, stat.

Read the email or letter warning you about the data breach

You know that email notification you received? Take the time to read it—all of it. U.S. companies are required to tell customers if their information has been breached, and their email will outline the details of the breach, including when it occurred and what personal data was included.

Pay close attention to what kinds of info was stolen—email addresses, usernames, passwords, bank account or credit card information, Social Security numbers.

Contact your financial institution

If your credit card or bank information has been exposed, contact the company immediately to let them know about the breach. They can monitor your statements for unusual charges or fraud and issue you a new card number if needed. (In the future, consider using Apple Pay® or Google Pay™, which are safer than a physical card. Here's why.)

Change your password

The best passwords are at least 12 characters, involving a random combination of upper- and lower-case letters, numbers, and symbols. Don't use personal information (like your birthday or street address). And don't reuse the same password. If a hacker cracks your email, all they have to do is test that same password on your bank or credit card account to gain access to your information—and money.

For more tips, here's our guide to creating strong passwords as well as our recommendations for the best password managers.

Use two-factor authentication

This is a security method that requires you to take an extra step—typically entering a code—to confirm your identity when you log in to any password-protected account. So even if someone has your email password, they can't sign in to your account.

To learn more, read our guide to what two-factor authentication is and how to set it up.

Request a free credit report

Due to the COVID-19 pandemic, the three credit agencies—Equifax, Experian®, and TransUnion®—are currently offering free weekly online credit reports.

How to protect yourself from data breaches

There's no foolproof way to avoid a data breach. But if you follow these simple tips, you've got a much better chance of keeping your private information away from those who are trying to steal it for personal gain:

  • Create strong passwords for all of your logins, use a password manager to help you keep track of them, and never reuse passwords.
  • Delete old accounts you no longer need.
  • Don't open suspicious emails—delete them instead.
  • Use secure websites (start with our guide to keeping your credit card information safe online).
  • Give out your Social Security number only when absolutely necessary.
  • Pay attention to your bank statements. If you see odd charges, even small ones, it could be a sign your data has been compromised.
  • Install updates on your devices, apps, and operating systems as soon as they're available.

*The Asurion® trademarks and logos are the property of Asurion, LLC. All rights reserved. All other trademarks are the property of their respective owners. Asurion is not affiliated with, sponsored by, or endorsed by any of the respective owners of the other trademarks appearing herein.*


When tech breaks, we fix it

No matter the issue, our experts can repair your broken device fast. Make an appointment or visit your local store today.

Schedule a repair