Skip to main content
Data Breaches

What to do after 5 types of data breaches

Written by Alison Grace Johansen for NortonLifeLock

You’ve just heard the news there’s another data breach — and this time your personal information may have been exposed. You might start to panic, trying to find out if you’re one of the victims. Has your information been leaked? What can you do to protect yourself?

If your personal information has been compromised in a data breach, you could be at an increased risk of identity theft. That’s why it’s important to learn what to do after a data breach.

The steps you should take after a data breach often depend on the category of the breached organization and the type of information revealed. For instance, a healthcare data breach may reveal more sensitive health information and compromise your medical care, while a financial data breach may have more to do with your credit, bank accounts, and other financial-related data.

It’s important to be aware of these five types of data breaches, and how you can help protect yourself against the different types of threats that could follow.

Steps to take after a healthcare data breach

A healthcare data breach occurs when information you’ve provided to your healthcare organization, doctors, or insurance companies has been exposed or accessed by an unauthorized person.

How does this happen? Cybercriminals may infiltrate the computer network in your doctor’s office, hospital, medical lab, healthcare insurer, or any of your medical providers. In some cases, your information could be stolen by medical staff — or unintentionally exposed through poor data security.

If your healthcare information has been leaked or stolen, criminals could use that data to commit various forms of fraud in a medical emergency or for other medical care. This could not only affect your healthcare coverage, but also compromise your safety if there’s misinformation on file when you need medical treatment.

Following a healthcare data breach, there are things you should do to help protect yourself.

1. Get confirmation of the breach and whether your information was exposed.

The first thing you should do is confirm the breach occurred. If you’ve received an email saying there’s been a breach, that isn’t enough — it could be from scammers posing as the potentially breached company in an effort to get your personal information.

Don’t respond to potentially fake emails. Go directly to the company’s secure website or call the company to confirm the breach.

You also will need to find out if your individual information was compromised.

2. Find out what type of data was stolen.

Make sure to find out what types of data were stolen.

Why does this matter? If the only data exposed was your credit card information, you can call your card issuer to cancel and replace your credit card. But if your Social Security number (SSN) was stolen along with other personally identifiable information (PII), that exposed data is more sensitive.

The risk? Such information could enable the thief to assume your identity to see a doctor, visit an emergency room, or use that data in other ways.

This is known as medical identity theft. If your healthcare data then becomes mixed up with your imposter’s, this crime could threaten your health when you seek treatment.

In the case of healthcare data breaches, identity thieves often want information that will help them impersonate you to receive medical treatment, prescription medications, or anything else covered by your insurance. This information could include:

  • Medicare or insurance policy numbers
  • Social Security number and other personally identifiable information, such as date of birth.
  • Medical treatment and prescription history
  • Billing information, including checking and credit card account numbers

3. Consider accepting the breached healthcare company’s offers to help.

Recovering from identity theft can be costly and time-consuming. If the breached company offers to help repair the damage and protect your personal information for a certain amount of time, consider accepting the offers.

4. Change and strengthen your online logins, passwords and security Q&As.

Immediately change your online login information, passwords, and security questions-and-answers for the breached accounts — along with any other accounts that have similar login information and passwords.

Implementing two-factor authentication can help if someone has your password who shouldn’t. That’s because two-factor authentication adds an additional layer of protection after you enter your login credentials. For instance, you might be sent a security code to your smartphone. You enter the security code online to access your account.

If you want more help with this, password managers can be an additional layer of protection.

Keep in mind if you start receiving notices of password changes to your current accounts or find yourself locked out of your accounts, it could be a sign that one or more cybercriminals have attempted to access your accounts. It’s a good idea to act quickly to investigate the problem.

5. Contact the right people and take additional action.

If sensitive personal information like your Social Security number was stolen, you could become a victim of identity theft or fraud.

Trying to stay ahead of identity thieves by keeping up with your medical records and healthcare providers is important. Here are a few things you can do:

  • Ask your doctor’s office for copies of your medical records to see if your identity has been used fraudulently. This might show if inaccurate health and medical information is present in your records, indicating that someone posed as you and saw your doctor. More broadly, be sure to check the benefit statements from your healthcare insurance provider. The statements would show evidence of heathcare fraud, indicating doctor visits and care that aren’t yours, as well as dates and other details.
  • Ask your health care providers for a list of anyone with whom they’ve shared your protected health information. Medical providers are required under federal law to provide this accounting record free of charge once every 12 months upon request.
  • Contact any medical facilities that have asked you for payment for services you didn’t receive and alert them that you may have been a victim of identity theft or mistaken identity. You could ask them what service was provided and prove you didn’t receive it.
  • Check in with your Healthcare Savings Account (HSA) and Flexible Spending Account (FSA) to make sure thieves aren’t trying to use your benefits.
  • Check your credit reports at the three major credit bureaus. (More on this below.) You’ll want to make sure thieves aren’t using your credit cards, racking up charges, and damaging your credit history. This could involve cancelling your current accounts and opening new ones with unique, strong passwords. You also can place a fraud alert or security freeze on your credit accounts to help prevent thieves from using your information later on.

After checking your medical and credit reports, you may find you’re the victim of identity theft. If so, it’s smart to file an Identity Theft Report with the Federal Trade Commission.

If your Medicare or Medicaid information has been stolen, you’ll need to call their hotline: 1-800-MEDICARE (1-800-633-4227).

Also, you should file a police report in your local jurisdiction.

6. Stay alert; monitor your accounts closely.

Staying alert and watching for signs of new account activity is important. For example, you may receive a variety of signals that someone is using your PII to receive healthcare services in your name. This could include:

  • Bills and collections calls for medical services you didn’t receive.
  • Unfamiliar collections notices on your credit reports.
  • Notices from Medicare or other health insurers that you’ve reached your plan limit.
  • Denial of coverage because of misinformation.

Consider collecting current copies of your medical records — and those of your family members — from all of your doctors, healthcare providers, and insurers. If any information on your records is incorrect, it’s important to fix it.

Also, don’t throw away any bills or notes from healthcare providers you don’t recognize. They could signal and prove that your healthcare benefits are still being used fraudulently.

In addition to monitoring any changes to your medical and insurance accounts, keeping tabs on your financial and credit accounts is important. Identity thieves may have enough sensitive information to use your existing accounts or create new ones in your name.

Steps to take after a financial data breach

A financial data breach occurs when a company exposes financial information like your credit card or bank card account information.

If a cybercriminal uses your PII such as your Social Security number for financial gain, you’re a victim of financial identity theft.

Using a combination of your name and other personal information, the fraudster may fill out applications for loans, credit cards, or bank accounts or withdraw money from your accounts. Possible crimes might encompass credit card fraud, bank fraud, computer fraud, wire fraud, mail fraud, and employment fraud.

Victims of a financial data breach can take steps to help protect themselves against financial fraud and identity theft, and help prevent fraudsters from successfully using exposed personal information.

1. Get confirmation of the breach and whether your information was exposed.

Your first step? Contacting the source of the leak is the first step. Confirm there was a breach at the company and find out if your information or online account was accessed.

Here’s an example. The Capital One data breach, announced on July 29, 2019, potentially compromised the information of 106 million consumers. Capital One has confirmed it has notified by mail all individuals whose Social Security numbers or linked bank accounts were accessed during the data breach.

No credit card account numbers or log-in credentials were compromised. The government has stated they believe the data has been recovered and that there is no evidence the data was used for fraud or shared.

Even so, when a financial data breach is announced, consider being proactive and contacting the breached organization directly to see if your data was included in the accessed information.

It’s important to act quickly to seek this information. One reason why? If you don’t, you might receive false information from scammers pretending to be the breached financial company and trying to get more of your information.

To help be informed, it’s a good idea to directly contact the breached company.

2. Find out what type of data was stolen.

Find out what information was exposed. It’s easy to replace a credit or debit card, if that’s the only data that was leaked. But if your Social Security number and other sensitive data like your bank account information and passwords have been stolen, all that data could make it easier for thieves to use your identity to commit fraud in your name.

The hacker in the Capital One data breach gained access to victims’ names, addresses, birth dates, email addresses and, in some cases, credit scores, credit limits, payment history, and balances. The information exposed included approximately 80 thousand linked bank account numbers and 140,000 Social Security numbers.

Any financial breach in which a large amount of sensitive information is exposed could increase the risk of identity theft for months or years to come.

3. Accept the breached company’s offers to help.

Whether it’s a bank, credit card company, or other financial services company, a breached company might offer ways to help protect you against identity theft. Consider taking it. If your personally identifiable information and Social Security number were exposed, monitoring your credit and finances will be important.

In some cases, victims will be offered free credit monitoring and identity theft protection services.

One example: the 2017 Equifax data breach, which may have compromised the personal data of 147 million people. Along with a $425 million settlement to help victims of the data breach, Equifax offered — to those who filed claims — free credit monitoring and identity theft protection services, cash payments for expenses (in some cases), and free credit reports.

4. Change and strengthen your online logins, passwords and security Q&As.

It’s important to change passwords and any other information the hackers may have for access to your accounts or to use in identity theft. Taking steps to prevent their use of this information can help limit future exposure.

5. Contact the right people and take additional action.

Contact your bank and credit card account companies immediately.

If someone has unauthorized access to your bank account, you’ll want to close that account and open a new one with a new account number. You’ll also want to work with the bank to resolve any fraudulent transactions.

If someone has stolen your credit card number, contact the issuer to alert them to any fraudulent charges. Ask them to close the account and issue you a new card.

Contacting at least one of the three major U.S. credit reporting agencies — Equifax, Experian, and TransUnion — is important in the event of a financial data breach.

Cyberthieves may have gathered enough sensitive information to use your current credit cards and open new ones. It’s a good idea to take immediate action to make sure fraudulent use of your credit and finances stops before it gets too widespread.

Here’s how to contact the credit bureaus.

  • Equifax
    Equifax Alerts
    Equifax Consumer Fraud Division
    P.O. Box 740256
    Atlanta, GA 30374
  • Experian
    Experian Fraud Center
    P.O. Box 9554
    Allen, TX 75013
  • Transunion
    TransUnion Fraud Alert
    TransUnion Fraud Victim Assistance Dept
    P.O. Box 2000
    Chester, PA 19016

6. Stay alert and monitor your accounts.

If you spot suspicious or unfamiliar transactions on a bank or credit card account, you could be the victim of financial identity theft.

Here’s an action you can take. Ask the credit bureaus to place a fraud alert on your credit file. A fraud alert lasts for 90 days. Or, if your SSN and other more sensitive data is included in the information stolen, you could place an extended, seven-year fraud alert.

You also can put a freeze on your credit reports and watch for any activity that isn’t yours. A credit freeze works by blocking new lines of credit from being opened by blocking anyone (including you) from obtaining new credit using your information until you lift the freeze.

After checking your credit reports, if you do find you’re the victim of identity theft, you should file an Identity Theft Report with the Federal Trade Commission.

Also, it’s a good idea to file a police report in your local jurisdiction.

Steps to take after a government data breach

A government data breach occurs when confidential information is stolen or unintentionally exposed or leaked from federal, state, or local government agencies. This includes the military.

Government data breaches can be especially harmful if the information compromised includes more sensitive information like your Social Security number and birthdate.

Fraudsters may use your personal information in interactions with the government. One example is tax-related identity theft or tax refund fraud, also known as stolen identity refund fraud.

This type of fraud occurs when a thief uses your SSN and other personal information to file an income tax return in an attempt to claim your tax refund. This amounts to stealing money from the U.S. Treasury and could delay any tax refund due to you.

If you’re the victim of a government data breach, there are steps you can take to help protect yourself.

1. Confirm there was a breach and whether your information was exposed.

Contacting the breached agency is the first step. Confirm that there was a breach, and whether your information is involved.

2. Find out what type of data was stolen.

Check what type of information was exposed. Government agency breaches might expose information that includes personally identifiable information such as SSNs, taxpayers’ payment information, and voters’ information.

One example of a government breach: The 2015 breach at the Office of Personnel Management (OPM). The breach exposed highly sensitive information. The data of more than 20 million current and former federal employees was compromised.

3. Accept the breached entity’s offers to help.

If the government agency offers help, consider taking it. If your PII and SSN were exposed, monitoring your credit, finances and identity will be important.

4. Change and strengthen your online logins, passwords and security Q&As.

It’s important to change passwords and any other information the cybercriminals may be able to use to gain access to your accounts or use your identity. Implementing two-factor authentication can help block access to your accounts, even if they have your login credentials.

5. Contact the right people and take additional action.

If sensitive data like your Social Security number and other personally identifiable information were exposed, you may need to contact several government agencies. These may include the Internal Revenue Service (IRS), the Social Security Administration (SSA), the Federal Trade Commission (FTC), and, in some cases, the Department of Justice.

6. Stay alert. Monitor your accounts closely.

Once thieves have your sensitive data, they may be able to access existing accounts and create new ones. Monitor all of your accounts closely and look for suspicious activity.

Steps to take after an educational data breach

Breaches at educational institutions have been increasing. Universities are often targeted because they collect a lot of sensitive data on students and their parents, faculty, and staff to fulfill the many obligations of applications, financial aid, attendance, and employment.

A recent example was Georgia Tech’s 2019 data breach — the university’s second in less than a year — that may have potentially affected 1.3 million current and former students, faculty, and staff members.

Students who are starting out on their own may be especially vulnerable. They may be managing their finances and other accounts for the first time.

Cybercriminals may target students to steal their identities, because students likely possess cleaner credit and finance histories.

Also, students may be vulnerable to hackers and malware if an institution doesn’t have robust, up-to-date security systems in place.

Given these considerations, there are several steps university staff, faculty, students, and their families should consider in the event of an educational data breach.

1. Get confirmation of the breach and whether your information was exposed.

The first thing faculty, staff, and students should do is contact the school to confirm there has been a breach and to see if their information was exposed.

2. Find out what type of data was stolen.

Victims should ask what kind of data was exposed to determine the level of data sensitivity and the extent of data stolen. Why is this important? If a student’s Social Security number and other personally identifiable information has been exposed along with financial information, the student will have to report not only to their college, but also to entities like their banks and credit bureaus.

Because educational institutions collect a lot of personal information, identity thieves may access a lot of data to commit cybercrimes. Universities may collect names, birth dates, addresses, driver’s license numbers, Social Security numbers, bank accounts, credit card accounts, and university ID numbers.

3. Accept the breached institution’s offers to help.

If a school offers to help with credit monitoring and other clean-up costs, consider taking them up on it. Taking measures to repair the damage caused by identity thieves — and help with future protection — can be costly and time-consuming.

In some cases, a third party like an educational software developer may offer services like free credit monitoring services in the event of a data breach connected to one of their products. This happened with software developer Pearson, whose AIMSweb platform suffered a data breach that affected about 13,000 university AIMSweb accounts.

Students who were victims of this data breach had their names disclosed, and some of those victims also had their email addresses and birth dates leaked. While these disclosures may not seem as sensitive or widespread as others, this information can still be valuable. Here are a few examples of what thieves can do.

  • Gain access to those students’ email accounts and other accounts.
  • Gain access to students’ devices through those accounts.
  • Use this knowledge maliciously to target students with spam, phishing emails, and malware.

4. Change and strengthen your online logins, passwords, and security Q&As.

Change your passwords immediately. This can help prevent thieves accessing your current accounts.

Next step? Check to see if new accounts have been opened. Given the many accounts students and staff may have at educational institutions, this could take time and effort — but it’s important. When hackers obtain certain pieces of information and gain access to one account, this access may enable them to infiltrate or open other accounts.

Keep in mind, even if the data compromised in one breach isn’t your Social Security number or other more sensitive information, cybercriminals could combine this information with sensitive data they access from other breaches.

That’s one reason why it’s a good idea to change your passwords and login credentials and monitor your accounts frequently.

5. Contact the right people and take additional action.

In addition to contacting the university directly to find out what happened and what steps they’re taking to help, victims will have to reach out to several other entities. Why? If personally identifiable information like their Social Security numbers have been stolen, along with other personal data, identity thieves can use this to create several other frauds.

Here’s a list of organizations you should consider contacting.

  • Credit bureaus and financial companies.
  • The IRS, in case identity thieves try to collect tax reimbursements in your name.
  • State and local law enforcement agencies, if cybercriminals committed crimes in your name.

6. Stay alert. Monitor your accounts closely.

Cybercriminals sometimes store your information to use months, or even years, after a breach. This might give you a false sense of security that you won’t become a victim of identity theft.
Cybercriminals may pool your information to gain access to even more of your accounts. They also can sell your data on the dark web for others to use now or later.

Because your sensitive information is out there, it’s smart to monitor your accounts closely and keep tabs on any new accounts or financial transactions that have been made in your name. This is another reason to consider accepting free help such as credit monitoring when it’s offered. But keep in mind, many offers will only monitor your accounts for a limited time.

Steps to take after an entertainment data breach

An entertainment data breach occurs when your personal information has been compromised at companies like video game developers or concert and sporting event ticketing services. How does it happen? A leak from inside the company — either intentionally or mistakenly, poor data security, a faulty program, malware, or other scams by hackers.

Do you or your kids play the popular video game Fortnite? If so, you might be familiar with the November 2018 data breach where hackers gained access to gamers’ accounts, listening to their conversations, and using their stored credit or debit card data to make in-game purchases.

Video games like Fortnite, which boasted 80 million players in 2018, have become huge targets for hackers due to the size of their data pool and the age of its gamers — mostly kids.

The Fortnite video game has been a target for malware and fake apps. In the 2018 incident, hackers were able to redirect access tokens — and use phishing links. This scam, known as token hijacking, is popular because hackers don’t need your password. They may realize players are being more cautious about entering passwords and downloading suspicious links, so getting your tokens has become their new go-to method of infiltration.

1. Confirm the breach and whether your information was compromised.

Take action quickly. Be proactive and contact the breached company. Confirming whether your data is part of the information exposed can determine your next step.

2. Find out what type of data was stolen.

It’s important to find out the sensitivity of the data stolen. That information will guide your next steps. Here’s an example.

Have you ever bought tickets through Ticketfly? The Eventbrite-owned ticketing service was hacked in 2018, exposing approximately 27 million accounts of clients and employees. In this case, names, phone numbers, home addresses, and email addresses were exposed, but financial data like credit and debit card numbers were not compromised.

Knowing what data was exposed could mean the difference between monitoring your accounts for unauthorized activity or taking additional actions like placing a credit freeze on your accounts.

3. Accept the breached company’s offer(s) to help.

Find out how the breached company is offering to help. For instance, it may offer credit monitoring or identity theft protection services. Consider whether the services are right for you.

You’ll have to decide whether the services are adequate or whether you should take additional steps to help protect yourself against identity theft.

Consider this additional example, a 2018 data breach involving Japanese video game developer Nippon Ichi Software.

In this case, consumers’ billing, shipping, and payment information — along with their emails — were stolen when they checked out at two of the developer’s online stores. Although some victims of the breach suffered thousands of dollars in unauthorized, fraudulent credit card charges, the gaming company offered victims only a $5 voucher on their next purchase.

Which raises the question: What if the breached company doesn’t offer much to help protect your information after a data breach? You should monitor your credit, consider identity theft protection, and other appropriate steps.

4. Change and strengthen your login credentials, passwords, and security Q&As.

Changing your passwords and ensuring they are strong can help protect your accounts. That includes strengthening your login credentials, passwords, and security questions-and-answers. In the case of the Fortnite breach, for instance, implementing two-factor authentication could have helped protect victims’ accounts.

5. Contact the right people and take additional action.

It’s a good idea to reach out to the breached company quickly. If the company isn’t willing to help or has not yet helped with your recovery, contacting other organizations is your next step.

To start, you can obtain free credit reports from to watch for any suspicious or unfamiliar credit activity over the following months and years. Also, consider placing a fraud alert or credit freeze on your accounts with the three major credit bureaus, depending on the sensitivity of the data stolen.

If other methods of recovery and protection aren’t enough, you may decide to join a class action lawsuit. In the case of the Fortnite data breach, the video game owner, Epic Games, is the subject of a class action brought by victims who have an Epic Games or Fortnite account, with unauthorized charges on their credit or debit cards linked to that account.

6. Stay alert; monitor your accounts closely.

It’s a good idea to be proactive after a data breach. Monitor your accounts for suspicious activity. Keep in mind, cybercriminals sometime combine information from different sources to commit identity theft.

For instance, if cybercriminals access your Social Security number and a few other pieces of personal information, they may be able to commit a variety of crimes. This may include filing a tax return to collect your tax refund, collecting benefits and income, making purchases, setting up phone numbers and websites, establishing residences, using health insurance, and committing other crimes — all in your name.

Data breaches can lead to identity theft and other types of fraud. And it can take time and effort to untangle the mess.

That’s why it’s smart to know what to do after a data breach. If you you’re a victim of a data breach, taking these steps can help protect yourself against identity theft now and possibly in the months and years to come.

Was yours one of the billions of records stolen through breaches in recent years?

LifeLock identity theft protection sees more threats to your identity, like your personal info on the dark web. And if you become a victim of identity theft, dedicated Identity Restoration Agents will work to fix it.

Start your protection now. It only takes minutes to enroll.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Start your protection,
enroll in minutes.