Search
What to Do If You’re Part of a Data Breach
When you hear about a data breach, it can feel unsettling. After all, it means someone gained unauthorized access to personal data stored by a company or organization. Before you panic, it’s important to understand what a data breach really is—and what it isn’t.
What Is a Data Breach (and How It Differs from Identity Theft)
“A data breach happens when a company’s systems or network are compromised and information is released,” explains Patty Chang, Senior Vice President of Risk and Operations at Greater Nevada Credit Union. “That’s different from what most members experience when they fall for phishing or scam texts. In those cases, members usually provide their information directly to a fraudster—that’s an account takeover, not a data breach.”
A data breach occurs when hackers steal information such as personal identifying information, credit card or bank account numbers, or even your Social Security number from a company’s database.
Identity theft, on the other hand, happens when identity thieves use your personal data to open new accounts, make purchases, or access your finances.
Both are serious, but the proper identity theft prevention steps can help you respond quickly and protect your financial well-being.
If Your Card Information Was Compromised
If a retailer, medical office, or other company notifies you that your card number was part of a breach:
- Monitor your account daily.
“Check your account statements regularly for any unauthorized activity,” says Chang. “Don’t wait for your monthly statement—just log in and look often.”
- Replace your card. Even if no fraud appears, request a new one as a precaution.
- Update recurring payments. Remember to move any autopay charges (like streaming or subscriptions) to your new card to prevent missed payments.
- Set up transaction alerts. Use your GNCU mobile app to receive alerts for large purchases or foreign transactions.
“I have alerts for any foreign or high-dollar transactions,” says Chang. “It’s an easy way to spot unusual activity right away.”
If Your Bank Account Number Was Compromised
If your account number or other bank account numbers were exposed:
- Contact your financial institution immediately. GNCU can assist with closing and reopening your account if needed.
- Review linked payments and transfers.
“If the account itself is compromised, you’ll need to update any automatic withdrawals or deposits,” says Chang. “Otherwise, payments will still try to post to that account—and that’s when things get messy.”
- Use withdrawal alerts. Enable notifications for transactions or transfers to catch any unauthorized activity early.
If Your Social Security Number Was Compromised
When your Social Security number or other personal identifying information is exposed, act fast:
- Create or log in to your Social Security account at SSA.gov/myaccount.
“If you don’t already have a login, set one up,” Chang says. “It lets you see if anyone has drawn on your benefits, which won’t show on your credit report.”
- Request a copy of your credit report. Get your free credit report from all three credit bureaus—Experian, Equifax, and TransUnion—at AnnualCreditReport.com.
- Consider a fraud alert or credit freeze.
- A fraud alert tells lenders to contact you before opening new accounts.
- A credit freeze blocks new credit until you unfreeze it.
“A freeze is a strong step,” explains Chang. “Do it if someone has used your Social Security number to apply for credit. If it’s just a debit or credit card issue, you don’t need a freeze—just close the card.”
- Use free credit monitoring tools. GNCU members can use My Credit Health to track credit changes, monitor for new accounts, and get alerts—helping you protect your personal information and spot issues early.
If Your Email Address or Passwords Were Compromised
If login credentials or an email address appear in a breach:
- Change your passwords immediately. Use strong passwords with letters, numbers, and symbols.
- Enable two-factor authentication (2FA) or multifactor authentication (MFA). Adds an extra layer of protection in case passwords are stolen.
- Never reuse passwords.
“When in doubt, change your passwords—and make them hard,” Chang advises. “It’s one of the simplest but most effective ways to protect yourself from identity theft.”
What Companies Are Required to Do
If you receive a notice of a data breach, the Federal Trade Commission (FTC) requires companies to:
- Notify you if your personal data was compromised
- Offer free credit monitoring (often for one year)
- Provide clear instructions for recovery
You can learn more about your rights and next steps at the FTC’s Data Breach Response Guide.
“If a merchant notifies you of a breach, it means they’re aware and must take action,” says Chang. “Don’t panic—there are protections and resources to help.”
Final Tips to Protect Yourself
- Check your accounts regularly—every payday or every two weeks is a good routine.
- Review your credit card and bank statements for accuracy.
- Don’t share your card number or account information over email or text.
- Use alerts to spot suspicious transactions quickly.
- Visit GNCU.org/Fraud for more ways to protect your personal information.
“The best defense is awareness,” Chang concludes. “Use your alerts, check your accounts, and stay informed—that’s how you stay ahead of identity thieves.”
