Data Breach: What It Is and Why You Should Care

What is a Data Breach?

A data breach happens when unauthorized parties gain access to confidential personal information stored by an organization. What is considered personal information depends on state law but typically includes an individual’s first name (or initial) and last name plus one or more of the following: 

• Social Security number 
• Driver’s license number or state-issued ID card number 
• Account number, credit or debit card number, combined with any security code, access code, PIN, or password needed to access an account 

Typically, digital accounts and information come to mind–but a data breach can happen to physical records as well. And, while we generally consider data breaches to be tied to criminal endeavors, a data breach can be accidental and without malicious intent. Accidents happen!

Why Should You Care?

The consequences of a data breach can be severe. Once your personal data is exposed, criminals may use it to:

• Open fraudulent accounts in your name
• Steal your money or make unauthorized purchases
• Commit tax or medical identity theft
• Access your online accounts, including email and social media
• Sell your information on the dark web

Even if you’re not directly targeted, a breach involving your data can cause long-lasting damage and stress.

What Happens Next?

“It’s just part of life now,” we might say. Or “It’s a risk of being online in 2025.” However, we can do more than cross our fingers and hope we aren’t impacted by the next data breach. While it can be easy to feel helpless, it’s important to stay aware and help protect yourself.

Immediately after receiving a data breach notification in your inbox or hearing about a retailer breach that might affect you, it’s important that you act quickly to help secure your information and mitigate any potential damage.

What to Do if You’re Affected

If you learn your personal information has been breached, to help protect yourself in the case of future data breaches, the following actions can help you save time and money for the inevitable next time: 

1. Don’t reuse passwords.
   Even if the data breach notification you receive is for an account you don’t use anymore, so it doesn’t have your current credit card information, you might have used a password that you’re still using on other sites. Hackers know there’s a good chance you’re using the same password on multiple platforms. If they access your old gaming password from college, they might also be able to use it to log in to your current financial accounts. 

2. Turn on multi-factor authentication (MFA) whenever it is available.
   Accounts that offer MFA provide extra security by requiring additional forms of identification beyond a password to log in to an account, such as a passcode or secret key obtained via text or email. This will help keep your account secure even if your password is compromised. 

3. Keep a close eye on your credit report.
   It can often take months for a company to find out that their customers’ data has been stolen and then communicate the information to their users. By then, your personal information could have already been sold on the dark web and used to open lines of credit before you have even been notified of the risk. Federal law entitles you to a free copy of your own credit report at least once every 12 months from each of the three main consumer credit reporting agencies: Equifax, TransUnion, and Experian. Reports can be requested at annualcreditreport.com or by calling 1-877-322-8228.

4. Consider placing a fraud alert.
   If you’ve been impacted by a data breach, you may also consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. Additional information is available at http://www.annualcreditreport.com. 

Next time you receive a notification about a possible data breach, follow the steps above, both to put a stop to harm that may have already begun and to make it much more difficult for them to impact you in the future. 

If you or a family member worry that you have become a victim of identity theft after a data breach or another fraud event, do not hesitate to reach out to one of our Identity Theft Recovery Advocates that are available to you as an MSCU member. They can help you assess what information has been compromised and quickly begin the process of recovering any losses that have occurred.