One of the most horrifying things for you as a consumer is when you learn that a significant data breach has affected your personal information. You might first hear of it on the news and then get a formal notification from the company or entity that a data breach has compromised your sensitive information, possibly including your name, financial account numbers, Social Security numbers, medical data, and more.
You can feel violated when a company fails to secure and protect your data. Even worse, you might sustain serious financial losses if someone steals your identity or uses your information for wrongful financial gain.
No amount of apologies or regret on the part of a company can make this right, and the only way for you to get justice and accountability is to file a lawsuit against the organization for financial compensation. Always seek help from a skilled data breach attorney ready to assess your best options for financial recovery and justice.
In the meantime, you must also take prompt precautions to protect yourself from further harm – because nobody else will do that for you.
Learn the Scope of the Data Breach
You must understand the entire extent of your compromised personal information. Only then can you protect yourself from further harm, and you must err on the side of caution.
The business should let you know exactly what information the hackers stole during the data breach. Assume they stole even more of your personal data. Whatever information you gave this particular company, cybercriminals may have stolen it.
Change Passwords Immediately
One of the most crucial things the hackers may have stolen is your passwords for accounts. Even if you have not seen any suspicious transactions yet, they may happen in the future.
You cannot sit and do nothing when you learn about a data breach. Take immediate action to change your passwords. You should not just adjust passwords from compromised accounts. Instead, change the password for every account as an added safeguard against cybercriminals.
While you may want to use an easy to remember password, try to make it as complex as possible. Hackers can guess your password tendencies, so get more sophisticated.
Initiate a Fraud Alert
Credit reporting bureaus need to know about the situation. One of the foremost weapons of cybercriminals (or those who buy your data) is opening accounts in your name. Before they can open a fraudulent account, the new potential creditor will run a credit check to see if the application is worthy of a loan or a new credit card. This inquiry activity should appear on your credit report and will indicate a problem.
Placing a fraud alert on your account can keep cybercriminals from using your identity to open new accounts, so you must set this alert as soon as you know of stolen information. The sooner you do it, the less likely a credit agency will hold you responsible if someone tries to open an account in your name.
If the creditor allows someone to open an account with an outstanding fraud alert, they may need to pay for fraudulent accounts.
Freeze Your Accounts
While a fraud alert can tip creditors off to illegal activity, a credit freeze gives you fuller protection. A credit freeze bars someone from opening an account in your name. Although it is certainly inconvenient for you in the short term, you will not have to worry about paying for large debts or credit accounts in your name.
Unfortunately, the credit freeze applies to all potential new accounts, even those you want to open. You may not get new credit cards or buy a car until you lift the credit freeze. You must maintain the credit freeze long enough to protect yourself from the immediate dangers after hackers have stolen your data. When you lift the credit freeze, do so in conjunction with purchasing credit monitoring services.
Protecting your credit can cause great inconvenience and losses. You might forgo buying an available house that quickly goes off the market because you cannot apply for a mortgage under the freeze. Explain any losses or problems you encountered in your life due to the data breach to your attorney. They can seek financial recovery for all your troubles and harm.
Keep Tracking Your Accounts
You are your first line of defense whenever a data breach has compromised your information. Many credit card companies and banks offer comprehensive fraud detection alerts. However, you can only rely on your bank or financial institution so much.
You need to keep checking your accounts. Try to check in on your major accounts several times a week to ensure that you executed or authorized all transactions. If you notice an unauthorized transaction, immediately notify your financial institution to dispute its validity. If too much time passes since any unauthorized transaction, the bank or credit card company may try to hold you responsible for it.
Avail Yourself of All Possible Security Measures
Although some institutions or businesses may not give you a choice, others give you the option of increased security for your account.
One example is when a business offers you multifactor authentication, where it may text or email you a code to enter every time you log in so it can verify that it is actually you.
Some people may think multifactor authentication is a pain because it takes extra time. However, the added security protects you when hackers have sensitive information. If an institution offers you the option of multifactor authentication, you should accept it.
Report the Data Breach
Federal and state government agencies track data breaches and will engage with the business early in the process. The company that failed to protect your information can be liable for hefty fines and penalties and may need to pay you in lawsuit damages. If the government contacts a business, it may need to get even more aggressive to contain the damages from the breach.
Officially reporting the breach also gives you some records for your protection. Suppose you are challenging suspicious transactions and arguing why the credit card company should not hold you accountable.
In that case, you must prove that you reported a breached account. Otherwise, you make it harder to claim a data breach.
The relevant federal agency is the Federal Trade Commission. Report the data breach to IdentityTheft.gov and the applicable state agency. Your data breach attorney can help with all reporting issues to state and federal agencies.
Order a Credit Report
Your credit report is one main place where the result of data breaches or identity theft will show up. For example, if cybercriminals stole your Social Security Number, they can open accounts in your name. All credit accounts and any other irregularities will appear on your credit report.
Many banks and credit card companies now offer you access to your credit score and notice of significant changes to your credit report. You can visit AnnualCreditReport.com to order one free credit report per year from the three major credit reporting bureaus.
One of the first things you should do after a breach is order a credit report. You can space out ordering from each of the three major credit bureaus so you can access one every several months.
These bureaus are:
- Experian
- Transunion
- Equifax
Consider paying for short-term credit monitoring. These services will alert you of anything suspicious with your credit. The company that failed to protect your information might offer free credit monitoring for a period of time. If not, you should eventually receive free credit monitoring as part of your data breach settlement.
Contact an Experienced Data Breach Attorney
If your data has been a part of a breach, you may be entitled to financial compensation. Any entity that possesses your data has a legal obligation to protect it and may be liable for damages if someone else has obtained it through a breach. Its failure can cause you multiple forms of damage, making your life harder and possibly causing financial losses.
Various federal and state laws may entitle you to a settlement when an organization has not protected your data. The exact law under which you file a lawsuit depends on the circumstances of your stolen data. For example, if a financial institution fails to safeguard your data, you may sue under the Gramm Leach Bliley Act.
You have two primary legal options:
- You can file a lawsuit against the company as a plaintiff based on your unique damages.
- You can file a class action lawsuit (either leading one or joining an existing one) when numerous customers suffered the same harm from the same data breach.
Your lawyer will consult you and go over all your legal options. They may consider filing a lawsuit for you alone if you have significant individualized damages based on your situation. In contrast, they may file a class action lawsuit when appropriate and ensure you receive a fair piece of the compensation pie.
You may recover total and fair compensation for your damages, which can include:
- Your actual financial losses from your accounts being hacked (including stolen money or charges that were made in your name that you are responsible for)
- Compensation for the extensive amount of time that you spent dealing with the data breach (you will usually be entitled to a specific hourly rate for a certain number of hours)
- Emotional distress from exposed personal information
- Credit monitoring services
- Any lost opportunities or things that you missed out on because your credit score took a hit from the breach
The damages you will receive depend on your situation and the amount of money available from the settlement (depending on whether you filed a class action lawsuit or joined one).
Companies have had to pay hundreds of millions of dollars in fines and payments when they have exposed your data to cybercriminals, and you can receive your proportionate part of the settlement.
Those who fail to protect your data should pay much more than fines when they expose you to data breaches. While the government may impose penalties, it has nothing to do with your damages.
Government fines often go straight to the United States Treasury, which does little to benefit you. If the law allows it, there is no reason why you should not receive compensation for the harm that you have suffered.
The one definite thing is that you will not have to pay an attorney with funds from your pocket. They only receive payment from the proceeds of a settlement or jury award, and you will not owe them money if you do not win.
Thus, there is no risk to you in hiring an experienced data breach attorney, and seeking legal help is the best chance of getting compensation in your data breach case.
Once you set up your free consultation, you can have immediate peace of mind. The right data breach attorney can identify all your legal rights and options and seek the compensation you need for your troubles and losses.
Mr. Finkelstein is the Managing Partner of Finkelstein & Partners, LLP. He has become a noted consumer activist through his representation of injured individuals against corporate wrongdoers and irresponsible parties.
An accomplished litigator, Mr. Finkelstein has represented Plaintiffs in wrongful death and catastrophic personal injury cases. He has successfully handled dozens of multi-million dollar cases.