Alas, another day, another data breach. Late Thursday, word broke that the hacker group LulzSec broke into SonyPictures.com and gained access to 1 million user accounts (the group apparently posted details for 50,000 accounts online). If you have a Sony Pictures account, the bad news is that your personal information may be out there. You can't change that fact, but you can take a few steps to limit the potential for damage.
The tips in this story are intended to be general and are not specific to this particular hack, so they're good to keep in mind in case of any data breach.
1. Change Your Passwords.
This should be the first thing you do: Change your password for your account on the impacted site. If you used the same login information for any other sites, you should change your password on those sites too. And this may be a good time to change your approach to passwords--check out Alex Wawro's story on how to build better passwords without losing your mind.
2. Watch for Phishing Attempts, Malicious E-mail
If your e-mail address gets exposed in a data breach, scammers, spammers, and malware authors may try to send malicious e-mails to you--well, more than usual, anyway--so you may see a spike in spam. As always, be on the lookout for any suspicious-looking e-mail. Don't open attachments you weren't expecting--even from people you know. Don't click links in e-mail messages.
3. The Same Goes for Snail Mail
If street addresses were compromised in a hack, it's possible that cybercriminals may send you scam mail via the postal service. Keep your guard up. Be suspicious of anything that asks for money or personal information.
4. Keep an Eye on Your Financial Statements
Even if your information wasn't compromised in a major data breach, criminals can still get at your credit card and bank account information; it could get taken via malware on your PC, a tampered ATM or credit card payment terminal, lost or improperly disposed documents containing sensitive information, or even an unscrupulous employee at that place you ate lunch at last week.
Given that, you should always keep a close watch on your bank balance and credit card statements. Question any suspicious charges. See if your bank or financial institution provides e-mail alerts that notify you whenever someone uses your credit card. You may even want to close your existing accounts and open new ones if you believe your account information may have been stolen--contact your bank or financial institution for the best course of action.
5. Put a Fraud Alert on Your Credit Report
Putting a fraud alert on your credit report is a must if you're a data breach victim: This tells the major credit agencies that your identity may have been stolen, and that they should be on the lookout for anything suspicious, such as new credit card or bank accounts opened under your name. A fraud alert lasts 90 days; after that, you can extend it by contacting the credit agencies. The FTC has more information on how to do this.
7. Check Your Credit Report Each Year
If you're a United States Citizen, you're entitled to one free credit report per year from each of the three major credit reporting agencies. Visit annualcreditreport.com to get started. And add a reminder on your calendar for a year later to check it again.
What About ID Theft Protection Services?
Last year, we looked at some of the identity theft protection services offered from companies like LifeLock. These services usually offer some useful services, but most of them aren't things you can't do by yourself. That said, cleaning up after identity theft can be a messy, time-consuming process, so these services can be helpful in that regard. See our full story for more details.
You may not be able to stop data breaches, but you can do something about it to protect yourself. Be vigilant, be on the lookout for anything suspicious at all times, and don't let your guard down.