When a data breach notification lands in your inbox, the generic advice of “change your password” is almost never enough, and sometimes it is not even the right first move. What you actually need to do depends on what was stolen. Stolen passwords require a different response than a stolen Social Security number.
Let’s walk through how to read the notification, identify your real risk, and work through the right 48-hour action sequence to protect your money and your credit.
1. Understand What Was Actually Taken
The notification letter will tell you (sometimes clearly, sometimes not) what category of data was exposed. There are two distinct threats, and they require two different playbooks.
Account Takeover—Fast Acting
An account takeover means a criminal uses your stolen login credentials to access an account you already have: your bank, your email, your investment platform. Damage can happen within hours. This is a liquidity threat.
Identity Theft—Slow Creep
ID thieves use your stolen personal information (Social Security number, date of birth, full name, address) to open new accounts in your name, file a fraudulent tax return, or apply for credit. Damage may not be seen for months. This is a credit and legal threat.
Adam H. Douglas is a journalist and writer specializing in personal finance and literature. His recent work explores money management, book reviews, veterinary medicine, and long-term financial planning. He currently resides in Prince Edward Island, Canada, with his wife of 30 years and his dogs and kitties.
