facebook twitter instagram linkedin google youtube vimeo tumblr yelp rss email podcast phone blog external search brokercheck brokercheck Play Pause
You’ve Been Hacked – Now What? Your Step-by-Step Response Plan Thumbnail

You’ve Been Hacked – Now What? Your Step-by-Step Response Plan

Investor Insights

It starts with a simple email, a strange login notification, or a charge on your bank statement that you don’t recognize. Suddenly, you realize your personal or financial information may have been compromised. A cyber-breach can happen to anyone, and the stress of not knowing what’s been affected can be overwhelming. The good news is, taking the right steps immediately can help limit damage, secure your accounts, and protect your finances. 

We have written in the past about the need for good cybersecurity hygiene (the practices and procedures used to protect your data, devices & systems). However, despite best efforts, cybersecurity breaches still occur.   

In 2023, in the U.S. alone, there were over 880,000 cybercrimes reported to the FBI along with 3,200 data compromise incidents impacting over 353 million Americans. While not inevitable, it is quite possible that you, or someone you know, will be the victim of a cyber-breach.  

So, what should you do if you are the victim of a cybersecurity breach? Here are some suggested steps to take: 

Step 1: Secure Your Accounts 

The first step is to secure your accounts immediately. Change passwords on all critical accounts (email, banking, investment, credit cards, etc.). If you know of specific accounts that have been accessed, contact the company’s fraud department to secure them. Where possible, enable Multi-Factor Authentication (MFA) on accounts. Installing an MFA app like Google or Microsoft Authenticator is more secure than receiving SMS text authentication requests.  

Reminder: Use strong, unique passwords for every site. Never reuse passwords across accounts. Password reuse is one of the biggest vulnerabilities in a breach, since one exposed password can unlock multiple accounts. 

Step 2: Protect Your Finances 

Step two is to protect your finances. Contact your banks, credit card and investment management companies. If you are one of our clients, that includes us. You can place a fraud alert with one of the three major credit bureaus by calling these numbers (each credit bureau will contact the other two): 

Equifax: 800-525-6285 

Experian: 888-397-3742 

TransUnion: 800-680-7289 

You may want to consider a credit freeze (which is stronger protection than a fraud alert). This will prevent new credit accounts from being issued in your name. 

Step 3: Review & Repair Your Credit 

The third step will be to review, secure, and repair your credit. You can order a free credit report from AnnualCreditReport.com. You should review all of your accounts for unfamiliar activity.  

For identity theft protection, services like LifeLock are often highly rated, but please do your own research and choose the solution that fits your needs best. Tools like ReputationDefender can help address fallout from certain breaches, but these are not recommendations – simply examples of what is available. 

Step 4: File the Appropriate Reports 

The fourth step would be to report the issue. If identity theft is involved, you can file an official report with the FTC at IdentityTheft.gov. They will generate a recovery plan and affidavit for use with banks, credit bureaus, and law enforcement. If the situation is not identity theft, but rather a scam, it can be reported at ReportFraud.gov. You should also file a police report if your ID, SSN or finances were fraudulently compromised.  

Step 5: Strengthen Your Cybersecurity 

Step five is to strengthen your cybersecurity. Run a malware scan on your devices (or have a qualified IT professional do it for you). Avoid reusing the same or similar passwords. Consider utilizing a password manager (Dashlane and Password Boss are two that we use). Educate yourself on phishing, social engineering, and other tactics used by scammers and bad actors. 

Step 6: Monitor & Recover 

Finally, step six is to monitor and recover. Continue to monitor bank, credit, and online accounts for several months after the breach. Follow up on any fraud or disputed charge claims you make. If your driver’s license or SSN was exposed, request replacements.  

While taking precautions and practicing good cybersecurity hygiene protects us from cyber threats, it is never foolproof. Hackers and other cyber criminals are creative and tenacious. Having a plan of attack in the event of a cyber-breach is a way to limit your exposure and protect yourself. 

If you’d like to review your accounts, discuss ways to strengthen your cybersecurity, or need guidance following a breach, our team is here to help. Contact us to ensure your financial information and personal data are protected.