With data breaches on the rise in Massachusetts and across the country, you or someone you know might have received a notification — in the mail or otherwise — that your personal data ended up in the hands of hackers.
In Massachusetts, businesses are required by state law to notify customers and state officials of a data breach.
If you get such a notice, cybersecurity experts warn it’s important to not shrug it off. Quick action can be essential in protecting your digital and financial footprint.
“You could lose everything — most importantly your identity, which is hard to get back,” said Kevin Powers, director of Boston College’s cybersecurity program.
Here are some key tips.
What should I do first after getting a notice my data was breached?
There are a number of simple steps that people can take to quickly protect themselves, Powers and other experts said.
The first and easiest step is setting up a password management application that generates unique, complex passwords for each service you are subscribed to, so that if hackers get access to one password, it doesn’t expose all of your accounts.
Advertisement
“Do not put all your eggs in one basket,” advised Stuart Madnick, codirector of MIT’s cybersecurity institute. “Assume they are breaking in, and make it so they can’t break into every one of [your] systems.”
That could mean not using the same password for Facebook as your bank account.
It’s especially important to make sure that you don’t use any passwords impacted by the breach ever again. Some hacked passwords sit on the dark web for years, and you never know when it could be exploited.
Advertisement
While you’re at it, ensure that multifactor authentication is set up on all of your accounts where possible. But don’t think of it as a silver bullet. Some sophisticated hacking groups have figured out ways of getting around that, too.
My credit/debit card numbers were breached. What should I do?
First, call your bank and let them know that your account information was stolen. It can beef up alert-monitoring on your account so that fraud is less likely to occur.
Also, open an account with one of the three major credit bureaus and run a credit report. If you see any suspicious entries, contact all three bureaus and freeze your credit as soon as possible.
You can also file claims with each bureau if something appears on your report that you suspect to be fraudulent.
Also start regularly checking your bank statements, preferably every week. Most banks have mobile apps or websites that should make it easy.
Is there any way to guarantee my information stays safe?
No cybersecurity measure is foolproof. Even national agencies with cybersecurity experts on staff are not immune.
“The NSA (National Security Administration) has been broken into, the White House has been broken into,” Madnick said.
But you can lessen your own risk by having a diverse set of passwords, and by regularly monitoring your financial accounts. The sooner you spot potential fraud, the better.
Scooty Nickerson can be reached at scooty.nickerson@globe.com.