After the breach: What to do when your information has been stolen from a company

The Chase data breach is another reminder of how fragile our security is

You're probably sick, as we all are, of constantly learning about new massive hacks. The latest one, involving the largest bank in the US and 83 million Chase customers, is disconcerting. Although no account information seems to have been stolen, that doesn't mean we can just breath a sigh of relief. There are steps we should take in the upcoming weeks and months.

For background, this is the JPMorgan Chase news. The company said that customer information--names, addresses, phone numbers, and email addresses--had been compromised, along with internal Chase data such as what line of business an account is affiliated with. Chase also emphasized that there's no evidence of unusual fraud activity, and account numbers, passwords, user IDs, birth dates, and Social Security numbers are not believed to have been compromised.

It could have been much worse (although, it could still be much worse for all we know).

When I reported this leak on Lifehacker, several commenters expressed their lack of concern: "Oh my gosh! They stole a phone book!"

The way I see it, though, the personal info of nearly 65% of US households being stolen is nothing to belittle. Personal email addresses aren't typically public information, and now we're going to be seeing a whole lot more phishing attacks--attempts by hackers to con you into clicking on links or giving up more sensitive information like your card number.

There's also identity theft, which can really ruin one's financial situation if the thief has key pieces of information on the victim.

When the Home Depot breach, thieves combined the debit card data with names, zip codes, and Social Security numbers off the black market to steal hundreds of thousands of dollars from customers' bank accounts. Although Chase doesn't believe sensitive account information has been compromised, the truth is when personal information leaks, it's cause for alarm.

Alarm, but not panic. Here are a few things you should do:

  1. Check your financial accounts regularly. I'd do it at least every week, if not more often.
  2. Set up alerts to be notified of unusual activity on your account, such as international charges or large transactions. You should even monitor small tranasctions, though, as thieves hope these will fly under the radar.
  3. Turn on two-factor authentication, if you haven't already.
  4. Check your credit report. 
  5. Sign up for credit monitoring. Credit Karma is free and will notify you about unusual activity, such as new account applications.
  6. Be extra wary of any emails or phone calls you get from Chase (or other companies). Never give out any sensitive information over email, text, or on the phone.
  7. If you do get emails with urgent information and links, don't click on them. Type in the address to your bank directly.

The Chase hack was identified in August, but the details weren't clear until today. Even more alarming, other financial institutions--unnamed as of now--were also being investigated at the same time by the FBI. The tips above should help you whether you're a Chase customer or not. You might also want to change your passwords for your financial accounts.

Melanie Pinola’s Tech IT Out blog and follow the latest IT news at ITworld. Follow Melanie on Twitter at @melaniepinola. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon