Victims of data breaches face a recovery nightmare. Hiring a good lawyer and educating yourself on credit (and other data) safety are key to this recovery, as well as prevention.
It seems like every few months a major data breach hits the news. There can be a lot of questions when it comes to major data breaches. What information was breached? Was your information included? Will your identity be stolen?
It’s important to understand the effects of data breaches, what you can do to protect yourself, and what legal actions you can take as a victim. With the recent Capital One data breach and Equifax’s settlement regarding a major 2017 breach, it’s good to prepare in the case those breaches affected.
What Is a Data Breach?
A data breach is a cyberattack that results in the release of private information. Major companies and financial institutions store personal information in order to conduct business. This could include Social Security numbers, credit card numbers, addresses, health information, or other sensitive data. When a cyberattacker compromises a company’s information systems, they can potentially access and steal this information. Cybercriminals often sell the data on the dark web, hold the data for ransom, or use it to conduct identity theft.
Is a Data Breach the Same Thing as Identity Theft?
A data breach is not the same as identity theft. A data breach is when personal information is compromised, When personal information falls into the wrong hands, your personal information can be used to steal your identity. The more information a breach exposes, the more opportunities criminals have to apply for credit in your name.
Fortunately, having your personal data compromised does not mean you’ll be a victim of identity theft. Regardless, you should take steps to protect your identity, Ideally, before a data breach occurs.
How Can You Protect Yourself?
Before a Data Breach:
Limit the Information You Give Out
One of the simplest things you can do to protect yourself from becoming a data breach victim is limit what information you give out. This is true for both online and paper forms. If personal information is required, make sure it is from a legitimate site and you understand how your data will be used. You should never give out personal information without a good reason, such as a credit pre-approval or online bank application. You can also prevent the spread of unauthorized online access to information by using unique and difficult passwords for every site you use.
Freeze Your Credit
Another step that you can take proactively is to freeze your credit report. Placing a credit freeze prevents people from pulling your credit for the purpose of opening new accounts in your name. Freezing your credit doesn’t freeze your credit cards or accounts, and it doesn’t harm your credit. As of 2018, placing a credit freeze is free, thanks to federal law. If you’re applying for a new credit card or other credit product, unfreezing your credit is a quick and simple process.
To place a credit freeze, you’ll need to place a freeze individually with all three credit bureaus – Experian, Equifax, and TransUnion. You can place a credit freeze online, by phone, or by mail. The online process is fairly simple. The bureaus will verify your identity by asking some questions and give you a unique PIN to unfreeze your credit. Keep this in a safe place for when you want to thaw your credit reports. If you thaw your credit online or by phone, it should take effect within one hour.
After a Data Breach:
If you’re notified that you might be affected by a recent breach, or if you hear about a high-profile breach of a company that you do business with, don’t panic.
First, keep an eye out for communication from the affected company. All 50 states have laws on the books about notifying data breach victims in a timely manner.
Even after a data breach, freezing your credit can still help prevent identity theft. If you don’t already do so, start to monitor your credit reports to see if you have any accounts you don’t recognize. Even if there’s no fraud, a study by the FTC revealed that about one in five people had an error on their credit reports. Check your bank and credit card statements to see if you have any fraudulent charges.
Take note of any time or money spent recovering from a data breach, even if your identity doesn’t appear to be compromised. You may hear about a class action lawsuit or settlement regarding a data breach that you were a part of. Oftentimes, affected parties will be offered free credit monitoring or some sort of financial compensation. You should consult with a lawyer before accepting any rewards or benefits from a class action; it may waive your right to seek damages down the road.
Legal Impacts of a Data Breach
Of course, there are times when legal action is the best solution, specially if you’ve suffered damages, such as identity theft. Fortunately, numerous laws protect consumers from data breach damages.
These laws seek to make the injured party as whole as possible, In other words, to return them to the condition they were in before the data breach. However, the legal system requires that you show damages. Therefore, if you were part of a data breach but nothing bad happened as a result of it, you are better off taking whatever the company offers (whether free credit monitoring or cash payouts). In the unfortunate instance of actual damages, it’s time to consult a lawyer.
While you can bring your own suit, others likely faced damages too and may consolidate into a class action suit. These suits feature named plaintiffs whose circumstances are similar enough to the rest of the class as to be representative of the class.
Is it worth taking legal action? That’s a difficult question to answer. The awarded damages may not be large depending on the class size. You typically receive free credit monitoring and a cash payout split between the entire class.
What if you’ve been seriously damaged, though? At that point, consult your lawyer about bringing your own suit. There are benefits and drawbacks to this approach. As part of a class action, the class shares the costs and fees. Damage awards and settlements typically pay these costs. Suing on your own means you are solely responsible for the costs and fees.
This isn’t so bad providing you win your case or the company offers an acceptable settlement.
As with class actions, your lawyer will typically take costs and fees from the amount of the award/settlement. But, if you lose, you are responsible for the costs, and potentially the fees, out of your own pocket.
As a point of clarification, costs are what it costs your lawyer to file the case, pay any private investigator if required, etc. Fees are what your lawyer earns by representing you. Often, you’ll see a “you don’t pay if we don’t win” ad. This means the lawyer is working “on contingency.” They don’t earn their fees unless you win. However, in all but a very few instances, you are always responsible for the costs.
Data breach cases often settle for substantial amounts of money. However, this does not all go to the class members and its lawyers in the form of cash. That free credit monitoring? It’s not really free. The cost comes out of the settlement funds.
Likewise, any moneys used for credit repair, fraud protection, and reimbursements to those who have paid for such services out of pocket. In July of this year, “Equifax agreed to [pay] close to $700 million in fines and restitution. Of that amount, Equifax set aside $425 million for consumer payouts to cover “credit monitoring and out-of-pocket losses due of the breach, as well as identity restoration services for victims.” This covered the massive data breach in 2017.
Those affected by the Anthem, Inc. data breach were able to get up to $10,000 in addition to the credit monitoring and other services. Recovery from a data breaches can be a nightmare. Hiring a good lawyer and educating yourself on credit (and other data) safety are key to this recovery and to prevention.
This article was originally written at LegalReader.com.