If You are Hacked

How to respond when an account is compromised.

A recent study by the Pew Research Center found that 64% of Americans reported that they had experienced a major data breach, including 35% who had an account number or other sensitive information compromised.1 Sensible precautions to secure your online information can help you avoid joining this statistic, but given the increasing severity and frequency of cyberattacks, there is no perfect solution. If you are hacked, the advice below can help minimize your exposure and better secure your accounts going forward.

Immediate Actions

  • Change your password as soon as you are aware your account has been hacked. Do this from a device that you know is not compromised or infected with malware.
  • Log out of the compromised account(s) on all devices.
  • Check the login logs for your account(s). Most cloud services track each and every time you log in to an account. This allows you to see when and from where that account has been accessed.
  • If a financial account has been hacked, immediately inform the financial institution and add a fraud alert to your credit report. This will make it harder to open a new account under your name if your identity has been stolen. Adding a fraud alert is free, good for 90 days, and if you add it to one credit-reporting agency, it will be reported to the other three.
  • It may be prudent to cancel accounts that have been compromised and replace them with a new credit card, investment and/or bank account.
  • If your email address was compromised when the account was hacked, consider establishing a new email address that you only use for banking, investment, health care and other accounts that hold sensitive information.
  • If your phone number was compromised, consider getting a new cell phone number, particularly if you have services that use multifactor authentication or a verbal call-back for verification.

Reducing the Likelihood of a Future Attack

  • Strengthen your password with more special characters, upper- and lower-case letters and numbers. Avoid using real words or personal information in your passwords.
  • Enable multifactor authentication on all your accounts and devices.
  • If available, enable account login notifications.
  • Set up credit card alerts to notify you when a transaction occurs so that you can identify fraudulent charges quickly.
  • When considering monitoring services, it is important to note the difference between identity-theft monitoring and cybersecurity monitoring. Both can be beneficial, but cybersecurity monitoring is intended to help prevent cybercrime, while identity-theft monitoring is intended to help you react more quickly if fraudulent activity has already occurred.


1 Source: Pew Research