The Hacking Economy

Five things to do after your data has been stolen

maxkabakov | Getty Images

Whether you know it or not, you've been hacked — probably several times by now.

You are in good company: There have been 6,467 data breaches since 2005, compromising 879,889,874 records, according to Identity Theft Resource Center. So what should you do when you first learn that your personal information may have been stolen by criminals?

"It sounds counterintuitive, but you don't want to panic," said Matt Ehrlich, vice president of fraud and identity product strategy at credit reporting agency Experian.

Here are five pro tips from people in the business of protecting information.

1) Contact your financial services and health providers

The most important first step is to contact all of your financial, health and insurance organizations, said IBM Security Services Global Lead, Wendi Whitmore. That way your bank, retirement broker, mortgage lender and health insurance provider can be on the lookout for any suspicious activity, such as fraudulent purchases or prescriptions. It is a good idea to keep a list of all this information offline and replicated in several areas, said Whitmore.

"For victims of personal consumer theft, it's still a really challenging area," said Whitmore. "It's difficult for consumers to have a lot of protections in place. Some of the things that you can do are fairly manual."

2) Check your credit report and request a security freeze

Review your credit report and financial reports, something it is good to get into the habit of doing periodically, said Whitmore. Anyone can get a copy for free once a year from Annual Credit

Experian, TransUnion and Equifax allow victims of fraud or identity theft to place a temporary security freeze on their account at no cost to prevent lenders and others from accessing their credit report in response to a new credit application. This informs lenders to take extra precautions before extending credit in your name, such as reaching out to you by phone to verify that the request really came from you. You can do this online or over the phone, and it's probably a good idea, said Ehrlich.

A smart move is to file a police report at your local police station, which will allow you to increase the amount of time the credit unions will allow you to place a credit freeze on your account, said Whitmore.

3) Change passwords across all accounts and make them hard to guess

The simplest thing you can do is change all of your online passwords and make sure you are using two-factor authentication — doing this can help mitigate the potential fallout from a breach, said Dimitri Sirota, chief executive officer of cybersecurity firm BigID.

A proactive next step is to implement a password manager like Last Pass that will store all your passwords in an encrypted file. Of course, there are pros and cons to doing this since these services could potentially also be breached.

4) Check your financial statements

"The reality is, we all have to be very vigilant with our personal information," said Whitmore.

That means regularly checking bank and credit card statements for purchases you did not make. Take advantage of free activity alerts offered by banks and credit cards, said Ehrlich. Over time, financial institutions have added more text and email options to let customers keep track of all activity via their mobile devices, and if you haven't logged into your account recently you should check out the latest services on offer, said Ehrlich.

Also, it's not just big transactions to be on the lookout for. Keep an eye out for small amounts going out of your account as criminals may be testing while they wait for your paycheck to hit, said Ehrlich.

"Bring that to the attention of the bank or the business right away," he said.

5) Bring in the experts: Use a credit-monitoring agency

When you have been the victim of a breach, companies are typically required to cover between one to three years of credit-monitoring services. Whitmore says: Take it!

Make sure you sign up for these services, which will proactively look for credit or identity-related transactions and alert you about any suspicious activity or if your information is posted on the dark web.

Such services are offered by the three major credit-reporting companies — Experian's version is called Protect My ID — as well as others like LifeLock and AllClear ID.

Tek Image | Getty Images

Bonus tip: Limiting the amount of personal information you share on social media can also help to protect you from real-world damage to your credit since thieves will often comb social media sites for information that will help them steal your identity.