Your Money

What to do if a retailer says you've been hacked

Protecting yourself after a security breach
VIDEO1:4201:42
Protecting yourself after a security breach

It's an unfortunate but common story.

After using your credit card at a major retailer, you get some bad news: The company was hacked and your personal information may have been stolen.

Data breaches are a widespread problem affecting not just retailers, but government agencies and health-care organizations as well. An annual survey by Javelin found 13 million people were victims of identity theft last year, with the total amount stolen reaching $15 billion.

"Companies who have your data online are not securing it properly," said J.J. Thompson, CEO of Rook Security in Indianapolis.

If you have been part of a data breach, follow these steps to protect yourself.

Change your passwords

"First thing to do is immediately change your email password, then make sure you have your credit monitoring going," said Thompson.

A thief that has access to your email can be the most dangerous since your email often contains other identifying information that can be used to create more fraudulent accounts in your name.

In addition to email, also change your login for important financial websites, including online banking or retirement accounts.

Read but don’t click

Most states have laws requiring businesses to notify consumers of data breaches. You can expect to receive some form of communication such as an email or letter telling you when and how it occurred.

However, never click on any email links or send in personal information, because it may not be authentic.

"You may not be talking to that company — you may be talking to the attacker," Thompson said. Instead, he suggests initiating any contact yourself and doing your own research on the breach by going to the company's website.

Take care of your credit

This is especially true if you think your Social Security number may have been stolen.

Contact the three major credit reporting companies Equifax, Experian and TransUnion — and put a credit freeze on your account. This restricts access to your credit report, making it harder for thieves to open new accounts in your name.

Thompson also suggests setting up a Google alert for your email. That way if a hacker posts it, you'll know about it.

Many retailers also offer free credit report monitoring for victims; if that's you, make sure you take advantage of it.

More from Your Money Your Future:
Survey finds financial advisors unprepared for cyber attacks
Four steps to lower your property tax
Don't let these 3 Social Security myths mess up your benefits