What to Do After a Data Breach

More than 150 million people had their personal information exposed last year, including passwords, phone numbers, and financial data

NBCUniversal, Inc.

Last year was one many people won't soon forget. While many were working and going to school at home, cybercriminals were busy breaking into accounts.

More than 150 million people had their personal information exposed last year, including passwords, phone numbers, and financial data. Consumer Reports is revealing what can be done to maintain control of accounts and protect personal data from the next breach.

Sometimes companies will contact consumers to let them know they've been the victim of a data breach. But consumers can also do some digging online themselves to find out if their information has been compromised. The website haveibeenpwned will determine if it's an email address, phone number, or password.

If a password was compromised, users should change it everywhere they used it. It's a good idea not to reuse passwords. With a password manager, it's not necessary to worry about remembering new ones. Consumer Reports recommends one called ONE-Password, which creates and stores complex, unique passwords for each account,

And because cybercriminals can use people's personal information to try to log in to their accounts, Consumer Reports recommends multi-factor authentication, which requires a second form of identification to log in. Often it's a code sent to a person's phone. But CR recommends using a form that's more secure than that, like the Google Authenticator app or a hardware security key such as Yubikey.

If a Social Security number or financial information is part of a data breach, CR says that freezing credit cards is a smart option because it restricts access to someone's credit history. But keep in mind that you'll have to unfreeze it before you apply for a car loan, mortgage, credit card, or anything else that pulls information from your credit history.

Contact Us