Skip to main content

What Can You Do After a Data Breach?

Posted on April 04, 2019

Chances are you or someone you know is one of the hundreds of millions of people whose personal data has been exposed in a data breach. But once your personal information is out there, what can you do to prevent its misuse?

While there’s no single way to address all risks after a data breach, for Financial Literacy Month, we put together a list of some steps you can take to prevent misuse of your financial information, monitor your accounts to spot problems, or find help after identity theft. Read on and listen to Anna Maria Ortiz, an acting director in our Financial Markets and Community Investment team, discuss the issue:

Missing media item.


Preventing unauthorized new credit accounts

  • Freezing your credit report is a free and useful way to prevent thieves from opening a new credit card or loan in your name. But you’ll need to request a freeze at each of the 3 nationwide consumer reporting agencies (Equifax, Experian, and TransUnion) separately. 
  • Placing a free fraud alert on your credit report requires businesses to verify your identity before opening an account in your name. They do not prevent access to your credit report the way freezes do so they are not as strong a protection as freezes. These alerts also must be renewed annually—but unlike freezes, you’ll only need to submit a request through 1 consumer reporting agency rather than all 3—the one agency must notify the other 2.

Keeping an eye out for fraud

There’s also a chance that fraudsters can take over your existing accounts, such as debit or credit cards. There are several ways to monitor your accounts for suspicious activity.

  • Requesting your credit report at is free from each consumer reporting agency every 12 months. If you check 1 of the 3 agencies every 4 months, you can improve your odds of catching problems throughout the year.
  • Reviewing your account statements or setting up free automatic alerts. This can help you spot transactions you didn’t make.

There are other types of identity theft or fraud, though. For instance, someone can use your identity to file a health insurance claim in your name, file your tax return to get the refund, or use your information to obtain other government benefits like Social Security payments. Reviewing your medical bills and health insurance benefit statements, filing your taxes early, and setting up an online Social Security account can help you catch these issues.

Responding to identity theft

If you suspect you are a victim of identity theft, you have several options to get help.

You can contact local and state law enforcement or state Attorney General offices--some have consumer protection helplines or victim services offices that provide one-on-one assistance.

The Federal Trade Commission’s can assist you in developing a customized recovery plan and can help you fill out necessary reports to send to consumer reporting agencies, law enforcement, or the IRS.

Commercial identity theft services are also available. They offer to monitor credit and identity information, insure against identity theft, or help restore victims’ identities. Experts told us that identity theft services can be convenient and can help victims recover from identity theft if they offer 1-on-1 assistance. But identity theft services do not prevent fraud from happening in the first place and they will not address all data breach risks. You can read more about these services in our 2017 report and related blog post.

Experts highlighted 4 factors to consider before deciding what options to choose after a data breach:

  1. Which options help prevent fraud;
  2. How much the options costs;
  3. How convenient the options are; and
  4. What information was exposed.

To learn more about consumer options after data breaches, check out our recent report.

Comments on the WatchBlog? Contact

GAO Contacts

Chuck Young
Chuck Young
Managing Director

Related Products

About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to