Know the Law: Protecting Your Identity After a Breach

Cameron G. Shilling
Director, Litigation Department & Chair of Cybersecurity and Privacy Group
Published: Union Leader
January 5, 2020

Q. I was recently notified that my personal information and credit card number may have been included in a widespread breach. Besides obtaining a card, are there additional measures I should implement to minimize the damage from this type of incident?

A. In many ways, a breach of personal data is more difficult to manage than a credit card hack. Identity theft is more lucrative and lasting than credit card fraud. Unlike a card number, identity information is essentially permanent and cannot be easily replaced. A robust fraudulent identity, particularly with a high credit score, can be used to perpetrate a variety of high-value crimes before the individual or financial institution detects and stops it, like obtaining a mortgage or line of credit secured by the individual’s property, incurring large uninsured medical bills, and rapidly obtaining and maxing out credit cards. Also, unlike credit card fraud, victims of identity theft often bear huge financial costs and invariably suffer damaged or destroyed credit.

Protecting yourself involves enhancing safeguards for the online accounts, electronic devices and documents that contain your identity information. Taking the following steps will significantly reduce your risk of identity theft.

Clean credit report and lock/freeze credit: Obtain a copy of your credit report from the three major bureaus: Experian, Equifax and TransUnion. Terminate any account that is inactive and, of course, any account that is fraudulent. Then either lock or implement a security freeze with each of the credit bureaus. Taking this precaution ensures that only companies you authorize to view your credit can do so.

Purchase credit and identity insurance: Reputable credit and identity monitoring and theft insurance is available and affordable. It ensures that you have a sophisticated security network monitoring the internet to detect malicious activity and provides you with credit and identity restoration insurance and support services if you become a victim of identity theft.

Secure mobile devices and passwords: Laptops, cellphones, tablets, USB and external hard drives, and other mobile devices are treasure troves of identity information. They should be encrypted. Such technology is widely available and often already installed and ready to be activated on the device. Using strong passwords that are themselves protected to access your devices and online accounts also is imperative. Using a commercially available password manager is an excellent way to do so.

Monitor financial accounts and report fraud: Establishing account notifications and carefully reviewing your credit card, bank, investment and other financial account statements monthly will enable you to detect and report fraudulent activity promptly.

While protecting your personal data is an ongoing process and there is no finish line, the steps laid out above will go a long way in enhancing your security.

Know the Law is a bi-weekly column sponsored by McLane Middleton, Professional Association. We invite your questions of business law. Questions and ideas for future columns should be emailed to Please note – Know the Law provides general legal information, not legal advice. We recommend that you consult a lawyer for guidance specific to your particular situation.