What to Do if You're a Victim of a Bank Data Breach

Hacker using a laptop

seksan Mongkhonkhamsao/Moment/Getty Images

Since most banking is now done digitally, hackers can steal hundreds of thousands (and sometimes millions) of records at once, resulting in a data breach. This can happen not only with banks, but with other financial institutions as well.

Even if a data breach doesn’t involve a loss of money, it can involve a great deal of time and resources to issue new cards, track down the information that got out into the wild, and monitor for any further issues.

There are three things you should be sure to do if you find out you've been part of a data breach: figure out what (if anything) was stolen, reset your passwords, contact the credit bureaus, and sign up for a credit monitoring service.

Figure Out What Was Stolen

The first step is to figure out what is stolen. In any hack, there are different pieces of information that can be taken. One of the most dangerous pieces of information that can be taken in the United States is a person’s social security number. This, combined with a full name, allows almost anyone to pose as you and buy things or commit fraud in your name. If your social security number has been stolen then make sure you report it to law enforcement.

Reset Your Passwords

Next, you’ll want to reset your passwords with new strong passwords. Even if only one account has been breached, it's a good idea to create new passwords for every account you have—especially if you use the same password for multiple accounts. Be sure to change each one of them—and make them different.

Contact the Credit Bureaus

It’s essential to contact the bureaus that do credit reporting. In the United States, you can get any of the major credit bureaus (or all of them) to put fraud alerts on your name, and this doesn’t cost a dime.

Then, if someone tries to steal your financial identity, you’ll know right away. In the United States you can contact the credit bureaus at the following numbers:

  • Equifax 1-800-685-1111
  • Experian 1-888-397-3742
  • TransUnion 1-888-909-8872

Sign Up for a Credit Monitoring Service

Banks and other financial institutions are continually working to make sure that they have cutting edge cybersecurity in banking, and new technologies like biometrics and double authentication processes are helping to increase security. But hacks can and still do happen.

It’s important that you take the initiative to protect yourself. You can take a proactive approach by signing up for a credit monitoring service.

Many financial services companies offer credit monitoring services to their customers. Check with yours to see what they offer and how much it costs. You can also sign up for free credit monitoring services through companies such as Credit Karma.

5 Examples of Major Data Breaches


Because they are a credit reporting agency, Equifax stores personal information on everyone who has ever taken out a loan of any kind. In 2017, Equifax experienced a breach of 145.5 million U.S. accounts and 12.3 million British accounts.  The breach also impacted the personal information of 8,000 Canadians. The hackers got away with identifying information such as names, birthdates, telephone numbers, social security numbers, and email addresses. The hackers also stole credit card numbers of over 209,000 people in the U.S. and 11,670 in Canada. 

Heartland Payment Systems

This payment processor is responsible for the processing of over millions of transactions a day and serves over 400,000 different business locations in the United States. In 2008, over 130 million people who had payments processed by Heartland had their data hacked. This hack cost the company approximately $147.6 million to fix.

TRW Information Systems

In 1984, 90 million people had their credit histories posted to an electronic bulletin board where others could access it. It’s one of the first cases of mass data hacking in a financial institution.

JPMorgan Chase

This behemoth of a bank reported a massive data breach of over 76 million households and 7 million small businesses in 2014. This was the first major, successful attack on a large U.S. based bank, and shattered the perceptions of banks being safe from data breaches.

Cardsystems Solutions

This payment processor was hacked in 2005, putting 40 million credit card numbers at risk. At the time the company had around 100,000 small businesses in its network and was processing a huge $15 billion a day in credit card transactions.

Article Sources

  1. Federal Trade Commission. "What to Do Right Away."

  2. Equifax. "Frequently Asked Questions."

  3. Equifax. "Cybersecurity Incident—Information for UK Consumers."

  4. Equifax. "Cybersecurity Incident and Important Consumer Information."

  5. Equifax. "Notice of Data Breach."

  6. Heartland Payment Systems. "Your Business Without Limits."

  7. U.S. Department of Justice. "Alleged International Hacker Indicted for Massive Attack on U.S. Retail and Banking Networks."

  8. U.S. Securities and Exchange Commission. "Heartland Payment Systems Inc. 2012 Form 10-K," Page 35.

  9. Marian K. Riedy. "Yes, Your Personal Data Is at Risk: Get Over It," Pages 3-4. Science and Technology Law Review.

  10. U.S. Securities and Exchange Commission. "JPMorgan Chase & Co. Form 8-K, Oct. 2, 2014."

  11. U.S. House of Representatives Oversight and Investigations Subcommittee. "Statement of Congressman Michael N. Castle. Oversight and Investigations Subcommittee Hearing on 'Credit Card Data Processing: How Secure Is It.'” Accessed Jan. 28, 2021.

  12. Federal Trade Commission. "CardSystems Solutions Settles FTC Charges."