Stan's World - Responding to a security breach

Stanley F. Ehrlich |

Over the past year, it’s likely you were mailed at least one letter from a major retailer advising you they were the victim of a security breach, and that your data was likely compromised. What’s also likely is either: (a) The letter went unopened because you assumed it was junk; or (b) You read the letter and tossed it into the trash, assuming there was nothing you could do about it. As with almost all things security-related, it’s probably time to change that behavior.

A recent article in the Wall Street Journal1 outlines steps we should all take when we receive one of those security-breach letters. (Hint: The decision to do nothing, or assume there’s nothing you can do, should no longer be an option.)

  • Take each data-breach notification seriously. Start by changing the password for the affected account, and then change any other accounts you have with that same password. As we’ve previously noted, both John and I use a program called Dashlane to safeguard and store log-in information for all our accounts. One of the features of Dashlane is it tells you when a password has been reused, and for which accounts. Once a hacker learns one of your passwords, that same hacker will try to use it across all other accounts you may have (including bank accounts, Schwab, Amazon, etc.). If you don’t change your password, you’re daring hackers to find other accounts you have and then attempt to hack into them as well. 
  • Find out what kind of breach it is. If a hacker stole your music playlist, change your password. But if the theft involved a credit card or other personal information, you’ll need to step up your response. Hackers will use any information they collect to try to probe deeper into your personal life, including financial accounts. If your playlist, for example, included a lot of Bruce Springsteen music, a hacker program may assume the answer to a security question may be Bruce. Or perhaps a password is Bruce. Assume all points of information will be used against you because the programs hackers use are that good.  
  • Set up push notifications for financial data. When you’re notified of data breaches that involve credit cards or payment information, review the transactions on the affected accounts, going back to the previous payment period.” Regardless of whether you receive a letter regarding a security breach or not, you should still sign up now for “mobile push notifications for credit-card transactions.” Once enrolled, you’ll receive a text every time your credit card is used. It’s a great way to monitor your credit card, thereby quickly identifying inappropriate charges. (You can do the same for your checking account).
  • Use free credit monitoring. Almost every time there is a security breach, victims are offered security monitoring for a period of a year or more. Sign up! Why wouldn’t you want to be notified if a hacker is opening a bank account in your name? Or a credit card? Or applying for a mortgage? In fact, “some credit cards and banking firms . . . provide free monitoring of consumer credit and provide monthly updates of noteworthy events and changes…Using these services is an easy way to identify and report fraudulent activity, as well as protect against identity theft.” If your information has been breached, you should routinely review your credit reports.
  • Enable dual-factor authentication on all of your accounts. This is a good practice in general but is especially important for anyone affected by data breaches. With dual-factor authentication, you enter your password as usual but then confirm your identity using a personal device, typically a mobile phone. This limits someone from logging into the account with a stolen password.”

Security breaches can range from mere inconveniences to far worse. Take the time to take a few simple steps now before you’re forced to react to a more untimely and potentially far more costly situation.


1 Murthy, Rajendran. “Your Online Account May Have Been Breached? Don’t Just Sit There. Do Something.” The Wall Street Journal, 25 Sept. 2023.


Please remember that past performance may not be indicative of future results.  Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by S.F. Ehrlich Associates, Inc. (“SFEA”), or any non-investment related content, made reference to directly or indirectly in this newsletter will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful.  Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this newsletter serves as the receipt of, or as a substitute for, personalized investment advice from SFEA.  To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing.  SFEA is neither a law firm nor a certified public accounting firm and no portion of the newsletter content should be construed as legal or accounting advice.  A copy of SFEA’s current written disclosure Brochure discussing our advisory services and fees is available upon request. If you are a SFEA client, please remember to contact SFEA, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing, evaluating, or revising our previous recommendations and/or services.