Security breaches suck. Unfortunately, they’re quite common. As reported by The Washington Post, the latest high-profile ransomware attack hit Dish and its subsidiaries, Sling TV and Boost Mobile, six weeks ago, and customers are still having issues getting through to customer support. While the company has not confirmed whether any sensitive user information was stolen, we do know that at least some data was stolen. When lacking clarity in these sorts of situations, it’s best to assume your data was compromised, and take steps to protect yourself.
Watch for suspicious activity
We’re all inundated with spam messages on a daily basis, but following a data breach, keep a closer eye on them. If you notice text messages or emails informing you of accounts being created or credit cards being opened that you know aren’t legit, it could be a red flag someone is abusing your stolen information.
At the same time, fake account creation messages are a phishing tactic too—so if your suspicions have been raised, tread carefully. Never click on any links or download any attachments in strange emails or texts. Always visit a trusted organization’s website by typing the address in the URL bar yourself, and call them directly to address any concerns about fraudulent accounts. It’s an odd tightrope to walk, but it’ll help protect you in the long run.
Keep an eye on your credit report
One of the big risks in cases like this is identity theft, and keeping tabs on your credit is a great way to spot fishy behavior before it goes too far. By monitoring your credit report, you’ll be able to see right away whether someone has opened a credit card on your behalf.
You don’t have to pay to check in on your credit reports, either. In the past, you’ve been able to check your credit reports for free once a year. But from now through the end of 2023, you can perform weekly checkups for no charge. That goes for the big three credit reporting agencies—Equifax, TransUnion, and Experian. You can request your credit score through AnnualCreditReport.com.
Freeze your credit
If you get the sense your data is in danger, or you just want to err on the side of caution, consider freezing your credit. It’s actually easy to do, and doesn’t hurt your credit score or jeopardize your good standing with creditors.
A temporary credit freeze blocks most activity that requires someone to pull your credit, such as opening a new credit card or applying for a bank loan. You can temporarily lift a credit freeze in order to do these things yourself, so you don’t need to feel cut off from your financial goals by implementing a freeze. It also doesn’t impact any of the accounts you currently use, which means you’re free to use your existing credit cards.
Change your passwords (and start using a password manager)
When you find out a company, such as Dish, has been hacked, you probably think to change your password. But it’s good practice to change other account passwords, too, particularly if you’ve reused that combination of compromised password and email address before. Ideally, you shouldn’t be doing that, but I’m a realist—I know most of us recycle passwords.
If you have accounts that share the same password as the hacked company, change those passwords, too, as one way hackers break into your accounts is by using passwords leaked from hacks elsewhere. If they now have your Dish password, they’ll try it against your other valuable accounts. And to keep this from being an issue in the future, start using a password manager to keep track of all of your account logins. (Here are seven we recommend.)
Set up two-factor authentication
Let’s say hackers take your stolen password and try to sign into an account of yours that happens to share that password. If you didn’t change it yet, they’ll automatically have access to the account—unless you’re using two-factor authentication (or 2FA).
2FA requires both your password and a code in order to enter your account. That code could be sent to your phone via SMS (although this isn’t the most secure method), generated using a 2FA authenticator app like Google Authenticator, or through a physical security key. You should set up 2FA with any accounts that support it, including accounts that were previously compromised.
Complain
These tips are helpful for protecting your interests going forward, but they can’t hold companies accountable. Complaining, however, can: You can complain to the Better Business Bureau (here is a specific link for Dish complaints), the Federal Trade Commission for breaches of your data privacy, and the Federal Communications Commission for violations involving TV and phone companies.
There’s no guarantee that complaining will do anything, but it can help you in two ways. First, you’re alerting these agencies to the issue at hand, and second, you’re starting a paper trail that will be a boon to you in the event litigation is brought against the company that did you harm.