Another Darn Breach? How to Protect Your Personal Data

Your information is likely out on the dark web, but you can still take steps to minimize risk

Edward C. Baig,

Updated December 02, 2025

AARP

Comments

Published December 04, 2024

/ Updated December 02, 2025

a scammer with various icons for computers, credit cards and locks

Paul Spella

In this story

Where’s my data? • On the dark web • Reduce your risks

The stream of headlines is demoralizing:

About 1.37 patients who’d used SimonMed Imaging, an Arizona-based medical imaging company with services in ten states, had their data compromised in a January 2025 cyberattack.
TransUnion, the consumer credit reporting company, disclosed in August that the personal information of more than 4.4 million individuals may have been compromised.
In July, McDonald’s AI-fueled job-hiring platform, McHire, experienced a breach that could have exposed the personal data of as many as 64 million job applicants around the world.

These are just a fraction of the hundreds of companies that have experienced recent data breaches — where unauthorized individuals gain access to sensitive or confidential information, such as personal identifiers (Social Security numbers, financial records, health data), without the owner’s knowledge or consent. Criminals use various methods to access this valuable data, including ransomware attacks, phishing, insider leaks, employee mistakes, and weak security systems.

It’s an epidemic: In the first three-quarters of 2025, the nonprofit Identity Theft Resource Center (ITRC) tracked 2,563 compromises affecting more than 200 million individuals. State and federal laws require companies to notify people if their information was involved in a breach.

Regardless, you should assume your personal details are out there somewhere, and take steps to protect yourself from identity theft (as explained below).

Information about you is likely for sale on the dark web

It's likely that your most personal, sensitive information is already available on the dark web, the mysterious corridor of the internet where criminals traffic in our data. “If you are an adult in the United States, there is a better chance than not that your information is available through an identity criminal,” says James E. Lee, the ITRC’s chief operating officer. The good news, he adds: “Not everyone’s information has been misused” because not everyone’s identity is of equal value. But if you are targeted, the consequences can be devastating.

Criminals can use your credit cards to make purchases, hijack your existing bank accounts or open up new accounts in your name. In 2024, Americans lost $47 billion to identity theft, according to a report produced by Javelin Strategy & Research and cosponsored by AARP.

9 ways to help reduce the risk of ID theft

1. Freeze your credit. By putting a credit freeze in place with all three major credit reporting agencies — Equifax, Experian and TransUnion — no credit can be issued until you lift the freeze with each of them. Such freezes are free and do not affect your credit score.

Visit the agencies online or call them to request a freeze that must be fulfilled within one business day. Agencies have three business days if you make the request by mail.

Most Popular

If you’re about to buy a new home or car or otherwise need to apply for credit once a freeze is in place, agencies must comply with your request to lift the freeze within an hour. You can put it back once your transaction is complete.

2. Add fraud alerts. If a fraud alert is on your credit file, businesses must verify your identity before extending new credit.

3. Monitor your accounts. Review your account statements and report any suspicious activity.

4. Check free credit reports. Look for accounts or creditor inquiries you did not initiate. Ensure that your home address, Social Security number, and other personal data are accurate.

If you suspect identity fraud, contact the credit reporting agency and the police.

5. Avoid reusing passwords. Security experts urge people not to use the same or even similar passwords across their accounts. If a bad guy can steal your password in one place, he probably can gain access elsewhere. The average smartphone user has about 100 different passwords to control, Lee says.

6. Use a password manager. People often create weak passwords because they can’t remember more effective, complex ones. A password manager can help. These tools also can generate a stronger password and remember it for you.

Many people can get by with the password manager built into their web browser or smartphone, or go with a free app. A premium password manager typically adds more robust security and extra features.

7. Investigate passkeys. Still in their relatively early stages, passkeys are more secure than passwords and may eventually replace them. They have the backing of Apple, Google, Microsoft and other giant companies.

In layperson’s terms, you have a pair of hidden keys that need to match. One is a public key that is on a web server. The other is the randomly generated private key, unique to your device.

Someone must have your computer, phone, or tablet to log in. Passkeys communicate with a financial institution or other website you’re trying to access, which verifies the device before allowing you to log in.

8. Authorize multi-factor authentication. “If you can only do one thing, enable MFA,” says Christopher Budd, a cybersecurity expert and former director at the Sophos security firm.

Multi-factor authentication, also known as two-factor authentication, provides an additional layer of protection beyond a password. After you’ve correctly entered your user credentials but before you log in, you must enter a one-time code sent to your phone, app or other device.

9. Share less. Question more. When information — maybe a Social Security number — is requested on medical forms and other documents, does the person or business absolutely need that information?

“We advise people to be a little more aggressive about asking, ‘What are you doing to protect my data? What are you doing to make sure my information is secure?’ And if it gets out, ‘What are you going to do to help me?’” Lee says.

Budd agrees: “Be willing to say, ‘No.’ ”

%{postComment}%

Edward C. Baig covers technology and other consumer topics. He previously worked for USA Today, BusinessWeek, U.S. News & World Report and Fortune, and is author of Macs for Dummies and coauthor of iPhone for Dummies and iPad for Dummies. Follow him on LinkedIn; Threads; and X, formerly known as Twitter.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member? Login

Recommended for You

Benefits Recommended For You

See All