Updated July 2025

Website data breaches, defined as “cybersecurity mishaps” in which sensitive information is accessed and retrieved without the consent or authority of the owner, have been much in the news of late. Records maintained at the common consumer sites of Target, Uber, Netflix, and Yahoo were all invaded. Perhaps the most potentially embarrassing attack occurred a few years ago at Ashley Madison, an online dating service marketed to people who are married or in relationships.

Breaches have grown progressively larger. Although one of the largest exposures of data in history occurred in 2013, when hackers gained access to information about more than 3 billion Yahoo customer accounts, that breach did not expose sensitive information. In 2017, hackers gained access to data stored by the credit reporting agency Equifax. That breach, resulting from a flaw in the company’s software that was never patched, exposed information affecting more than 145 million American consumers, including names, Social Security numbers, birthdates, addresses, driver’s license numbers and issuing states, credit card numbers and expiration dates, tax identification numbers, email addresses, and more.

After the scope of the Equifax breach was made public, an industry executive revealed: “We have a problem now that we don’t know how to fix.” Those words proved to be prophetic. Only a year later, a breach at Marriott exposed the credit card numbers of more than 8 million guests and the passport numbers of more than 5 million.

While the Equifax breach set a record for the loss of personally identifying information, the record has been repeatedly broken. In 2021, a hacker forum published the phone numbers, user IDs, full names, birthdates, and other data belonging to 533 million Facebook customers. In 2025, security experts located a database of 16 billion login credentials, including passwords, for a variety of online services, such as Apple, Facebook, Google, GitHub, and Telegram.

It took years to discover the full scope of the Equifax breach. But the population of older Americans—here defined as 55 and older—was among the hardest hit. “Older adults always have bulls’ eyes on their backs because they own 70% of the wealth in this country,” explains Shawna Reeves, director of Elder Abuse Prevention at the Institute on Aging. She notes that it is not only wealthy seniors affected by nefarious information snitching.

Theft in Various Forms

Seniors seen as vulnerable or lonely are also particular targets for face-to face scams and unscrupulous marketers purporting to offer free or low-cost merchandise such as cell phones with untold strings attached.

Reeves emphasizes that older people are frequently the aims of other types of shady losses, including those occasioned by:

• Dumpster diving—in which valuable information is retrieved from documents such as bank statements left unshredded in garbage and recycling bins
• Mail, purse or pocket theft
• Credit and debit card theft
• Phishing—in which valuables such as usernames, passwords, credit card details are lifted by thieves disguised as a trustworthy entity in an electronic communication, as well as its more sophisticated cousin, spear phishing—in which the electronic thieves snag their victims with information edited to be unique to their targets
• Pharming—malware that allows outsiders to get access to a computer, or ports users to another site that appears legitimate to get them to enter passwords and other allegedly protected information
• Vishing—getting access to private information over the telephone, and
• Smishing—eliciting private information through email messages.

Preventative Steps to Take

There are a number of precautions that experts encourage consumers to take to ensure their private information stays private.

Be cautious in computer use. Create strong passwords that don’t include personal identifying information such as an address or birthdate, and make them complex by adding capital letters, numbers, and symbols if possible. Also be sure to do something few people do: Update all passwords often—at least every six months.

Another common slip-up: Trumpeting personal information such as birthdates and upcoming vacations on social media sites such as Facebook—an evolving goldmine for thieves.

Also, don’t use public computers, such as those in a library or common living space, to conduct private interactions such as paying bills or seeking medical information, If you do use public computers, be sure to delete your browsing history (usually by hitting control + shift + delete) and to log out of a session when finished.

Keep your Smartphone smart. Use a password or fingerprint-protection to keep others from gaining access. Most newer phones also have a “kill switch” feature in the setting or “find my phone” panels that enable owners to deactivate them if lost.

Store personal information safely. Be fastidious about keeping laptop computers as well as such as passports, tax documents, and Social Security information in safe places, preferably locked or secured.

Use those shredders. Shred potentially sensitive papers, such as receipts, statement and credit offers before discarding them.

Check your mail. Resist the temptation to let the mail pile up. Check it promptly for usual activity such as credit card offers bearing unfamiliar names. And put a hold on it at the Post Office if you intend to be out of town for more than a few days; you can now do that quickly and easily online.

Monitor your credit. Monitor your accounts often, checking for irregularities or charges you don’t recognize.

And request credit reports—detailed listings of your credit history based on spending and buying habits. This information is collected and maintained by three agencies in the United States: Equifax,  Experian, and Transunion. Each company is required to supply a free copy of your report once yearly; there is a slight charge for reports requested more frequently. And obtaining these credit reports was recently simplified through a single website. Experts recommend that you stagger report requests from the three companies throughout the year to get the best picture of your credit records.

If Your Credit Is Compromised

If the annoying-to-imagine happens, and your information is compromised in a breach, there are immediate steps to take to at least stem the flow of access and get some help in tracking the culprits.

1. Request your credit reports, as explained earlier, and check them scrupulously for unusual activity. Be sure to correct any inaccurate information at once.
2. File a report with the Federal Trade Commission, which supplies an online form for this very purpose.
3. File a report with your local police department. While the response will vary widely from locale to locale, such reports are needed before other agencies will step in to take action. When filing a police report, you will need to supply a copy of your credit reports, along with a form of identification and proof of your address.
4. Contact any companies, such as department stores or online sellers, that were erroneously charged in your name. While other authorities may also do this if you pursue a claim, doing it yourself gives you assurance it will happen quickly.
5. Consider placing a temporary credit alert on your accounts, which requires creditors to take extra steps to verify your identity for 90 days, or a credit freeze, which can last for up to seven years if you are the verifiable victim of fraud or identity theft. Contact one of the three credit agencies to take either step.
6. Contact the Internal Revenue Service, since many thieves file fake returns in the hopes of collecting money back. The IRS will require you to complete a Form 14039, Identity Theft Affidavit.

(This article has been updated July 2025 since it originally published on March 2018.)