It's an unfortunate but common story.
After using your credit card at a major retailer, you get some bad news: The company was hacked and your personal information may have been stolen.
Related: The Upside to Those Credit Card Hacks
Data breaches are a widespread problem affecting not just retailers, but government agencies and health-care organizations as well. An annual survey by Javelin found 13 million people were victims of identity theft last year, with the total amount stolen reaching $15 billion.
"Companies who have your data online are not securing it properly," said J.J. Thompson, CEO of Rook Security in Indianapolis.
If you have been part of a data breach, follow these steps to protect yourself.
Change your passwords
"First thing to do is immediately change your email password, then make sure you have your credit monitoring going," said Thompson.
Related: How Safe Is Our Medical Data? Russian Hackers Leak Records of US Olympic Athletes
A thief that has access to your email can be the most dangerous since your email often contains other identifying information that can be used to create more fraudulent accounts in your name.
In addition to email, also change your login for important financial websites, including online banking or retirement accounts.
Read but don’t click
Most states have laws requiring businesses to notify consumers of data breaches. You can expect to receive some form of communication such as an email or letter telling you when and how it occurred.
However, never click on any email links or send in personal information, because it may not be authentic.
"You may not be talking to that company — you may be talking to the attacker," Thompson said. Instead, he suggests initiating any contact yourself and doing your own research on the breach by going to the company's website.
Take care of your credit
This is especially true if you think your Social Security number may have been stolen.
Contact the three major credit reporting companies Equifax, Experian and TransUnion — and put a credit freeze on your account. This restricts access to your credit report, making it harder for thieves to open new accounts in your name.
Thompson also suggests setting up a Google alert for your email. That way if a hacker posts it, you'll know about it.
Many retailers also offer free credit report monitoring for victims; if that's you, make sure you take advantage of it.
This article originally appeared on CNBC. Read more from CNBC:
Valeant shares spike on report it is in talks to sell Salix unit
Why Democratic panic may just be wasted energy
Just like last year, the Fed could be hiking rates into a weak economy
