Blog Post

Blog Post  Data Breaches: How Can Consumers Be Proactive and Reactive?

Protect your data so you are less likely to be involved in a data breach and react quickly if a breach occurs.
2/06/2025
  • Office of Consumer Affairs and Business Regulation
Open lock on top of a keyboard with headline that says Data Breaches.

“Every few months a big breach happens, almost like a timer goes off,” says Al Anzola, Senior Director of Programs at the Office of Consumer Affairs and Business Regulation (OCABR). Because data breaches are frequent, somewhat inevitable, and out of consumers’ control, it is important to take proactive steps that protect personal data from a potential breach and know how to react in case data becomes compromised.

Data Privacy: Being Proactive

Being proactive about data breaches, as a consumer, really boils down to being vigilant about your data privacy. “Different industries have different rules around data privacy, so it’s important to stay informed and take proactive steps to safeguard your personal information,” says Anzola. “We encourage consumers to stay informed and follow best practices,” adds Brad Souders, Data Breach Program Coordinator at OCABR, emphasizing that “consumers should always be mindful about what data they are allowing organizations and applications to access.”

Here are some ways to protect your data:

Passwords: 

Create long, unique passwords, and use different ones for every account so if one account is hacked, all of your accounts aren’t compromised. A password manager is helpful so that you can make complex passwords and not worry about forgetting them. You most likely already have access to a password manager; for example, Apple products have iCloud Keychain and Microsoft Edge has a password manager built into the browser. Additionally, turn on multifactor authentication when possible, so your accounts are harder to hack.

Privacy Settings: 

Whenever offered the option, always choose to share less data. For example, if you open a site and you have the option to not share cookies, then don’t. You can also go into the settings menu for apps and programs and change privacy options to meet your comfort level.

Considering Tradeoffs: 

When allowing an app or organization to access your data ask youself, “is the data they are requesting relevant to the app or service?” and “can I control how much data I share?” If the answers are no, then consider whether or not the app or service is worth the amount of personal data they require.

After a Data Breach: Being Reactive

“In Massachusetts, companies are legally required to report data breaches that compromise residents' personal information, to our office and the Attorney General,” said Souders. Companies must alert affected residents of a breach and in some cases, offer credit monitoring so that consumers are alerted if their information is being used to commit fraud.

Here are the steps you should take right after receiving a data breach notification letter:

  • First, double check that the data breach and your notification letter are real, so you don’t fall victim to a scam. Scammers may send you a fraudulent letter in an attempt to get your personal information. You can verify your letter on OCABR’s data breach web pages, Data Breach Notification Letters | Mass.gov, by comparing your letter with an official one that has been submitted to the state. If you are not able to find a letter on the OCABR site similar to the one you received, this may be an indication of a scam.
  • Check what information was breached by looking at OCABR’s Data Breach Reports: Data Breach Notification Reports | Mass.gov. Knowing exactly what data has been compromised will help you understand the exact risks you are facing and help you take specific action to mitigate the damage.
  • Create new passwords for any account that may have been compromised in the breach as well as any accounts that share passwords with compromised accounts. If possible, add multifactor authentication to your accounts for added security.
  • Freeze your credit accounts for free with the three main credit reporting agencies, Experian, TransUnion, and Equifax. This limits access to your credit report and helps prevent fraudulent activity.
  • Be sure to request your free annual credit report from all three agencies.
  • Accept help from the breached company. Often, they will offer either free credit monitoring for a certain amount of time or compensation. If they do not offer this, monitor your bank and credit accounts yourself. 

We’re Here to Help

The Office of Consumer Affairs and Business Regulation (OCABR) helps protect and empower consumers through advocacy and education. If you have questions about data breaches and privacy or other concerns, call our Consumer Hotline at 617-973-8787, Monday through Friday, 9:00 AM to 4:30 PM. Live language translation is available. 

  • Office of Consumer Affairs and Business Regulation 

    The Office of Consumer Affairs and Business Regulation protects and empowers consumers through advocacy and education, and ensures a fair playing field for the Massachusetts businesses its agencies regulate.
  • Help Us Improve Mass.gov  with your feedback

    Please do not include personal or contact information.
    Feedback