You Are Viewing


Victim of a Data Breach? Time is of the essence.

DATA BREACH PHOTOTime is of the essence, whether your personal data has been compromised as part of a larger targeted cyber-attack, or you are the victim of an individual cyber-crime. You’ll need to take immediate action to minimize the impacts.

These are steps you should take within specified time-frames after discovering your data has been breached.


  1. Call your advisor, regardless of where or how the breach occurred, so he/she can watch for any suspicious activity in your accounts and collaborate with you on extra precautions to take in verifying your identity prior to any fund transfers.
  2. If you suspect you are also the victim of fraud or identity theft, call either your advisor or the custodian where your account is held directly. For BluePrint Wealth Alliance clients, this is generally either the Schwab Alliance team at 800-515-2157 or TD Ameritrade Client Services team at 800-431-3500. From there, they can explain how the respective custodian handles accounts of clients who’ve had their identity stolen or their account hacked, and escalate the case as necessary to their Fraud & Investigation teams to investigate your case and take necessary precautions to prevent unauthorized debits.
  3. Call the Social Security Administration’s fraud hotline at 800-269-0271 if you suspect your Social Security number has been compromised. The Office of the Inspector General will take your report and investigate activity using your Social Security number. The Social Security Administration also provides helpful materials, such as the pamphlet Identity Theft and Your Social Security Number.
  4. Contact the Federal Trade Commission (FTC), either at, by calling 1-877-IDTHEFT (TTY 1-866-653-4261), or by visiting Click on Report Identity Theft to access the Identity Theft Recovery Steps. This one-stop resource for victims of identity theft will guide you through each step of the recovery process, from reporting the crime to creating a personal recovery plan and putting your plan to action.
  5. Review the Taxpayer Guide to Identity Theft at the IRS website, if you’re the victim of tax fraud, which provides education on tax-related identity theft, tips to reduce your risk, and steps for victims to take.
  6. If appropriate, close any compromised or unauthorized accounts. Alternatively, some banks and custodians allow to “clone” the account. This allows an identical account to be opened, your funds or assets moved, and the compromised account to be closed.
  7. Run reputable anti-virus/anti-malware/anti-spyware software to clean your computer.
  8. Once you’ve ensured your computer is virus/malware/spyware free, you should change passwords on your accounts. Make each password unique, long, and strong, and use two-factor authentication when available.


  1. If the breach occurred at a firm with whom you do business, be sure to follow the legitimate directions provided by that firm. If it offers credit protection services, consider signing-up for the service.
  2. Report the crime to your local police, even though the incident may cross multiple jurisdictions. Your local police will file a formal report and may be able to refer you to additional resources and agencies that can help.
  3. Report your stolen money and/or identity to one of the three main credit bureaus. Provide the credit bureau with your police report number and ask them to place a fraud alert on your account to prevent additional fraudulent activity. Once the fraud alert is activated, the two other credit bureaus will receive automatic notification and the fraud alert on your credit report will be in place for seven years with all three credit bureaus. (Without your police report number, the alert will only be in place for 90 days.)
  4. Put a freeze on your credit report with each of the main credit bureaus to prevent the unauthorized opening of accounts. Executing a freeze with one credit bureau will NOT automatically update the others. You can easily unfreeze your credit report when needed. Contact the credit bureaus using this contact information for freezes.
  5. Review all recent account statements for unauthorized activity and report any suspicious transactions to the business where the unauthorized or suspicious activity occurred.
  6. Consider what other personal information (e.g., birth date, social security number, PIN numbers, account numbers and passwords) may be at risk and alert the appropriate businesses.
  7. Begin collecting and saving evidence such as account statements, canceled checks, receipts, and emails that may be useful if an investigation is warranted regarding the cyber-crime.


  1. Carefully review statements on all accounts as soon as they arrive. Look for unauthorized activity, and report any suspicious transactions to the business where the unauthorized or suspicious activity occurred.
  2. Notify your friends, family, business associates, and other relevant parties in your contact list that you were hacked. Tell them to beware of emails that may have been sent to them from your account.
  3. Speak with your advisor regarding precautions you’ll jointly take to enhance the identity verification process when you want to execute financial transactions.
  4. For additional protection, use two-factor or multi-factor authentication at your financial institutions.
  5. If you’re a victim of Social Security fraud, go to and create an online Social Security account. This will enable you to access and review your statement online and verify its accuracy.
  6. Request a credit report every six months to check for unauthorized activity. It will NOT affect your credit score.
  7. Be diligent for the next year in taking precautions to avoid further security incidents.

While we hope you are never the victim of a data breach, we provide this information to help you take the necessary steps to mitigate the impacts if your data has been compromised.

Please Note: BluePrint Wealth Alliance does not monitor your systems, does not render cyber-security or IT advice, does not endorse any technology company or vendor, and has no way of knowing that you are encountering any system or cyber-security issues until you let us know.

If you receive an unsolicited phone call from someone claiming to be with BluePrint Wealth Alliance, offering to help you with systems issues or asking you for permission to access your computer, do not engage with the caller other than asking the individual to provide you with a call back number.