When it comes to account security, many of us make a common mistake: We reuse passwords.

When a hacker gets into a company’s database, they gain access to personal information such as email, geolocation information, not-so-securely encrypted passwords, and other sensitive demographic data.

You should receive a data breach notice if this potentially affects you, but you might be tempted to ignore it if it’s about an old account that you don’t use anymore. But hackers know there’s a good chance you’ve reused that account password elsewhere — like your bank account. If so, you might have an identity theft problem on your hands. 

If you get a data breach notice, act quickly to protect yourself:

• Change passwords right away. If a company tells you about a breach — especially one involving your password — immediately change the password that you use with that company and on your accounts using a similar password. Consider using a password manager to help create complex and unique passwords (that you won’t reuse) without having to memorize them.

• Turn on multi-factor authentication. Some accounts offer extra security by requiring something in addition to a password to log in to your account — like a passcode you get via an authentication app or a security key. This helps secure your account even if your password is exposed.

• Check what information was exposed and take action. Whether it’s your password, Social Security number, or your bank information, IdentityTheft.gov/databreach has resources to help protect yourself from identity theft.