My Account
General Investing

Protect Your Data—and Your Dollars

Personal and consumer data breaches put your personal information at risk. What can you do to protect yourself?


Key Takeaways

Cybercriminals use a variety of methods to obtain data from companies and individuals, resulting in billions of dollars in losses.

Stolen personal data is a financial risk; criminals can access bank accounts or ruin your credit by applying for credit cards in your name.

Monitoring your online accounts can put you in control so that data breaches may have less of an impact on your life and finances.

Over the past few years, massive data breaches have become almost commonplace. Leaks put the personal information of billions of people around the world into cybercriminal hands—including email addresses, usernames, passwords, full names, birthdates, Social Security numbers, physical addresses, account numbers and even medical information.

277 days On average, it takes 277 days for companies to discover data breaches.¹

How Does Identity Theft Happen?

Although data breaches can expose a massive amount of personal data, it is not the only way criminals obtain sensitive information about you.

When you post on social media platforms, that information can be viewed, saved and used against you. Additionally, cybercriminals will often target individuals to obtain sensitive information. Armed with this information, identity thieves could then try to drain your financial accounts or apply for new credit cards or mortgages in your name.

Every 22 seconds an identity theft case is reported.²

Perpetrators can also assume your identity in another location to defraud you, such as using your Social Security number for employment, to get medical treatment on your health insurance or to file fraudulent tax returns.

Identity Theft Tactics

Phishing: An email disguised as a message from a legitimate sender to bait you into sharing personal information or downloading malware. Closely related, spear phishing is a targeted attack on an individual using information obtained online, such as from social networking sites.

Social engineering: The art of manipulating people (either online or in person) into giving an attacker sensitive information or access. This can include using the information to gain control over a computer system, stealing someone’s identity or using their credentials to access accounts.

Data breaches: The theft of data or information from a business, organization or government system. Commonly this refers to when sensitive information, such as Social Security numbers or credit card numbers, is exposed.

Physical theft: The act of stealing objects like your phone or wallet, digging through your trash or removing items from your mailbox.

Fake websites: A website that is designed to imitate a legitimate business, such as banking websites, online marketplaces, package delivery sites, etc. These fake websites will often have data entry forms that will trick you into entering your sensitive information.

$10.3 Billion in losses were reported in 2022 from internet scams around the world, according to the FBI.³

How to Protect Your Personal Information

With so much data out in the open—and the potential for it to be used fraudulently—knowing how to guard your personal information online is the first line of defense. Control what you can and monitor your accounts so that any data breaches may have less of an impact on your life and finances.

42% of people admit to reusing the same password for some or all accounts.⁴


Use strong passwords and change them often.

  • Length is more important than complexity. An 8-character password with basic complexity takes 6 minutes to crack, but a 14-character password with the same complexity could take years to crack.

  • Don’t use the same usernames and passwords for multiple sites because a data breach for one account could also compromise other accounts. Be sure to use different passwords for online financial sites than the ones you use for social media.

  • Password manager software is a much more secure way to store your passwords than a physical list.

Enable multifactor authentication (MFA).

  • Multifactor authentication provides an extra layer of security for your account by requiring additional verification using a security code sent to your phone or personal device. This reduces the risk of account compromise even if someone obtains your password.

  • This process protects your account more effectively by requiring something you know (your username and password) as well as something you have (a code on your phone) when you log in.

  • The MFA security code should only ever be used by you, so do not provide it to anyone over the phone or by text.

Understand your digital footprint.

  • Do an online search of yourself to understand what information is publicly available so you can better control what type of information you expose.

  • Evaluate your privacy settings, especially on social media.

  • Think through what you post before you post it, and be aware that what you make public has the potential to be used by others. Remember, what happens on the internet stays on the internet.

  • Delete or deactivate old accounts that are no longer needed. This limits your online presence and lowers the chance of bad actors obtaining credentials or other information about you.

Be wary of Wi-Fi.

  • Activate password protection for home Wi-Fi networks.

  • Avoid logging in to personal accounts or making transactions through public Wi-Fi, especially if the website you're accessing doesn't include encrypted technology (look for addresses that start with https:// rather than http://).

Know the red flags of phishing emails and fake websites.

Remember that bad actors will try to STEAL your data. Look for these red flags:

Sender: Do you know the sender of the email?

Threatening language: Bad actors will use threatening or urgent language to get you to act, both in phishing emails and fake websites.

Errors in grammar or spelling: Look out for grammatical mistakes in both phishing emails and fake websites. Most legitimate businesses or senders will not be this sloppy.

Attachments: Are there suspicious attachments the sender is asking you to open immediately?

Links: Hover over the link before you click it to see where it is trying to take you.

$52 million lost by Americans in phishing email scams in 2022.⁴


Keep important documents safe.

  • Store your Social Security card and statements, birth certificates, tax returns, financial records, loan agreements and insurance documents in a home safe or locked file cabinet.

Shred documents that contain personal information.

  • Safely discard monthly bills, bank statements and correspondence, paycheck stubs, direct deposit receipts and pre-approved credit card offers.

Check your mail daily.

  • Stop delivery if you will be away for an extended period. Check to see if Informed Delivery, a digital preview of your mail, is available in your area.

Keep track of your wallet or purse.

  • Consider what you really need to carry: driver’s license, debit or credit cards, work identification, gym membership, health insurance card (and not your Social Security card), etc.

On Your Phone

Don't give out personal or financial information during an unsolicited call.

  • If the caller claims to be from a company and you're unsure, hang up and call the company's publicly available number directly. Never reply to text messages asking for personal information.

Lock your phone; choose a strong passcode.

  • Consider using biometric identification features such as fingerprint or face recognition scans. Use remote wipe software to protect your information in case of theft.

How We Protect Your Investment Accounts

American Century Investments proactively guards against the threat of cybercriminals.

Our information security team designs and maintains technical security systems, and we employ strict internal controls and policies to secure our clients’ private information.

What to Do If Your Information Is Exposed or If You Suspect Identity Theft

Act fast. Hackers and identity thieves have a head start because they have already obtained your data before you even know it’s missing.

  1. Contact financial institutions.

  2. Change passwords and ensure they are unique across all accounts.

  3. Close fraudulent accounts.

  4. Place a fraud alert on your credit reports by contacting the three major credit bureaus: Equifax, Experian and TransUnion.

  5. File a report at

  6. Order copies of credit reports through the Consumer Financial Protection Bureau or the major credit bureaus.

  7. Capture all communications in writing.

Additional Identity Theft Resources

Security Checklist

Online, offline and on your phone—get tips to safeguard your personal data.
Download our security checklist

Credit Reporting Agencies




Federal Trade Commission Resources

Get Free Annual Credit Reports

Report Identity Theft

Opt Out of Pre-Approved Credit Offers

Sign Up Your Phone With the National Do Not Call Registry

We're Committed to Protecting You

Learn more about how we work to safeguard your financial accounts.


Cost of a Data Breach Report 2023, IBM Security and Ponemon Institute LLC.


2023 Identity Theft Facts and Statistics, National Council on Identity Theft Protection.


2022 Internet Crime Report, Federal Bureau of Investigation.


OnePoll survey, AT&T, April 28 - May 3, 2022.

This material has been prepared for educational purposes only. It is not intended to provide, and should not be relied upon for, investment, accounting, legal or tax advice.