Personal information, such as your name along with your social security number, bank or credit card account number, or medical information, must be kept confidential and secure under Missouri law. Any entity that has your personal information, including your employer and companies you do business with, must notify you if there is a security breach of your personal information.

What is a data breach?

A data breach, or “breach of security,” is defined as the “unauthorized access to and unauthorized acquisition of personal information maintained in computerized form by a person that compromises the security, confidentiality, or integrity of the personal information.”  § 407.1500 RSMo.

If a business that has your personal information suffers a data breach which results in the exposure of your personal information, that business must notify you.   

Remember that you have different types of personal information. A data breach, as defined by the Missouri data breach statute, might involve the unauthorized access of your: 

  1. credit card or other financial information;
  2. medical or health insurance information; and/or
  3. other personal information, including your social security number or driver’s license number. 

Steps that you can take to protect yourself after a data breach might vary depending on what type of personal information was compromised. 

How can a data breach occur?

Data breaches occur in various ways. Some examples include:

  1. an employee or former employee stealing customer information;
  2. improper handling of your personal information, including inadequate security, or improper disposal of documents or outdated office equipment;
  3. improper posting or other unauthorized disclosure of information;
  4. theft or resale of hardware which contains information;
  5. hacker attacks; and
  6. computer virus or other method of stealing credit card information at the register. 


What should I do if I receive a data breach notice, or if I think my personal information was exposed in a data breach?

The steps you should take after a data breach may vary based on what type(s) of personal information was compromised. Depending on the type of personal information, you may be at risk for different types of identity theft. For example, if your health insurance information was compromised, you may be at risk for medical identity theft. If your credit card information was compromised, you may be at risk for financial identity theft. Be sure to take steps specific to your risk. For information on the different types of identity theft, and what you can do to help prevent each type, please refer to our information on identity theft.

Here is a checklist of things you can do if you receive a data breach notice.

The truth about credit reports and credit monitoring.

If an organization that has your data suffers a data breach, that organization may provide you with free credit monitoring. This credit monitoring can be valuable and save you time, but because of its limitations, you should still refer to our information on identity theft and take those steps to protect yourself.

You should take these additional steps to protect yourself because the company doing the credit monitoring does not know you nearly as well as you know yourself. The credit monitoring company will generally only review information which creditors ask to have added to your credit report. This means that the company might not catch suspicious things like an unauthorized credit card charge or bank withdrawal, or a website password not working when it should, or a medical bill you receive for services you did not use. Read our information on identity theft for additional steps you can take.