If you suspect that your Social Security number or other important identifying information about you has been leaked, experts say you should put a freeze on your credit files at the three major credit bureaus, Experian, Equifax and TransUnion.

You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name.

The catch is that you'll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.

Read more: Are you the victim of identity theft? Here’s what to do

Placing a freeze can be done online or by phone, working with each credit bureau individually.

PIRG cautions never to do so in response to an unsolicited email or text purporting to be from one of the credit agencies — such a message is probably the work of a scammer trying to dupe you into revealing sensitive personal information.

For more details, check out PIRG's step-by-step guide to credit freezes.

You can also sign up for a service that monitors your accounts and the dark web to guard against identity theft, typically for a fee.

If your data is exposed in a breach, the company whose network was breached will often provide one of these services for free for a year or more.

If you want to know whether you have something to worry about, multiple websites and service providers such as Google and Experian can scan the dark web for your information to see whether it's out there.

But those aren't specific to the reported National Public Data breach.

For that information, try a free tool from the cybersecurity company Pentester that offers to search for your information in the breached National Public Data files.

Along with the search results, Pentester displays links to the sites where you can freeze your credit reports.

As important as these steps are to stop people from opening new accounts in your name, they aren't much help protecting your existing accounts.

Oddly enough, those accounts are especially vulnerable to identity thieves if you haven't signed up for online access to them, Murray said — that's because it's easier for thieves to create a login and password while pretending to be you than it is for them to crack your existing login and password.

Of course, having strong passwords that are different for every service and changed periodically helps.

Password manager apps offer a simple way to create and keep track of passwords by storing them in the cloud, essentially requiring you to remember one master password instead of dozens of long and unpronounceable ones.

These are available both for free (such as Apple's iCloud Keychain) and for a fee.

Beyond that, experts say it's extremely important to sign up for two-factor authentication.

That adds another layer of security on top of your login and password.

The second factor is usually something sent or linked to your phone, such as a text message; a more secure approach is to use an authenticator app, which will keep you secure even if your phone number is hijacked by scammers.

Yes, scammers can hijack your phone number through techniques called SIM swaps and port-out fraud, causing more identity-theft nightmares.

To protect you on that front, AT&T allows you to create a passcode restricting access to your account; T-Mobile offers optional protection against your phone number being switched to a new device, and Verizon automatically blocks SIM swaps by shutting down both the new device and the existing one until the account holder weighs in with the existing device.

Your Worst Enemy Maybe You

As much or more than hacked data, scammers also rely on people to reveal sensitive information about themselves.

One common tactic is to pose as your bank, employer, phone company or other service provider with whom you've done business and then try to hook you with a text or email message.

Banks, for example, routinely tell customers that they will not ask for their account information by phone.

Nevertheless, scammers have coaxed victims into providing their account numbers, logins and passwords by posing as bank security officers trying to stop an unauthorized withdrawal or some other supposedly urgent threat.

People may even get an official-looking email purportedly from National Public Data, offering to help them deal with the reported leak, Murray said.

"It’s not going to be NPD trying to help. It’s going to be some bad guy overseas" trying to con them out of sensitive information, she said.

It's a good rule of thumb never to click on a link or call a phone number in an unsolicited text or email.

If the message warns about fraud on your account and you don't want to simply ignore it, look up the phone number for that company's fraud department (it's on the back of your debit and credit cards) and call for guidance.

"These bad guys, this is what they do for a living," Murray said.

They might send out tens of thousands of queries and get only one response, but that response could net them $10,000 from an unwitting victim.

"Ten thousand dollars in one day for having one hit with one victim, that's a pretty good return on investment," she said.

"That's what motivates them."