You do everything right. You never open sinister emails. You don’t click on unsolicited links. You hold your passwords tight and change them often. So, what happens when a company with whom you do business gets hacked? It’s happening more and more, and the two most recent victims were Uber and American Airlines.

In Uber’s case, a teenaged hacker used social engineering tactics to convince an Uber employee to provide multi-factor authentication information to bypass security measures. Once inside, the hacker infected the system with malware, downloaded “personal information” (though the company didn’t specify what kind), and put the information up for sale to the highest bidder. With American Airlines, employee email accounts were breached, releasing some customer and employee information including dates of birth, passport numbers, and even some medical information.

In both cases, customer information was put at risk not by customer action or inaction, but by the companies they entrusted with their information. Consider how often you use a credit card online to make a purchase. How often you enter your mother’s maiden name or even upload medical information to what you imagine is a secure portal. You’re trusting that the website with which you’re interacting is secure—but it isn’t always.

While companies are taking cybersecurity more seriously and investing in security measures, these types of attacks are all but inevitable. As always, you can mitigate risk yourself in a few different ways:

1. Only buy from secure sites. Remember to check for the “Https” in a web address.
2. Consider using an insured payment service like PayPal instead of a credit card.
3. Use a mobile wallet like Apple or Google wallet.
4. Avoid entering sensitive information (personal, financial, and medical) online unless you absolutely must.

And, if a vendor or company does happen to be hacked (and they make the hack public), you aren’t totally powerless.

1. If you have a credit card on file with the company, cancel the card immediately, call your bank to notify them, and request a new card. When you receive it, be sure to select a new PIN.
2. Change not only the password but any security questions associated as well.
3. Be wary of emails from the company. Hackers may use the list of email addresses they’ve acquired to message potential victims, pretending to be the trusted company. Check the return address and never click a link you don’t trust.

Unfortunately, with all the great and useful strides we’ve made in technology comes people who want to take advantage of vulnerabilities and hurt people in the process. Nobody (or company!) is perfect, but a little preparation and a panic-free response can certainly minimize the damage of a hack.