If you’ve ever lost a credit card, had your identity stolen or even lost your wallet, you know what a pain it is and what worry is attached. For an estimated 77 million Sony PlayStation subscribers, today is that day.

With the risk that their credit card data has been pilfered along with all other information they entrusted to Sony when signing up (name, address and phone number, etc.), it’s time to start acting like victims.

That means considering canceling credit cards, planning to systematically— one every four months — order credit reports (you are entitled to one a year free from each of the three major credit agencies from this site) to see if someone has taken credit in your name. That means closely monitoring all your bills to make sure that no extra charges are lopped on.

“This is certainly a public relations disaster for Sony,” said Beth Given, executive director of the Privacy Rights Clearinghouse. “They haven’t been clear on whether or not credit card information was exposed, and that is what customers are most worried about.”

The sheer scope of this theft is staggering. According to records of data thefts kept by Privacy Rights Clearinghouse, this is the third largest in history. Breaches of computers run by Heartland Payment Systems (a credit card processor) and retailer TJX were the largest.

“If we were still using the old color-coded terror alert, this would be the equivalent of going to “orange alert” — an attack on your bank account may not be certain, but there is a high risk and you should redouble your vigilance,” said Daniel P. Ray, editor-in-chief of CreditCards.com.
“A thief with your credit card information can quickly run up charges without your knowledge,” Ray said.

Although federal law protects credit card users from liability for more than $50 of fraudulent charges (debit card rules are less comprehensive), Ray points out that most card issuers go beyond that and offer full protection. That doesn’t mean vigilance is optional. You still have to report suspicious charges to avoid having to pay them, and if you’re account is tied up with fraudulent charges you’re going to have some problems.

“As a practical matter, the fraudulent activity can also trigger the card issuers’ fraud detection programs, which could cause them to shut down your card,” Ray said. “If you make regular use of your card, whether for automatically paying your gym bill, booking travel or renting a car — your life will become more difficult unless you have a backup card you can use.”

And similar to the major email breach of a couple of weeks ago, those who did business with Sony PlayStation need to watch their emails for further attacks and attempts to get even more personal and financial information. (Some tips for avoiding phishing attacks.)

“The fraudsters know who you bank with, and so they can create more plausible-sounding, targeted phishing offers — spear-phishing, it’s called,” Ray said.

If you’ve spotted fraudulent charges on your accounts, you need to be methodical in how you handle the situation to avoid damage to your credit and to be sure you’re not the hook for them. The Federal Trade Commission has a guide for victims of identity theft that includes a checklist of steps you need to take to protect yourself.

And Sony should do as other companies have done in the face of exposing its customers to such peril, buy them credit monitoring protection. That’s something almost never worth it for consumers to buy themselves, but a service the company should put in place today.