You’re careful with passwords, don’t click unfamiliar links, and shred all documents that contain personal financial information. You’ve done all the right things, and yet, you find out that your information was involved in a data breach.
There is lots of information out there about how to keep yourself safe, but what do you do if the unthinkable happens, and you are the victim of a breach? What are your next steps?
According to the Identity Theft Resource Center (ITRC) more than 4 million customer records are lost each year due to major data breaches.
A data breach is when personal identifying information (PII) is accessed, taken or used by a person without permission. Data breaches can impact companies and consumers negatively in many ways, costing them money, time, and sometimes even reputational damage.
Data obtained in these breaches can include your name, date of birth, Social Security Number, address and more. The end goal for scammers is to offer your PII up for sale through black market sources. Once these sources obtain PII for sale, it is assumed that having it removed will be very difficult if not impossible. However, that doesn’t mean there aren’t things you can do to protect yourself if the inevitable occurs.
Contact a Credit Monitoring Service(s)
Occasionally, when a large data breach occurs, you’ll hear the company that was breached offering free credit monitoring services to people impacted. Credit monitoring services are instrumental in helping consumers recover from identity theft. Credit monitoring services are simply a mechanism for the Credit Reporting Agencies (CRAs) to track a consumer’s credit file in order to detect any suspicious activity or changes.
But should you take advantage of these offers? If you are already receiving credit monitoring services, perhaps as a benefit through your employer, financial institution or insurance carrier for example, then passing on the monitoring aspect might make more sense. However, if you do not have access to robust credit monitoring services and have the ability to enroll in free credit monitoring services offered as part of a breach, it may be a good option.
If you are going to set up credit monitoring, it is best to do this BEFORE freezing your credit.
Initiate a Security Freeze
Next, but just as crucial, is to initiate a security freeze with the three major credit bureaus. A security freeze blocks any potential creditors from being able to view or pull your credit file, unless you affirmatively unfreeze or “thaw” your file beforehand. Having a freeze in place does nothing to prevent you from using existing lines of credit you may already have, such as credit, mortgage and bank accounts. When you place a freeze, each credit bureau will assign you a personal identification number (PIN) that needs to be supplied when you open a new line of credit. When that time comes, consumers can temporarily thaw a freeze for a specified duration either online or by phone.
Since credit inquiry caused by a creditor has the potential to lower your credit score, the freeze also helps protect your score.
To file a freeze, consumers must contact each of the three major credit bureaus online, by phone or by mail. Below is their contact information:
Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788
Online: Experian Freeze Page
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013
Online: TransUnion Freeze Page
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016
Beyond the big three bureaus, Innovis is a distant fourth bureau that should be contacted. filing a freeze with Innovis also is free and relatively painless.
Wireless phone companies currently check consumer credit using another credit reporting bureau operated by Equifax called the NCTUE. Freezing your credit with Equifax is not enough, NCTUE also offers a freeze process. The only way to freeze your credit with NCTUE is by calling their 800 number 866-349-5355.
It’s also a good idea to notify ChexSystems. ChexSystems is used by banks to verify customers that are requesting new checking and savings accounts and lets consumers place a security alert on their credit data.
Unlike credit freezes, credit locks are not governed by any law, meaning that the credit bureaus can change the terms of these arrangements when and if it suits them to do so. If you have already signed up for credit monitoring services, placing a freeze on your file should not impact those services. However, it is generally not possible to sign up for new credit monitoring services once a freeze is in place. So, if you wish to avail yourself of credit monitoring, it’s best to sign up before placing a freeze.
- Visit usa.gov/identity-theft for a complete checklist presented by the US government to assist prevent or response to identity theft.
- Consider using a constant credit monitoring tool – CreditKarma.com. CreditKarma monitors only TransUnion and Equifax.
- Periodically order a free copy of your credit report and review your credit file. There are several forms of identity theft that probably will not be blocked by a freeze. By law, each of the three major credit reporting bureaus must provide a free copy of your credit report each year — but only if you request it via the government-mandated site annualcreditreport.com.
- Avoid any other sites that offer free credit reports, those sites will try to trick you into signing up for other services.
- Monitor daily your postal mail, it is recommended to opt out prescreened offers of credit and insurance (for five years or permanently) – visit optoutprescreen.com. to submit an opt-out request.
Keep Your Home Network Secure
Once all of the above tips have been put into place, its time to take some steps to ensure you are more protected the next time your information is involved in a data breach.
Here are some simple things you can do:
- Change all passwords – email, bank accounts, retail etc.
- Make sure your operating system (Windows 10, Windows 11, etc.) is up to date. The latest version of any operating system contains security upgrades not found in the previous version. Many of these security features are enabled by default and help prevent the latest attacks.
- Install comprehensive security software that provides layered defense via anti-virus, anti-phishing, safe browsing and firewall capabilities.