When a cyber criminal strikes at your identity, one of the first things to be affected is your credit- declined credit card requests and odd changes to your credit report showing that you owe money, and a newly minted low credit score.
A data breach usually is when a single (or group of) malicious hacker(s) break into a company’s website or some kind of database, stealing customer or citizen’s private data such as credit cards or PII (personally identifiable information). This private data can be sold at a price on the dark-net or black market for a price, eventually being used to assist in impersonating another person. Many times it’s so that items can be bought, but sometimes it can be used for blackmail, coercion, or even faking ID and passports.
Breaches to these companies can often lead to ID theft in many cases. This is why you hear (or may have been notified by) large companies, and some government agencies, provide identity theft protection as a part of their remediation efforts from a data breach.
Bracing For the Inevitable Data Breach
There are several ways to go about monitoring your credit to see if anything suspicious in your name is being done:
- Manually monitor your credit report by checking it at least 3 times a year. By law in the US, you’re entitled to 3 free credit reports a year, 1 from each of the credit reporting bureaus. If you’re not in the US, consider paying to check at least 3 times, split evenly throughout the year. When you check your report, look for false information to include your social security number, name, addresses, or any of your employer’s names. If you spot something wrong, contact that bureau about the discrepancy immediately.
- Do you get notices or calls about some past due bills for things that you didn’t buy?
- If you’re getting actual new credit cards (not just advertisements for credit cards) that you didn’t apply for, this could be an indication that someone is trying to use your stolen information.
- Are your bills or other things coming super late or even in your mail box? Someone could have hijacked your mail by changing your billing address, which in some cases can hide the crime.
- Has a credit approval of yours been denied? Do you have ridiculously high interest rates for no good reason. This could also be a clue that your identity has been stolen.
Contact your creditors or bank immediately if you suspect any of the above happened and your credit is taking a hit.
Another option is freezing your credit (also known as locking your credit) which allows NO ONE to open new credit in your name even if they gain your personal information. You’ll use a personal identification number (a ‘password’) that can temporarily allow legitimate applications for credit and services to be processed. Freezing has no impact on existing lines of credit (you can continue to use your existing credit cards) and just applies to new lines of credit. This can be done for a low cost for a freeze, unfreeze, or unfreeze for a specific amount of time (around $10) through each of the 3 credit reporting bureaus online or by phone. This freeze could also extend to your children in some cases. This is one of the most useful tools in the fight to stop identity theft.
Yet another option to do is put your credit on fraud alert if you suspect that you’ve been a victim of a stolen identity. It’s something you can do to make it harder for cyber criminals to open more accounts in your name, especially if you suspect your wallet, social security number, financial, or personal data was lost or stolen. You can read more about it and how to start a fraud alert here from the FTC.
Why not try to use a credit monitoring service that does much of what the above list mentions, minus perhaps the freezing of your credit. The credit monitoring service will notify you if there are changes to your credit report and also should allow you to view your credit report at any time. Two of the more popular services are LifeLock and IDShield. They can monitor if you have any changes with your credit.
We use and recommend IDShield. You can learn more about it and sign up for it here (our overview).
ID Theft – What to Do After a Breach
So… what do you do after a breach happens to a company that holds your personal or credit data- a breach that you had no power to stop? There is a great list of “todo’s” in regards to data breaches affecting credit from an ID theft subject matter expert, Eran Sinai, in an article on Digital Guardian. Here are some of those steps to take if a company with your sensitive, private, or PII information get’s breached:
- Contact the breached company
- What is the extent of the damage?
- What are they going to do about it?
- What instructions of what you are to do next?
- What information was stolen? (They may mention the data was encrypted, which is better than not, but it’s always possible that the cyber criminals stole the encryption keys or have other means to unlock the encrypted data)
- Change all of your passwords to all associated accounts to hard to guess passwords.
- Use a password manager (a.k.a. password vault) to securely generate and store passwords
- If you are using the same password for all your accounts that you have for everything as your associated breached account, change those too!
- Contact the credit bureaus
- Let them know you have been a victim of identity theft; they can place a fraud alert on your profile.
- Contact your banks and credit cards companies as soon as possible
- They can lock your accounts, preventing further transactions and potentially limiting liability
- View your credit report
- See if something unusual is on your credit
- Include this in an optional FTC report or police report you can file.
- See if something unusual is on your credit
You can visit our ID theft planner if you want to better respond to theft of your identity. It’s a member-only tool to help build a written, easy to follow, step-by-step response plan that can guide you in getting your ID protected before a ID theft happens.
Comments and questions below are viewable and open to members only.