Technology and online security see continuous enhancements each year, but unfortunately, not those upgrades have not been enough to protect databases from being breached by hackers. According to a December 2018 report by the Identity Theft Resource Center, over 561 million records were exposed to hackers in 2018, with well over a thousand total breaches. The Starwood Hotels breach drove the high increase in exposed records from the prior year. If your information is ever part of a data breach, you need to be ready to protect yourself from complications related to identity theft.
How to know if your data has been compromised
In most cases, a company will notify you via email or postal mail after they discover a data breach. They will likely tell you what specific information has been stolen, and if things like your name, email address, username, password, mailing address, Social Security number, and financial account numbers were taken.
Another way you may discover your data has been compromised is if you notice fraudulent activity on your accounts. You may see a credit or debit card charge you did not make, or you may get a phone call or piece of mail about an account you did not open. The thief may have obtained your information through a data breach where the company has failed to notify you or where the breach has gone unnoticed.
Steps to take to protect your identity after a data breach
- Change your password if that was one of the pieces of information involved in the data breach. Also, if you use the same or a similar password for other things, change those passwords as well.
- Sign up for the free credit monitoring service offered by the breached company, if applicable. This service will likely check your credit report on a regular basis and notify you immediately regarding any new information that appears. However, do not let the credit monitoring service give you a false sense of security. You should still take other steps to protect yourself and your identity.
- Place a fraud alert on your credit report by contacting one of the three credit bureaus: Equifax, Experian, or TransUnion. This alert will automatically transfer to the other two bureaus as well. When there is an alert on your credit report, creditors are supposed to contact you directly before issuing credit in your name.
- Review your credit reports for unusual activity. In particular, focus on the section that lists credit inquiries initiated by you. If you see something here that you do not recognize, this can indicate that someone has attempted to apply for credit using your name and Social Security number. Also, look at the section listing active accounts. If there is an account there that you did not open, contact the financial institution that manages the account and the credit bureau that provided the report to tell them it is fraudulent.
- Consider issuing a security freeze on your credit reports if you found evidence that someone is actively trying to open accounts using your information. The security freeze prevents new accounts from being opened unless you lift the freeze for a specific financial institution and a specific time frame.
- Protect existing accounts by monitoring your monthly account statements and checking all activity to be sure you initiated it. This is especially important if you know your credit card number, debit card number, or bank account number was compromised. If you notice any unusual activity on your statements, notify the financial institution that manages the account immediately. They may issue a new account number for you.
- Be vigilant about requests for personal information. If you receive a call or email from someone who claims to be with one of your financial institutions, do not give your personal information. Instead, call your financial institution directly through the number listed on your account statements or found by typing in their website address. You should only reveal personal information if you have initiated the contact and are sure you are not talking to someone trying to defraud you.