Hackers target companies that store sensitive consumer data – like passwords, social security, numbers, and credit card numbers – all the time. Unfortunately, some hackers are successful at dodging company firewalls and stealing customer information. Some of the biggest data breaches of all time have happened in the past few years. Every customer whose data is stolen is at a greater risk of becoming an identity theft victim.
According to the National Conference of State Legislation, 46 states, D.C., Puerto Rico, and the Virgin Islands all have data mandatory notification laws for data breaches. Alabama, Kentucky, New Mexico, and South Dakota do not. However, law enforcement may recommend the company wait to let consumers know so that the criminal investigation isn’t compromised. The delay in notification could give the hacker more time to commit fraud an identity theft.
If you’re notified of a data breach, don’t panic, even if you found out through news or other media. A data breach doesn’t automatically mean you’ve been an identity theft victim. Hackers may not get enough information from the data breach to commit identity theft or fraud. However, they might get enough information to launch more vicious phishing scams where they pose as legitimate businesses and trick you out of personal information. Never click on links in an email or respond to phone calls you didn’t initiate. Always contact your creditors and lenders using a number from the back of your card or from your statement.
If your passwords have been affected in a data breach, change them immediately to prevent thieves from accessing your accounts. Even change your email address password, because a thief could use your email address to do other damage. For example, if your email address is listed as the contact on your bank account, the thief could use the “Forgot password” option to send a new password to your email and then intercept the email with the temporary password.
Closing accounts is often a good way to prevent fraud, but make sure you tell the company not to re-open the account. You don’t have to close all your accounts, only the ones that have been affected by the data breach. For example, if your credit card numbers have been stolen, report it to your credit card issuer who may issue you a new account number. Continue to watch your credit card billing statements and online back account for fraudulent charges.
If your social security number has been stolen, consider adding a fraud alert to each of your credit reports with the three major credit bureaus. The fraud alert warns businesses that check your credit report to take additional steps to confirm it’s really you who’s applying for credit. There two basic types of fraud alerts. An initial fraud alert will stay on your credit report for 90 days. An extended fraud alert will stay on your credit report for seven years. You’ll have to provide an identity theft report from a law enforcement agency to add an extended fraud alert to your credit report.
A fraud alert entitles you to a free copy of your credit report. Review your report to see if any fraudulent accounts have been opened in your name. Keep in mind that some accounts, if they’ve been opened, may not have been reported to the credit bureaus at the time you pull your report. Check your credit report again in a few months, and every year thereafter, to confirm that your identity is still clean.
Be aware that a fraud alert isn’t foolproof. Businesses may ignore the fraud alert or they may simply grant credit without pulling your credit report.
You can also sign up for credit monitoring which will alert you to any suspicious changes to your credit report. The breached company may even offer several months of free credit monitoring to help you catch cases of identity theft. Free credit monitoring is always a good.
Source: National Conference of State Legislatures, Experian.com,