If you suspect you were part of a breach, or you know you were because you received a notification, confirm what information was compromised so you can take appropriate and immediate action:
- If the breach involved a username or password that can be easily changed, you may need only to update your account credentials to prevent further fraud.
- If a breach resulted in the compromise of a Social Security number, your date of birth, or your mother's maiden name, you may want to consider additional protections to help ensure thieves cannot open new accounts in your name.
2. Should you initiate a credit freeze or fraud alert?
Data breach victims may opt to initiate a credit freeze upon learning their sensitive information has been compromised, yet it's important to understand what a credit freeze can and cannot accomplish before assuming it's the best form of protection.
A credit freeze essentially requires that you authorize any potential creditor or lender to view your credit report before they are able to do so; a thief will not be able to open an account in your name without your knowledge. Unfortunately, a credit freeze does nothing to prevent fraudulent activity on existing, active accounts.
According to the most recent data compiled by the Bureau of Justice Statistics, identity thieves are far more likely to use an existing account than they are to open a new account. (This is why taking advantage of free alerts offered by your bank or credit card issuer can be so important.) Plus, if you intend to apply for a new loan, mortgage, or credit card in the near future, a credit freeze can add a bit more time and hassle to the process.
"The Identity Theft Resource Center (ITRC) reports there have been 932 data breaches thus far in 20181."
If your goal is simply to monitor existing account activity after a breach, Consumer Reports says fraud alerts could provide the information you need. The fraud alert will monitor activity on your credit report, and notify potential creditors or lenders that you have been a victim of identity theft if they pursue an inquiry into your credit report to process a new account application. Ideally, the alert will prompt them to contact you and confirm the application is legitimate — but they are not required to do so.
Once you initiate a fraud alert with one credit bureau, it will extend to the other major credit bureaus as well, and will last 90 days. Identity theft victims may have the option to continually extend the protection for up to seven years. Each time the alert is renewed, you'll receive free copies of your credit report, which can help you remain aware of the detailed activity in it.
3. Would a paid identity monitoring service have prevented you from being a breach victim?
Finding out your sensitive information has been compromised can make you feel vulnerable — and violated. It can also make you wonder whether you could have prevented the event from occurring entirely, if only you'd invested in one of the many identity theft protection services you've seen advertised.
USA Today reports that there's no use blaming yourself for steps not taken. It explains that although most identity theft protection services include credit monitoring to make you aware of a possible fraud issue quickly, having such a service won't prevent you from becoming the victim of a data breach.