Tip of the Month: What to Do When You Experience a Data Breach or Identity Theft

In the online world that we live in, data breaches that expose our sensitive information are an unpleasant fact of life. Recently we have heard from several clients that have experienced this, so we thought it might be a good time to pull together some resources, so you can best protect yourself and your information.

While data breaches are somewhat common — nearly 60 percent of consumers received a notice of a data breach in 2023 — the likelihood of experiencing identity theft is smaller, with 3 in 10 consumers reporting that they had their identity stolen last year. Thirty percent is still a concerning number, but there are ways that you can help protect your sensitive information.

What can an identity thief do with your information?

To name a few of the numerous and frightening possibilities, an identity thief can open a line of credit, take out a prescription, and obtain a driver’s license. The results of the above theft include a ruined credit score, altered medical history, and costly tickets that could lead to a warrant for your arrest. This may sound very doom and gloom, but it’s a good reminder to stay alert and vigilant on all fronts.  

What should you do if you have been notified of data breach?

Routinely check your credit reports and account activity

  • You can request a credit report once a week, for free, from each of the three main credit reporting agencies: Equifax, Experian, and TransUnion. They can be requested online here. Review these reports at intervals throughout the year. If there is any unusual activity, contact the credit agency immediately.

  • Review bank and credit card statements once a month. Contact the financial institution if you do not recognize any transactions, no matter how small.

Place a Fraud Alert on your credit reports

  • Contact any one of the three credit agencies to inform them you are concerned about becoming a victim of identity theft and ask for a fraud alert. That agency must forward the alert to the other two agencies.

  • The alert will require any third party to take measures to confirm your identity before opening any new accounts in your name. This should include contacting you.

  • The alert will last for 90 days and can be renewed as many times as you would like. It is a free service.

  • If you have already been a victim of identity theft, you can request an extended fraud alert that lasts for seven years

Place a Credit Freeze on your credit reports

  • While once thought of as an extreme measure to protect your identity, a credit freeze may be the best way to protect against identity theft.

  • When placing a credit freeze, you must complete with all three credit agencies separately. When needing to apply for a legitimate credit account, you will have to unfreeze your credit report with all three agencies.

  • It is free to both freeze and unfreeze your credit.

  • The three credit agencies also have credit report products that are intended to help you control your credit. Be wary, however, as these products typically cost a monthly subscription fee which can become quite expensive.

Read more about fraud alerts and credit reports here.

What if you have been the victim of identity theft?

Visit the Federal Trade Commission’s ID Theft website for thorough tips on how to respond.

Keeping your information safe

If you take some common-sense preventative measures, you can reduce the likelihood of your information becoming comprised.

  • Update passwords regularly, make them complex, and avoid using the same password for multiple logins. Learn more about some of your options here.

  • When available, use dual-factor or multi-factor authentication to the greatest degree possible. This ensures that even if your password is hacked you will have an additional layer of security.

  • Do not send sensitive information such as account numbers or social security numbers via email.

  • Be cautious of links included in emails. Do not click on links in emails or enter your credentials in pages linked from an unknown sender. Instead, go directly to the website and manually type the address or search on the site. Verify that the website begins with https and look for the lock symbol to indicate a secure site.

  • Do not use security questions that have easily searchable or generic answers.

  • Do not use public Wi-Fi if at all possible. Hackers can use software that captures every character you type. It is best practice to never access secure websites or email on a public Wi-Fi network.

  • If you store any sensitive information such as social security numbers, credit card numbers, account numbers, etc., in external storage devices, ensure that the data is encrypted and in securely password-protected documents.

  • Bluestem provides shredding services for our clients! Clients can drop off shredding anytime during normal business hours. For a larger quantity, check with the office first to ensure we have space in our secure bin. Check out our post for guidelines on what to shred and when.

  • Fraudulent tax return filings have been on the rise. A good way to prevent this is to file your return early.