Identity theft is on the rise, as are incidents that contribute to identity theft risks, such as data breaches that compromise consumer information. According to a Javelin Strategy and Research Study, 16% of all Americans have been victims of identity theft as of 2016.
But what does it mean when a company you have an account with or do business with gets breached? How does it impact you? That all depends on factors like the type of breach and what data was released or hacked by identity thieves.
Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can't simply reissue Social Security numbers, birth dates, names and addresses. (See also: What Can Identity Thieves Do with Your Personal Information and How Can You Protect Yourself?)
What to do after a
A company alerts you that they've been breached, and your information may have been compromised. What should you do next?
Not everyone will be a victim during a breach, but taking quick action is the best way to limit the damage.
1Stay alert: Create a fraud alert and monitor your accounts.
- Notify 1 of 3 credit reporting bureaus of your potential identity theft, and ask them to put a fraud alert on your file.
This free process will stay on your credit report for 90 days.
- Note the date, in case you want to extend the period.
If you are a victim, you can extend your fraud alert for 7 years.
- After resolution, remain vigilant. Thieves can hang onto info and strike again.
2 Collect: Get copies of your credit reports.
Obtain a copy of your free credit reports by either:
- Going to annualcreditreport.com.
- Checking your Experian credit report for free at experian.com.
- Enrolling in an identity protection product that provides free credit reports, such as Experian IdentityWorks.
3 Report: Notify the right people.
- Contact your bank or financial institution immediately if you think your credit or debit cards may be affected.
- Change your online account password at the breached company, and at any other company that you use the same password.
- Contact someone in the breached company's fraud department when you determine that your information has been compromised.
- Follow up in a certified letter with a return receipt.
The Federal Trade Commission (FTC)
- Complete the form on the FTC website in as much detail as possible.
- Submit the form, and save the reference number.
- Save or print the FTC Identity Theft Affidavit.
- File a report at your local police department if you have confirmed that you've been the victim of identity theft.
- Get a copy (or the report number), and keep it with your FTC documents.
4 Organize: Gather your papers and information.
- Create a telephone log with the date, number and name of anyone you contact.
- Send all letters by certified mail with a return receipt.
- Create a file for all documents—always sending copies of reports or documents, not the originals.
Alert: There's been a breach.
A breached company will likely notify you to provide suggested next steps.
Consider opting for the complimentary identity monitoring that companies often oer for a period of time after the data leak.
Carefully read all emails or letters you receive, and follow the recommended steps to help protect your information.
Signs your information has been compromised:Monitor the following for suspicious activity.
- Unexplained withdrawals
- Missing bills
- Communication about account changes that you didn't request
- Declined credit cards or bounced checks
- Unfamiliar information or inquiries on your credit report
- IRS notices regarding W2 or 1099 forms for work you haven't done
Email/social media accounts
- Locked out of account(s)
- Emptied sent email folder
- Sent emails that you didn't write
- Friends with personal emails that you didn't send
ftc.gov | privacyrights.org | bbb.org
What to do if you are a victim of identity theft
First, it's critical to take action: A 2015 Ponemon Institute study found that more than one-third of consumers ignored data breach notification letters, doing nothing to protect themselves against fraud.
Be vigilant about signs of identity theft by watching your bank and credit card statements carefully, reviewing your credit report regularly and watch for indicators like calls or notices from collection agencies.
If you detect signs that you might be the victim of identity theft, you can take these steps to remedy the situation:
- Alert your bank or financial institution.
- Report it to the credit bureaus and ask them to place a fraud alert on your credit file.
- If you know your personal information has been compromised, you may want to consider locking your Experian credit file or freezing your credit report.
- File a police report if appropriate.
- Sign up for your bank's free online alerts to help detect any fraudulent activity.
- Consider enrolling in an identity protection product that can help you prevent, detect and remedy identity theft.
- Sign-up for a credit monitoring product to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child's identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. The good news is, in addition to the credit bureau, many banks and auto clubs now offer this as a service to their customers.
Even if you haven't recently been involved in a data breach, there's no expiration on how long your information can stay in the hands of identity thieves or hang out on the dark web. For identity theft protection, check out Experian IdentityWorks. You can also use Experian's dark web scan where you can check for free to see if your email appears on the dark web.