How to Protect Yourself and Your Credit in a Data Breach
It seems like hardly a month goes by without news of a major company suffering a data breach. Many smaller incidents fly under our radar because we weren’t affected. But given that billions of records have already been stolen this year, we should all educate ourselves about how to react when our data ends up in criminal hands.
Will a Data Breach Affect my Credit?
A breach of your personal data won’t affect your score on its own. The fear is that someone who gets ahold of your data—social security number, birthday, address, or more—will use it to open a credit account in your name. In many cases the information acquired by the hackers won’t be enough to commit that kind of identity theft. However, there are some important steps to take to ensure your credit is safe.
Data Breach Notification Laws
Fortunately, when a company gets breached it can’t legally keep quiet and leave you to face the consequences. All 50 U.S. states have laws in place requiring businesses to notify clients when their personal information is compromised, but the details vary from state to state.
For example, some states require the company to notify you sooner than others. And the definition of “personal information” isn’t the same everywhere. For this reason, if you hear about a data breach in the news and there’s any chance the affected organization has your information, you would be wise to take steps to protect yourself.
For a few of the big-name data breaches in recent years, such as the attacks on Target and Equifax, the compromised companies have offered a year of free credit monitoring to the people affected. Only a few states actually require this by law, but we can expect it to be a service offered with increasing frequency as public expectations for data protection grow.
What is Credit Monitoring?
A credit monitoring service sends you an alert whenever any change is made to your credit report, usually within 24 hours. Best case scenario, this will allow you to learn about any fraudulent activity before it even happens.
For example, an identity thief tries to take out a loan in your name. The financial institution providing the loan runs a hard inquiry on your credit. You are notified of the inquiry and have time to take action before the loan is potentially approved.
Another example of a change that’s a red flag is a change of address. In that case, the person in possession of your data may be trying to reroute your mail in order to have more control over your finances. Of course, you will also receive an alert when a new account is actually opened.
In some cases, the breached organization may provide additional services after they are hacked such as identity theft insurance and time with a fraud resolution agent. Don’t hesitate to make use of any services you qualify for.
What to Do When Free Credit Monitoring Expires
The precedent is to offer one year only of free credit monitoring after a breach. But your data could still be in the hands of an identity thief, waiting to be used. Luckily, you can keep an eye on your credit report by yourself.
According to federal law, the three major credit agencies—Equifax, Experian, and TransUnion—are each required to provide you with one free copy of your complete credit report each year. You can order them all from annualcreditreport.com. Don’t make the mistake of checking them all at once. By spacing them out you can keep a closer eye on changes to your credit. Since there are three reports (one for each agency), you can request one every four months. If you’re married, your spouse can check the reports in a different order and on a different schedule.
There are numerous free websites that allow you to see an estimated credit score and information about your credit. While these are not a substitute for the full file at annualcreditreport.com, they will often be able to tell you about new credit accounts opened and other changes.
Other ways to Protect Your Credit
If you’re still concerned about your credit after a hack, another option you can pursue is a credit freeze. A credit freeze prohibits the credit agencies from disclosing the contents of your credit report to anyone. That means if someone tries to take out a loan in your name, the lender won’t be able to check their credit and the loan will be denied.
As of this year, you can freeze and unfreeze your credit as often as you want for free. Of course, implementing a freeze also means that you can’t open a new account yourself without first unfreezing your credit. The freeze will not affect your existing accounts.
Credit monitoring will alert you to new credit accounts being opened, but don’t forget to keep an eye on your existing credit cards. Log into any online banking systems you use regularly to check card activity.
Also, keep in mind that if the data stolen isn’t enough to commit fraud, the hackers might try to extract additional information from you through a phishing attack. For example, if the thief gets your email address, they could send you an email linking to a fake site that requests your birth date and address. Be careful that you’re not giving personal information away on suspicious or unsecured sites.
Employ basic cybersecurity best practices. Don’t use the same password everywhere, even at your bank or credit union. It might be a good idea to use a password manager.
There’s a good chance that all of us have been affected by data breaches in the past or will be in the future. With some planning and quick action, you can protect your credit from taking a hit.
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendation for any individual.