Dear Security Cat,

I consider myself a security-savvy person who does everything possible to keep my information safe. But I fear a recent data breach may have undermined my efforts and compromised my sensitive data. What should I do if I’m a victim?

-concerned Human Firewall in San Diego, CA

The theme for Week 1 of NCSAM (National Cyber Security Awareness Month) is simple steps to online safety. But unfortunately, even if you do everything right, such as our friend above, your information can still be stolen.

Those of you that were impacted by the Equi-hack know this all too well. There was almost nothing you could have done to prevent what happened. The blame falls completely on the poor security practices of Equifax.

So what do you do if you’re a victim of a data breach? We covered the Equi-hack specifically here, but let’s revisit and look at this from a more generic standpoint.

 

First and foremost, understand what kind of information is typically stolen.

There are three general things that criminals gain in their heists:

Account Credentials

– usernames and passwords plus any other information associated with the accounts that were compromised.

Recommended action: update passwords and logins immediately. Bonus tip: get a password manager, which will make this process a lot faster.

Banking Information

– bank account numbers, credit cards numbers, etc.

Recommended action: alert banks ASAP and lock all credit cards or debit cards in question. Most credit card companies can send you a new card overnight or provide a new number immediately that can be used for online purchases

Personally Identifiable Information (PII)

– full names, addresses, phone numbers, social security numbers and anything that can be used to specifically identify you as a person.

Recommended action – all the above. You should also alert credit reporting agencies of the incident and place fraud alerts on your accounts. You also have the option of freezing your credit so no one can access it.

 

The worst part of massive breaches is that the stolen information can often include all of the above. When a breach occurs, companies send out information to customers detailing what was compromised. From there you can determine the steps necessary to protect yourself and mitigate further damage. The number one concern in most cases is identity theft.

3 steps to take immediately if a breach leaves you susceptible to ID theft.

Step 1: Place a Fraud Alert on Your Credit Report

By placing a fraud alert, you simultaneously inform credit agencies of the event while also preventing cybercriminals from opening accounts in your name. Here is the contact information for the three major credit reporting agencies:

And Wikipedia has a list of worldwide credit bureaus here: https://en.wikipedia.org/wiki/Credit_bureau

Step 2: Contact the FTC

The Federal Trade Commission has an entire website dedicated to reporting ID theft and getting a recovery plan: https://www.identitytheft.gov/

You can use this form to file your report: https://www.identitytheft.gov/Assistant# and then follow these steps towards recovery: https://www.identitytheft.gov/Steps

Step 3: Notify Other Institutions

It’s possible that your identity could be used to open utility service accounts like cable or electricity. And in the case of tax ID theft, the crook may attempt to file a fraudulent tax return. Placing fraud alerts and credit freezes will help eliminate some of these issues, but you may still need to contact insurance and utility companies to alert them to the fact that your ID has been compromised.

You may also file a police report. This is optional but it certainly can’t hurt. In order to file a police report with local law enforcement, the FTC recommends visiting a local police office with copies of your FTC ID Theft Report, a government-issued ID with photo, proof of your address, and any proof you have of theft.

Should you enroll in free credit monitoring services?

Most often, when a major breach occurs, the organization in question will offer a year of free credit monitoring to those affected. Equifax is falling in line with that process, with free enrollment in TrustedID Premier credit monitoring.

But credit monitoring services offer little more than a warm blanket. They won’t stop ID thieves from fraudulently using your information. That said, there’s nothing wrong with peace of mind. Most services provide a simple-to-access account that summarizes inquires and credit data. The downside? You have to provide personally identifiable information to yet another party (another attack surface for criminals). Consider that before signing up.

What about freezing my credit? Is it worth it?

A credit freeze prevents creditors from being able to pull your file, which means if someone tries to open an account in your name, they will be blocked. Note, that freezes must be placed with each credit reporting bureau individually. Here are links and numbers to each one:

For now, the credit freeze process is the best way to keep your identity safe. You can lift the freeze at any time either permanently or temporarily. To learn more about what a credit freeze does and how it impacts you as an individual, check out this article the FTC’s website: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

Justin Bonnema

Lead Writer at SAC
Justin left the music business to focus on his true passion: writing. A talented writer and detailed researcher, he’s involved in every department here at SAC to make sure all content is fresh and up-to-date. In his spare time, Justin writes about fantasy football for FootballGuys.com and practices mixology (he makes a mean margarita).