September 1, 2015 Personal Finance

5 things to do after a data breach

It’s no longer a matter of if, but when. With the endless stream of data breach announcements from retailers, health insurers, the government and this summer’s sensational, if overblown, attack on the infidelity site Ashley Madison, it’s not wrong to think your financial information has been compromised or will be soon.

So what can you do? If you’ve already been victimized in a data breach, then you’ve probably been offered free credit monitoring services. While you certainly shouldn’t say no to these offers, it’s important to remember they are limited. One reason: Breached companies often contract with only 1 of the 3 largest credit bureaus — Experian, Equifax or TransUnion — and usually only for 1 year.

“That’s a little like locking 1 of the 3 doors in your house,” says John Ulzheimer, credit expert and a former FICO employee.



In addition, credit monitoring doesn’t mean you are notified when someone tries to open an account using your information. Only lenders receive the alert. So it’s up to the credit card company, bank or retailer to reject a fraudulent application. If the lender doesn’t catch it, you aren’t notified until after the account is opened and presumably some damage is done.

These limitations are what prompted Sen. Charles Schumer, D-N.Y., to call for the 3 credit bureaus to send a “credit inquiry alert” to consumers whenever their credit records are requested. This would alert consumers when a new account is being opened fraudulently and allow them to freeze their credit to avoid further fraud.

While lawmakers and the credit industry continue to debate data breach protocol, here are some steps you can take to protect your personal information.

Monitor your credit reports. Early detection can be the best offense. Check your credit report as often as you can. You can receive your credit report for free at myBankrate.

Don’t be afraid to put a freeze on your credit information. A freeze means the credit bureaus can’t release your credit report or any other information in your file without your authorization. With no information, thieves will not be able to open any account in your name.

True, a freeze can be a bit of a pain when you try to open a new credit card or shop for a mortgage, but, according to Ulzheimer, you have the ability to unfreeze your account at any time.

“You may experience a slight delay, but the protection in the meantime is worth it,” he says.

Typically you’ll pay $5 to $10 per credit bureau to place a freeze and another to lift the freeze, although credit freezes are free to identity theft victims in many states.

Consider an identity theft protection service. For a fee, some third-party services take credit monitoring a step further and notify you if someone has inquired about credit in your name. Some of these services also scan the Web to make sure your personal information isn’t being used to open new checking, savings or other bank accounts that won’t necessarily show up on your credit report.

Protect your email. Your email address and password, which are often compromised in a data breach, can be a treasure trove for identity thieves. With these data points, thieves can potentially get access to your banking, insurance, health care and other personal information — all potentially more valuable than your credit card number.

Currently, Florida is the only state that mandates consumers be notified when their email information and password have been compromised, says Al Pascual, director of fraud and security at Javelin Strategy and Research.

Some identity protection services will also scan the Internet for you to find out if your email information has been bought or sold on the identity theft black market.

It’s also important to use secure passwords with a combination of letters, numbers and symbols, change passwords often and use different passwords for each of your accounts.

Beware scams related to data breach headlines. Just a day after the Anthem data breach, the Council of Better Business Bureaus started receiving complaints of fraudulent emails purporting to be from the insurer. Never open a link in an email dealing with a data breach. Instead go directly to the company’s website for steps to take and directions on how to sign up for free credit monitoring.