So, your data’s been stolen.
Maybe it was your email address. Or perhaps it was a credit card number. Or, worse, it could have been your Social Security number, name, address, birthday, and bank account information. Regardless, a hacker has breached some organization’s allegedly secure computer network and swiped yours and many other people’s data.
In 2017 we’ve become accustomed to data breaches and data theft. It seems as if it’s a monthly or weekly story in the news: some retailer like Home Depot or Target; a hospital or health insurer like Anthem; a payment processor like Heartland; or a tech company like Yahoo was hacked and certain data was released for malicious use by data traffickers and thieves in the dark web. This is bad, because data breaches can threaten the very way we live our lives.
Credit bureau Equifax is a recent and particularly notable breach, because Social Security numbers, addresses, birth dates, and other information for 143 million people were leaked, creating a situation in which holders of the information could in theory open new credit accounts in yours or a family member’s name. Some outlets, such as USA Today, have speculated the breach could create a lifetime threat of identity theft.
Adding insult to injury is the fact that Equifax collects data without anyone explicitly giving it to them. Based on access to your information through organizations like banks and utility companies, Equifax (and counterparts Experian and Transunion) has put all your information into a neat package that could function as an identity theft starter kit.
With a landscape like that, we’re left in a very unpleasant situation: We are simultaneously complacent about and horrified by the onslaught of data breaches. Even if the breaches aren’t all created equally, the feeling of having one’s privacy, and even livelihood, violated can be traumatizing.
Taking control of your credit is important — your credit report can affect everything from getting an apartment to purchasing a vehicle or buying a home. Although there’s no surefire way for you to prevent a third-party’s negligent data security in advance, these are steps you can take to protect the integrity of your personal information.
Hey Credit Report: Freeze!
The Equifax breach is, so far, singular in its depth and breadth of impact. About 143 million consumer records were compromised — unauthorized users accessed the names, Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers of consumers from mid-May through July 2017. The company even admitted that the breach allowed perpetrators to access the credit card numbers for about 209,000 U.S. consumer.
Even if your credit card number wasn’t compromised, the rest of the information available allows someone to fairly easily set up accounts in your name.
But Equifax is only the most extreme example of this kind of breach. Unauthorized people can get access to your bread-and-butter data in a variety of ways, and when they do, you have to be on the lookout.
One way to do this is to have the credit bureaus “freeze” access to your credit report, thereby making it tough for anyone to open new accounts in your name. If a creditor can’t read your credit report, the institution is less likely to approve an application to open some kind of new account, according to the U.S. Federal Trade Commission. (You can always unfreeze it if you need to — this isn’t permanent.)
There are some caveats to this otherwise effective protection. For starters, it doesn’t protect existing accounts. You will need to take the necessary steps outlined by your bank or other service to address the vulnerability of existing accounts — that could be changing account numbers, passwords, and/or usernames, or some other measure a company might have in place.
Data breaches can wreak havoc on your life. At minimum, you could spend a lot of time trying to clean up your credit file. It could also cost you money and opportunity, considering how everything from getting cable and or a phone to buying a car or home, or, in some regions, even getting a job, requires good, clean credit.
The other big caveat is that the big three credit bureaus — Equifax, Transunion, and Experian — generally charge fees for freezes. This practice has come under fire following the Equifax breach, with many states’ consumer protection agencies calling for the companies to make freezes free. The officials’ position centers on the idea that consumers don’t choose to do business with these credit bureaus yet they rely on them to have secure systems and keep accurate reports.
How much you actually pay to enact and lift a freeze varies by state and credit reporting company. For most states, freezes are free if your identity is stolen. However, if Equifax’s breach leaked your data but you don’t have evidence of any data theft, you could spend anywhere between $3 and $20, generally. As mentioned, it depends on several factors.
Monitor Your Credit
Credit monitoring services can prove helpful when it comes to keeping track of what’s going on with your existing accounts and eyeing any major changes to your records, such as if someone opens up an account using your information. These usually cost some amount of money — sometimes as low as $5 a month and as high as $15 or more.
Often, in the wake of a data breach, the company whose data was breached will offer a year or more of free credit monitoring. For example, Equifax has said it would offer a year to those exposed to its particularly dangerous breach.
The scope of the services varies depending on the product. Generally, these companies will monitor your credit file and detect any changes, in addition to offering access to your credit score or credit reports. Some also keep an eye on dark-web sites where your information could end up. Some even offer insurance and access to legal help in the event of identity theft.
There are also free services that will give you access to your credit score and account changes, but won’t offer extras and might not monitor all three credit reporting agencies, Equifax, Transunion, and Experian.
Of course, your credit cards might already offer any or all of these services. It’s best to check with your card issuer to discuss any benefits your card might provide.
Without any service, you can still monitor your credit reports through AnnualCreditReport.com, which was created in a law to provide you with one free credit report a year from each of the three agencies. This won’t provide you with regular alerts or any insurance or frills, but you are able to at least gauge what’s happening with your file. You could get all three in one fell swoop, or you could spread them out so you’re checking one of the agencies’ reports every four months.
Overall, it could be a good idea to engage in some kind of credit monitoring so that you have a general idea of your overall credit situation.
Don’t Use the Same Password Across Accounts
This is one that doesn’t cost you any money but could save you both time and mucho dinero if your information is stolen: password management.
First, don’t use an easy password like “pet’sname1234.” Google recommends avoiding the use of personal information or common words and champions the use of letters, numbers, and symbols. Believe it or not, it is possible to create a strong password that you can remember.
Believe it or not, it is possible to create a strong password that you can remember.
Digital-life expert Kim Komando wrote in a USA Today piece that one way you can achieve a strong but memorable password is by formulating it around a random sentence. As an example, she offers up a Bruce Springsteen lyric: “Tramps like us, baby we were born to run.”
“I took the first character from each word to get ‘tlu,bwwbtr’. Not bad, but it could be better,” Komando said. “So, I added some symbols in place of similar letters. Then, I capitalized a few of the letters to make a strong password that I can easily remember.”
That’s just one method. In general, something more complex than “gatorsfan1980” is advisable.
Secondly, Google and other experts are a choir of agreement when it comes to this: don’t reuse passwords across multiple accounts. The Yahoo breach, which ensnared all of the company’s 3 billion accounts, exposed the real names, birth dates, email addresses and phone numbers of account holders, but some users’ passwords were also leaked. If someone used their Yahoo password for their Apple ID, Amazon account, and credit card and bank accounts, it wouldn’t be too hard for someone to gain access to those other accounts if they knew the Yahoo password.
Data Breaches Can Cause Serious Financial Harm
A data breach could change your life forever, leaving you to spend years picking up the pieces. If you’ve experienced financial and reputational harm as a result of a data breach, you have options. Our attorneys at Morgan & Morgan have experience holding powerful and negligent companies accountable in court. For example, we’re leading the way in the fight against Yahoo in what is the biggest class action ever filed.