Editorial Policy

Data Breach Letters Call for Vigilance, Not Panic

Allie Johnson

March 26, 2013

There are a slew of ways your private information can be exposed: Hackers break into a government or retailer's computer system, a human resources representative loses a laptop full of employee records or an apartment complex manager tosses rental applications into the trash.

If a similar scenario happens to you, you might get a data breach notification letter in the mail from the company that was breached, letting you know that your personal information may have fallen into the wrong hands. Although a data breach notification letter may cause your stomach to drop, there's no need to panic. Keeping a careful eye on your accounts and credit reports should help you keep thieves at bay.

Many consumers who get these letters fear the worst, and there is cause for concern: The 2013 Identity Fraud Report by Javelin Strategy & Research found that 12.6 million Americans fell victim to identity fraud in 2012, up by more than 1 million from the previous year. The study also found that almost one out of four consumers who got a data breach notice became an ID fraud victim.

So should you worry?

“It depends what data was breached,” says Avivah Litan, a fraud analyst for Gartner Research, who notes that a criminal who gets your name, Social Security number, address and date of birth can “make your life miserable.”

If you get a data breach notification letter, there are ways to protect yourself. Here are eight steps to take if you get a data breach notice:

1. Don't panic. Remember that even if almost 25 percent of consumers who get a data breach notice do become victims of identity fraud, according to the Javelin study, that still means more than 75 percent do not.

“The main thing to realize is just because your information has been compromised, that does not mean you're a victim of ID theft,” says Karen Barney, program director for the Identity Theft Resource Center.

2. Find out what happened. Read the data breach notification letter carefully to try to see what information was compromised so you can judge the seriousness of the situation.

“Some of these breaches only include an email address and a name,” Barney says, noting that type of breach does not pose as high a risk to the consumer as, for example, one involving a Social Security number. However, notification letters don't always tell what information was exposed or how, Barney says.

3. Add a fraud alert to your file. Contact all three major credit bureaus and ask that a 90-day fraud alert be placed on your credit file, Barney recommends, noting that it's better not to rely on one bureau to contact the others for you. The alert acts as a flag to lenders, who should take extra precautions, such as calling you by phone, before granting any new credit in your name. However, while these alerts make it less likely that a criminal will use your information to get new credit, they do not prevent fraud on your existing accounts — for example, a fraudster making a purchase with your credit card.

4. Look at your credit reports. Every consumer is entitled to go to AnnualCreditReport.com and get one free credit report a year from each of the three major credit bureaus. However, if you place a fraud alert on your credit file, you may request an additional free report from each bureau. Examine your credit reports carefully for any inaccuracies or evidence of fraud.

5. Consider a credit freeze. If you notice any suspicious activity on any of your accounts, it's probably smart to place a security freeze on your credit, experts say. This prevents the credit bureaus from releasing your credit information to new creditors unless you temporarily lift the freeze, using an ID number provided to you by the bureau when you put the freeze in place. This can cause some hassles. If, for example, you wanted to apply for a car loan, you'd have to first lift the freeze and OK the bureau's release of your information to the lender. The process and the fee you have to pay to place the freeze vary by state.

6. Check your accounts regularly. It's very important to check your bank and credit card accounts at least every few days if you suspect you could be a fraud victim. Look for any charges you don't recognize, and, if you spot suspicious activity, notify your financial institution immediately and close the compromised accounts if necessary. If a thief used your credit card, the company can mail you a new card with a different card number.

7. File a police report if necessary. If you become a victim of fraud, go to the police station to file a report, Barney says. Then, you can present the report to the major credit bureaus to get a free seven-year fraud alert placed on your file. This functions like a 90-day fraud alert except that it stays in place much longer.

8. Monitor your credit. Experts recommend that you use AnnualCreditReport.com, and pull a free credit report from a different bureau every four months. Staggering your access to your reports, rather than getting all three at once, allows you to keep an eye on your credit throughout the year, Barney says. You might also consider signing up for an identity theft monitoring service, Litan says. All three credit bureaus offer such services for a fee. If you do sign up for such a service, remember that they have limitations: For example, they don't notify you if a criminal files a tax return in your name to steal your refund or swipes money from your bank account.

“They're better than nothing, but they're not good enough,” Litan says.