Data breaches are a fact of life today. No matter how secure you keep your own data, some pieces of your personal information are stored and protected by a third party. Whether it’s a retailer where you shop, a social media account, or even something as simple as a hotel booking, your life leaves a trail of breadcrumbs that some smart scammers could use to steal your identity, money, or other personal data.
Each time you see a new data breach in the news, it’s less and less of a shock that more personal data has been taken.
What to Watch for in 2019
Experian, the consumer credit reporting agency, released research detailing their predictions for data breaches that we’ll likely see in 2019. According to Experian, biometric scanners (fingerprint and face recognition) are likely to be targeted and exploited by hackers to gain access to protected data in 2019. Other things to look out for include: use of credit card skimmers (machines that sit on top of real credit card readers and steal your card info when you swipe), major wireless carrier breaches, online gaming exploits, breach of cloud-based storage services affecting corporate clients.
What does this mean for you, the average consumer? It means that in today’s data-saturated world, it’s likely impossible to keep track of every piece of your data that’s out there. But that doesn’t mean there’s nothing you can do to protect yourself.
Steps You Should Take
The first step after any breach is to change passwords. Usually, vendors will email you to let you know that a breach has occurred and urge (or even require) you to change your password. Don’t ignore these requests. It’s a good idea to act quickly, and it’s an even better idea to have different passwords for each online service you use. Otherwise, one compromised account would give a hacker access to every account you have. If remembering all those passwords is too much, try a password manager like LastPass. With a password manager, you can save all your passwords in one place and only have to remember a single master password to access them.
For high-security accounts, like your primary email address, credit cards, brokerages and online banking, it’s best to change passwords every six months, regardless of how safe your information might be.
Another less examined aspect of the data breach is security questions. Questions and answers used in the password reset process may have been compromised, too. If you use information like your favorite author, book or sports team to secure multiple accounts, that data could also be at risk. Worse yet, this data is frequently unencrypted, since it represents only one part of the password reset process. This means it may be widely available, especially if it’s something you post publicly about on your social media.
If you use the same personal information question(s) at multiple websites, now is a good time to review and change that information. Wherever possible, switch to a two-step authentication method. These processes use your cellphone number as a backup password option. If you try to reset your password, the service will call or text you with a code to use as a verification method. It puts another step between potential thieves and your information.
Finally, this is a good time to check your credit. It’s possible you could already be a victim of identity theft if you haven’t checked your credit score recently. Getting a credit report will let you know if any new accounts have been opened using your personal information. Similarly, this might be a good time to consider a credit monitoring service. Such services keep an eye on your credit periodically, and can help protect against identity theft.
How to Protect Yourself with a Credit Freeze
Unfortunately, most people aren’t aware of their right to control who is able to access their credit report. But, all three major credit reporting agencies, Equifax, Experian and TransUnion, offer you the option to restrict access to your credit report. They also make it possible for you to decide when and with whom your credit report may be shared. It’s called a security freeze or a credit freeze, and it’s important to understand how that works.
Here’s a real-life example of a credit union member in Texas who didn’t know he had the right to restrict access to his credit report. He has a very high credit score, and without his knowledge, an identity thief who was also a resident of Texas was able to establish a new cellphone service and qualify for the purchase of a new vehicle using this man’s profile. The cellphone service was already established when the thief shopped for a vehicle online. But that was the beginning of the end of the crime spree.
Three different auto dealerships called the credit union member to verify he was, in fact, going to take possession of the car he’d arranged to buy online. They had found his legitimate phone number on his credit report. You can imagine this consumer’s surprise, not just the first time, but each time he got a call. Every dealership alerted the local police, who contacted the credit union member directly for more information.
Turns out, the identity thief was using the cellphone obtained in the stolen name, and also presenting a temporary, new Texas driver’s license in the stolen name. Both were obtained prior to his attempts to purchase a car.
The member was advised to call all three credit reporting agencies and put a freeze on his credit report. The identity thief still had his Social Security number, address and credit card numbers, but could no longer use them. The fraudulent cellphone account was closed, at no cost to the member, and the State of Texas rescinded the temporary driver’s license.
Without a credit freeze in place, the member would continue to be vulnerable to fraudulent use of his identity by the Texas thief. And he would be vulnerable to other thieves who may have purchased his credit report, as well.
How To Protect Your Identity With A Security Freeze
1.) Call your bank or credit union to report fraudulent use of your account or credit card if it has been breached.
2.) Call the fraud department of every credit card that is issued in your name. You don’t need to cancel the cards, just report the fraudulent use and announce your plans to set up a security freeze with the credit reporting agencies.
3.) Call each of the three major credit reporting agencies to set up a security freeze. Each has its own process, and there may be a small fee for the service, approximately $10 per agency.
Equifax – 1-800-349-9960
Experian – 1-888-397-3742
TransUnion – 1-888-909-9972
4.) Call each credit reporting agency whenever you want a particular vendor to access your credit report. This is called a “temporary lift” of the credit freeze for one vendor only. The permanent credit freeze remains in place until you choose to remove it entirely. There may be a fee for each temporary lift.
Making the choice to control who can access your credit report (and who cannot) gives you the most security possible, but it requires more work on your part, too. And it may involve occasional but nominal fees. The member in our story decided it was worth the time and small expense to control access to his credit report, because he never wants to go through identity theft issues again.
This article is for educational purposes only. Tulsa FCU makes no representations as to the accuracy, completeness, or specific suitability of any information presented. Information provided should not be relied on or interpreted as legal, tax or financial advice. Nor does the information directly relate to our products and/or services terms and conditions.