Whatever steps you take to keep your identity safe may not matter if you’re the victim of a data breach.
A hacker gets into a computer database. A company loses laptops that contain sensitive customer or patient information.
Seems there’s a new headline almost every week.
When a data breach occurs, some level of your private data, known in the ID theft business as “Personally Identifiable Information,” or “PII,” gets into the wrong hands.
PII includes your name and address, Social Security number, driver’s license number, military data, your mother’s maiden name and so on.
So far in 2015, the Identity Theft Resource Center (ITRC) has reported 361 data breaches, exposing more than 107 million records.
Medical and healthcare data breaches make up more than 93 percent of the reports.
When a criminal gets his hands on your PII, your credit, your medical records, your tax returns and more could be in for a world of hurt.
You may hear about large data breaches in the press before you receive a direct communication from the company that lost your info. If you fear you were involved, don’t wait to receive that letter — which will tell you what was exposed and when — but be proactive and try to reduce a scammer’s opportunity to use your info for nefarious purposes.
Here are nine steps to take if your PII is stolen.
1. Check your credit reports: You can get a free copy of your credit reports once a year through annualcreditreport.com, and you may get it for free more often if your PII has been stolen. Review the report for any new accounts, or accounts you don’t recognize.
2. Take advantage of credit monitoring: Breached companies often tell affected customers they’re eligible for a free credit monitoring service. These will generally track inquiries to your credit reports and notify you if anything is fishy. Some even offer monitoring of your PII in public databases and web sites.
3. Freeze your credit: You can place a freeze on your credit reports, which will make it harder for a thief to open new credit in your name. Credit reporting companies won’t be able to release your credit report without your consent, and you’ll receive a special password to use if you decide to release your credit info to someone. Know that this adds a few extra steps if you’re applying for new credit, and it won’t impact your existing credit lines. A freeze will be free if you’re a fraud victim. You can reach Equifax at 1-800-525-6285, Experian at 1-888-397-3742 and TransUnion at 1-800-680-7289.
4. Use fraud alerts: If you place a fraud alert on your credit file, companies that request your credit report must take extra steps to verify your identity. If you provide a telephone number to the business, for example, the business must call you to verify whether you are the person making the credit request, the Federal Trade Commission says on its web site. You can request fraud alerts for free from the credit bureaus. When you ask one bureau, it’s required to notify the other two.
5. Change your passwords: If you do business online with any kind of company, change your passwords. That goes for any account that’s associated with your email address, including online banking, credit card, mortgage and investment accounts and even web sites where you shop and store your information. If you can change your user name also, do that, too.
6. Change account numbers: Contact all your credit cards and bank accounts and request a new account number for any account you think may have been impacted by the PII theft. Let them know your PII was stolen. Remember to give the new number to any businesses that take regular automatic payments from that account.
7. Contact MVC: The state’s Motor Vehicle Commission doesn’t offer a fraud alert service, but you should still contact the agency. “If someone has a reason to fear that they are a victim of identity theft, misuse or fraud, they can schedule a Driver Conference. All Driver Conferences are held in Trenton and an appointment can be made by calling the MVC,” a spokeswoman said. That number is (888) 486-3339 .
8. Be tax smart: File your tax return as soon as possible. If a scammer files a return in your name, your refund could be significantly delayed and you’ll have another headache to contend with.
9. Don’t get fooled: Scammers may, in an attempt to get your PII, impersonate the breached entity via regular mail, email or telephone contact. If you’re contacted, reach out to the breached company — get its contact information independently — and ask if the communication was for real.
For more information on protecting yourself from data breaches, visit the Federal Trade Commission’s web site at ftc.gov.
Have you been Bamboozled? Reach Karin Price Mueller at Bamboozled@NJAdvanceMedia.com. Follow her on Twitter @KPMueller. Find Bamboozled on Facebook. Mueller is also the founder of NJMoneyHelp.com.