It seems every week we hear about a data breach on the news at a major company or government institution. Recent breaches at Equifax, Yahoo, IRS, Target, and OPM are a few good examples. So what should you do when a data breach notification letter arrives in your mailbox, or you simply hear about it in the news cycle? My short answer is — don’t panic and pay close attention.
Faced with a breach notice, most people either ignore it, panic, or start closing accounts. All of these are not helpful so we recommend these steps:
- Read the notice carefully to learn what information may have been exposed. Keep this notice handy in case you need to prove your data was compromised through no fault of your own.
- If you are offered free credit monitoring, take it
- Pay close attention to your bank accounts and credit card transactions — at least weekly. Look for any unusual activity.
- Visit a reputable website that summarizes additional steps to take. My recommendation is www.ftc.gov/idtheft
- Know how to place a credit freeze on your credit file
- Enroll in a paid service for identity theft protection. Each offer similar protection, but depending upon your financial situation, you may choose one over the other My two recommendations are:
- If you are in the habit of storing credit card information on website (i.e Amazon), enroll in Mult-Factor Authentication if the website has it available
So What should I do moving forward? Keep up good data-management habits by shredding sensitive documents before throwing them in the trash; use a locking mailbox; and take advantage of the Do Not Call registry.
Let’s face it, if you haven’t received a breach notification letter yet, you probably will in the future. Not all breaches are created equal and some are worse than others.
If it involves your credit card or debit card, chances are your bank will issue you a new one if they think the risk is high (you can always request a new card if you’re concerned). If your SSN, birth date, and address are compromised, they have a long shelf life and can be used by cyber-criminals next month, next year, or two years from now — you get the point. For this reason, take the necessary precaution that’s proportional to your risk level.