You have already been a victim of a data breach, which indicates your identity has been stolen. Most don’t realize it…yet. There have been over 600 million documented sensitive data records breached since 2005 in the U.S., meaning the average citizen has had their information compromised two times (and this is only documented breaches). The consideration is no longer “if” but rather “when” - and “when” has probably occurred a few times. If you take proper precautions, it is likely you can prevent yourself from becoming an identity theft victim.
If you are a victim of identity theft or believe you are a target of identity theft (which is everyone), then the Fair Credit Reporting Act legally entitles you to set a fraud alert with a credit reporting agency (CRA) free of charge. The fraud alert requires creditors to go through an additional identity verification procedure that essentially verifies that you are you. The fraud alert only needs to be set with one CRA (this CRA is required to inform the other two CRAs), it expires after 90 days and it takes less than 1-minute to complete. Fraud alerts are by far the most effective defense tactic against financial identity theft.
Thieves collect their returns - and you are victimized - when they access your breached accounts. Many individuals do not close their breached accounts because they wrongly believe there is a minimal chance of their accounts being overtaken. If you close these accounts, then you have effectively marginalized their efforts and protected yourself from the pain and suffering of identity theft.
Criminals adjust their methods based on behaviors of their targets. Recognizing the increasing obstacles with the direct use of an identity, criminals opt for the easier and more profitable path of account takeover. With your username and password – which was obtained in the breach – a good criminal can drain your financial accounts within minutes. Change your passwords and utilize different passwords for all of your different accounts.
Most people only associate their identity with their credit report. It is also as important to check your medical, criminal, and driving records. In the case of medical identity theft, the ultimate result can be death, and criminal identity theft can lead to improper incarceration. Make certain to monitor all forms of your identity for fraudulent use.
How vulnerable do you feel the moment you realize that your personal information has been stolen from a company – or government – with whom you interact? The standard procedure for the breached organization is to needlessly delay notification in the hopes they can sweep it under the rug (which provides the thieves an invaluable head start), issue communication artificially minimizing the severity of the breach, and finally offer an identity theft protection service that does nothing to prevent identity theft. This is not acceptable.
A standard procedure and rules for organizations post breach must be established, and this will only happen when enough citizens voice their concerns to their congresspeople.
Breached organizations often have a knee jerk reaction of contracting with identity theft companies to offer rather useless identity theft defense services. These are typically pigs with lipstick that may ultimately cause more harm than good. They are primarily monitoring services, and by definition, monitoring alerts you of a change in status after-the-fact. In other words, it alerts you that you are a victim, but does nothing to prevent it.
To minimize the negative press and publicity of the breach, organizations deceptively market these free services as prevention, and this ultimately provides the breached individuals a false sense of security. Don't fall for this, or your may fall victim to identity theft.
If you are to work with an identity theft defense service, make certain it specifically includes data breach protection and focuses on identity theft prevention.
It is normally not necessary to close all of the your bank accounts and credit cards, change your Social Security number, and legally change your name. Data breaches are an unfortunate byproduct of the identity ecosystem. If someone mispronounces your name, it is not necessary to hit them. The same is true with data breaches – actions should commensurate with the breach. If only your name is part of the breach, it is likely all that is necessary is for you to practice normal identity theft prevention and detection tactics.
The polar opposite of the previous point is to act like it didn’t happen and do nothing. Everyone is at risk of identity theft, but a data breach indicates that a criminal stole information with the specific intent of harvesting identities. Prior to the data breach, there was a target on you. Post data breach, it is a bulls-eye. If you stick your head in the sand, then the law of averages will eventually catch up to you and you will become an identity theft victim. An ounce of prevention is worth way more than a pound of cure.
There are countless examples (basically every incident) of breached organizations delaying communication alerts, downplaying the severity and downright lying to the victims of the breach. In essence, they got caught asleep in the guard tower and now they want to convince everyone that it is not a big deal. The best way for them to accomplish this is to deceive and misdirect, and this is why you cannot trust them.
The government is just as clueless as the breached organizations, and sometimes the breached organization is the government. While the government is often well-intentioned, the path to identity theft victimization is paved with good intentions. The Federal Trade Commission has some decent resources on their website, but otherwise the government is a dead end. If you look to the government, you will only be misdirecting your valuable resources, which should be focused on preventing victimization.
- Everyone reading this article has been subjected to a data breach – it is a new reality of the electronic age. It similar to driving a car: at some point an inconsiderate driver will cut you off. You have the choice to tap on the breaks, avoid the accident and continue on with your life. Or, you can smash into the driver and claim it was not your fault. Ultimately, the latter will cause you more pain, time, costs, and aggravation. Tapping on the breaks when part of a data breach simply requires practicing the tactics included in this article – tap the breaks, avoid identity theft, and move on with your life.
More expert advice about Banking
Photo Credits: Computer Password Security by Devoteam via Flickr; Check Man, Cross Man and Jump Man © ioannis kounadeas - Fotolia.com