My SSN may have been lost in a data breach, what should I do?
February 20, 2014 12:50 AM Subscribe
My SSN may have been lost in a data breach, what should I do to protect myself from identity theft?
you could lock down your credit report, so that no new inquiries could be performed without your knowledge. beyond that, i wouldn't worry too much. cultivate the attitude that identity thieves have more reason to fear you than you have to fear them.
posted by bruce at 1:14 AM on February 20, 2014
posted by bruce at 1:14 AM on February 20, 2014
Response by poster: "you could lock down your credit report, so that no new inquiries could be performed without your knowledge."
How do I do that?
posted by jtothes at 1:16 AM on February 20, 2014
How do I do that?
posted by jtothes at 1:16 AM on February 20, 2014
contact experian, transunion and equifax and ask them. conditions and fees vary from state to state.
posted by bruce at 1:21 AM on February 20, 2014
posted by bruce at 1:21 AM on February 20, 2014
Whoever allowed the data breach to happen may offer to cover fees for adding a credit alert.
posted by nat at 1:58 AM on February 20, 2014
posted by nat at 1:58 AM on February 20, 2014
For the time being, you'll probably want to freeze your credit files with the three major credit bureaus. This will keep any new credit accounts from being opened in your name because no access will be allowed to your credit reports. (Do note that this will also affect your own legitimate use of your credit, but you can lift the freeze if you need to apply for a line of credit.)
Experian
TransUnion
Equifax
If you are not offered the option of credit monitoring services by the party who failed to protect your data, you should firmly ask that they pay for those services for the next year. If necessary, make the point that their failure to protect your SSN and name has made you extremely vulnerable to the risk of identity theft.
posted by i feel possessed at 3:25 AM on February 20, 2014 [1 favorite]
Experian
TransUnion
Equifax
If you are not offered the option of credit monitoring services by the party who failed to protect your data, you should firmly ask that they pay for those services for the next year. If necessary, make the point that their failure to protect your SSN and name has made you extremely vulnerable to the risk of identity theft.
posted by i feel possessed at 3:25 AM on February 20, 2014 [1 favorite]
If you're talking about the University of Maryland breach, they're comping a year of free credit monitoring to all victims. Heard it on NPR yesterday so I don't have a link.
posted by oceanjesse at 6:04 AM on February 20, 2014
posted by oceanjesse at 6:04 AM on February 20, 2014
I have a standing offer with Maricopa County AND Target.
The party who didn't protect your data will probably pick up the cost of monitoring, so call them and ask.
posted by Ruthless Bunny at 7:37 AM on February 20, 2014
The party who didn't protect your data will probably pick up the cost of monitoring, so call them and ask.
posted by Ruthless Bunny at 7:37 AM on February 20, 2014
Target gave me a free credit monitoring service from Experian. It notifies me everytime a new account is created in my name. You could try something like that.
posted by AppleTurnover at 8:12 AM on February 20, 2014
posted by AppleTurnover at 8:12 AM on February 20, 2014
These are all excellent suggestions. As someone with experience with this sort of thing, I can tell you that ID theft is incredibly inconvenient and scary. If this was a large data breach odds are you will be OK, but you need to be as proactive as possible so that you can act quickly if there is an instance of fraud. Since there has been no fraudulent activity yet, here are some things to think about in addition to what has been suggested above:
1). It is possible to gain access to just about anything with a name and a social security number, and you would be surprised how low-tech the methods can be (e.g. calling and fishing for information). All of your accounts (bank, credit cards, cell phone, etc.) are potentially compromised. You need to be extremely diligent about checking up on them.
2). Sign up for a credit monitoring service, as many here have suggested, but make sure it is a service that can monitor reports from all three credit rating agencies. Companies will generally only use only one of the three rating agencies to pull your credit and you want to make sure you have no blind spots. Many credit cards offer this kind of service for an additional monthly fee, and though they will be affiliated with one of the three bureaus, they will have basic overview access to the other two.
3). Call to alert any companies you have accounts with and let them know that your SSN has potentially been stolen. Have them put a note on your account that this is the case and ask them what steps you can be taking. It's a small gesture, but has two advantages: a). if the company has an opt-in fraud protection measure or an additional layer of security (PIN, password) that they can add, they will tell you about it, and/or b). in the future if someone who is not you calls to fish or to make suspicious changes to the account, the note will appear for whomever takes the call.
4). Consider, as many above have said, putting an alert or freeze on your credit. The difference between a freeze and an alert is detailed well in the PDF link I will post below. One thing to note that has not already been covered: at least one of the credit reporting agencies requires a police report before they will freeze your account.
5). Read this PDF in its entirety and follow the steps accordingly. This is a step-by-step walkthrough of how to deal with ID theft (including data breaches) and is an absolute lifesaver.
6). Lastly, don't freak out. Just be extra careful and make sure you take the necessary steps in a timely manner if anything does come up. Best of luck.
posted by infiniteguest at 9:13 AM on February 20, 2014 [2 favorites]
1). It is possible to gain access to just about anything with a name and a social security number, and you would be surprised how low-tech the methods can be (e.g. calling and fishing for information). All of your accounts (bank, credit cards, cell phone, etc.) are potentially compromised. You need to be extremely diligent about checking up on them.
2). Sign up for a credit monitoring service, as many here have suggested, but make sure it is a service that can monitor reports from all three credit rating agencies. Companies will generally only use only one of the three rating agencies to pull your credit and you want to make sure you have no blind spots. Many credit cards offer this kind of service for an additional monthly fee, and though they will be affiliated with one of the three bureaus, they will have basic overview access to the other two.
3). Call to alert any companies you have accounts with and let them know that your SSN has potentially been stolen. Have them put a note on your account that this is the case and ask them what steps you can be taking. It's a small gesture, but has two advantages: a). if the company has an opt-in fraud protection measure or an additional layer of security (PIN, password) that they can add, they will tell you about it, and/or b). in the future if someone who is not you calls to fish or to make suspicious changes to the account, the note will appear for whomever takes the call.
4). Consider, as many above have said, putting an alert or freeze on your credit. The difference between a freeze and an alert is detailed well in the PDF link I will post below. One thing to note that has not already been covered: at least one of the credit reporting agencies requires a police report before they will freeze your account.
5). Read this PDF in its entirety and follow the steps accordingly. This is a step-by-step walkthrough of how to deal with ID theft (including data breaches) and is an absolute lifesaver.
6). Lastly, don't freak out. Just be extra careful and make sure you take the necessary steps in a timely manner if anything does come up. Best of luck.
posted by infiniteguest at 9:13 AM on February 20, 2014 [2 favorites]
This thread is closed to new comments.
posted by jtothes at 1:00 AM on February 20, 2014