I recently received a letter from my employer stating that their computer systems had been breached and that my name, address, and Social Security number (SSN) had been compromised.
As it turns out, I’m not alone in this.
My data was apparently part of a much larger file that was stolen by the hackers. The good news is that I found out about it quickly and my employer is being proactive in offering free credit monitoring, at least for awhile. But still…
I’m now at increased risk of identity theft, credit fraud, etc. If you find yourself in a similar position, what should you do?
Request a fraud alert
For starters, you should place a fraud alert on your credit file. To do this, contact any of the three major credit bureaus (Equifax, Experian, and TransUnion) and request the fraud alert. Since this information is shared across companies, contacting one should be enough.
You can request the alert online or over the phone. Once completed, you should receive written confirmation from all three that the alert is in place. With the alert in place, credit issuers shouldn’t approve any applications without contacting you.
Note: Here is the contact information for the credit bureaus.
Also, when you place an alert, you will also be given instructions for getting a free credit report from each of the three bureaus. Note, however, that the FTC recommends waiting about a month before checking your report because it takes a bit of time for things to show up.
Review your credit reports
Once your free credit reports arrive, be sure to review them carefully. In addition to checking for accounts that you don’t recognize, you should also check to be sure that your personal details are accurate.
If you find any discrepancies, report them to the credit bureau immediately and immediately follow up on any accounts that you don’t recognize.
Consider extending the fraud alert
The initial fraud alert is good for 90 days. However, the letter that you’ll receive confirming that the alert is in place will include instructions for extending the alert. The extended alert stays in place for seven years.
The only downside of having a fraud alert in place is that it prevents automated approvals on credit applications and there’s a decent chance that the issuer won’t follow up to confirm your request. Thus, a fraud alert can inadvertently block legitimate credit applications.
Consider freezing your credit
If you’re looking for something stronger than a fraud alert, consider placing a credit freeze (or “security freeze”) on your credit record. Doing so locks down your credit reports, thereby preventing anyone (including you) from doing anything that requires access to your credit record. When you freeze your credit, you’ll receive a PIN code or password for temporarily lifting or completely removing the freeze.
The advantage of a credit freeze is that it’s likely to be more effective than a fraud alert (which are sometimes missed or ignored by credit issuers). That being said, having a credit freeze in place can delay or prevent the approval of all kinds of applications. Yes, you can unlock your report, but keep in mind that you might need a bit of lead time.
Keep checking your credit reports
If you’re lucky, you’ll be offered free credit monitoring in conjunction with the loss of your data. If not, you can do something similar yourself. As you’re likely aware, you’re entitled to a free credit report from each of the three bureaus once per year. To access these reports, start by visiting AnnualCreditReport.com.
But instead of requesting all three at once, spread them out to cover the year. Assuming that you followed up after placing the fraud alert, you’ll have check all three reports roughly a month after your data was compromised. From that point forward, check one of your three credit reports every four months.
Since all of you reports should contain much the same information, this is a good way of catching nefarious activity over time vs. using up all your reports at once.
And finally… Be on the lookout for anything suspicious going forward — credit cards you haven’t applied for, being offered less than stellar terms on your legitimate credit applications, calls or letters from collection agencies, etc.
All of the above are possible signs that someone has been masquerading as you to secure (and abuse) credit in your good name.
Relevant queries: what to do for data theft, what to do if your identity is compromised