Protect yourself as if you’re a data breach victim
In April 2024, over 2.9 billion records including sensitive information like social security numbers, were likely part of a large data breach. If you’ve been part of any data breach or if you’re one of those lucky few who have never been notified of being a part of any data breach, you should be taking steps to protect your identity and your assets. In otherwords, act like you’ve been a victim of a breach even if you aren’t confirmed as being one.
Lifetime habits to protect yourself from identity theft:
- Set up security and daily alerts on all of your financial accounts that notify you of what’s going on in your accounts. For example, opt to receive an immediate text of any wire transfer out of your account because the FBI can get your money back if it’s reported within 24 hours of a transfer.
- If you are not comfortable doing this yourself online, do it on the phone with a banker or go into the financial institution and ask them to do it for you.
- Include a quick review of all of your banking accounts as part of your regular routine to make sure there are no unauthorized transactions.
- Use unique, safe and secure passwords on every account you have – especially financial accounts and email accounts because email accounts can be used to reset passwords and you don’t want to make it easy for someone to get into your accounts via your own email address.
- A strong password is long, hard to guess and made up of upper and lower case letters, numbers and special symbols.
- Use a password manager so the only password you have to memorize is the one for the password manager. Make sure it is very long and complicated.
If you have a strong password you do not need to change it often.
- Use two-step authentication wherever and whenever it is possible. This is a system of using more than a user name and password to gain entry into an account. ie. In addition to standard log-in requirements, you must enter a code received via text before you can gain access. An example is Google’s 2-Step Verification for gmail or Apple’s 2-Step Authentication for an Apple ID. The second step may be a question, image or code. It can also be a physical token but these come with the risk of loss, misplacement or theft.
- I even do this on my social media accounts because social media account breaches have also become very common.
- Have good security questions that are hard to guess.
- Do not use “Mother’s Maiden Name” as a key question. If you have no choice, make up a different answer to that question and use that instead.
- If you find it too inconvenient to have a credit freeze on your account (you have to pay a small fee each time you need to unfreeze it for your own transactions), keep a permanent fraud alert on your credit.
- Be diligent about matching transactions to statements for all financial accounts.
- Avoid unsecured WIFI. Period!
- Use your own secured, malware-free and virus-free computer for financial and confidential transactions.
Identity theft can be devastating. As daunting as they seem, these steps are manageable and to repeat, they form a list of good habits to follow whether you’ve ever been a victim of identity theft or not.
What do you do if you are a confirmed victim of the Equifax breach or any identity theft:
- Cancel compromised credit cards.
- Suspend all activity on compromised financial accounts.
- Close compromised accounts and set up new ones as soon as possible.
- File a report with the FBI’s Internet Crime Complaint Center
- If money has been wired out, report it to the FBI immediately. If it’s been less than 24 hours, the FBI can likely get it back. (see direct link to contact FBI agent in article linked to above.)
- Contact your broker if an investment, retirement or brokerage account has been impacted.
- Obtain an annual free credit report. (Or get 3 free reports per year by requesting one from each credit bureau (TransUnion, Equifax, Experion) once a year. Stagger each request by 4 months and repeat every year.
- Request a free manual social security number search from the major credit bureaus to see if your number is being used with someone else’s name.
- Place a fraud alert or a credit freeze on your credit file. (Do it separately with each of the credit bureaus.)
- Review your credit report carefully for activity not belonging to you and if you find any, take appropriate actions.
- File a police report with your local police department.
- Sign up for credit monitoring with a reputable company – hopefully paid for by the business that compromised your information, if that applies. This is one of many suggested steps but on it’s own, it will not offer adequate protection.
- If you have a missing device with confidential information on it, (phone, tablet, computer), remotely wipe it clean yourself or ask your carrier for help with this if you can’t.
- Remove yourself from people directories to make your private online information difficult to locate. Basic information located online such as your birthday, mother’s maiden name, pet’s name and address can help a thief gain access your information by guessing your passwords and answers to security questions as they try to get into your accounts.
- Use step-by-step tutorials to remove your information yourself or contact me for help.
- Set up or review the alerts you already set up on your financial accounts per the guidelines in the first part of this article.
It is important to recognize that once your social security number has been compromised, it will likely be compromised again and you unfortunately remain at risk permanently. As frustrating as this is, it’s not the end of the world. What it means is that you must develop good habits and always take steps to protect yourself. Dealing with identity theft is aggravating and takes an enormous amount of time. Anyone who’s had to deal with the financial or personal damages related to identity theft will agree that prevention is way better than cure!
Until next time,…Stay Cyber Safe.
Easy to check out, readable…heck I have to leave a comment!
Who couldn’t use some positive reinforcement? Thank you for taking the time to do this.
Thank you so much for your help! I saw your report on KTLA with Rich DeMuro and I’m binging as much information as I possibly can. Unfortunately, I did get the confirmation from Equifax that I’m one of the 143 million affected by the breach, 🙁 and I don’t think I’ve ever had such a knot in my stomach! I’ve already gone ahead and place the fraud alerts on my reports, requested & reviewed them. Thank you again for the “checklist” provided.
I used to use LastPass as a password manager because it created those long recommended passwords, however, THEY were breached as well!! I did end up cancelling my account because I was so disappointed & upset, we use these services to keep us safe.What do you suggest we do in cases like that?
I’m so glad you are finding my information useful, Yolanda.
I am a Lastpass user. I believe the breach you are referring to was in 2015 where some user information was compromised but hackers did not get access to encrypted password vaults. That said, Lastpass recommended changing master passwords to be safe and it goes without saying that the master password should be as strong as possible. So in essence, I’m still in favor of a password manager.
Ms. Kaplan,
I found your blog while researching next steps in how to minimize the impact of the Equifax security breach on our family. When I saw the title “Act as if you’re an Equifax victim”, I had to read it since I have the same outlook. 143 million Americans likely represents every adult over 18 in this country, so yeah, this group includes me.
Thanks for compiling this list of action items. It’s becoming difficult to trust any company with not only safe-guarding our sensitive information, but to trust them to do the right thing after a breach like this mess with Equifax. We can talk later about what should happen to those knuckleheads.
My question to you is, in your opinion, do you think that a financial accounts “wipe” would be an appropriate move at this time ? Meaning, close all of my current accounts, bank accounts, credit accounts, etc. and re-open all new accounts with new account numbers, passwords, etc. ? I know that this would likely mean a negative impact on my credit score, but if I’m not in the market for requesting any new credit in the foreseeable future, perhaps the safety factor will outweigh the credit score hit ? I’m leaning towards at least putting a credit freeze on my credit report with all 3 credit bureaus to stop any new fraudulent transactions going forward.
Thanks,
Vince
Hello Vince,
In my opinion, I would NOT recommend a financial accounts “wipe.” Instead, I would start by insuring that you have an extremely safe (unique for every account, long, complex, hard to guess, mixture of special characters, numbers and upper case letters) password and that your security questions are also solid. (No Mother’s maiden name or easily guessable answers to those questions. Answers to these questions must not be easy to determine via social media or online searches.)
What is key is setting appropriate alerts such as a notification of any wire transfer out of an account. On accounts that don’t offer that, you can look into other options with that specific institution. For example, some accounts don’t offer or require monthly statements because there is very little activity on them. Those are the ones you need to explore carefully. The issue isn’t that the account information is widely available. The problem is that identity theft can lead to access. But taking the precautions in the article will reduce the potential impact if any of your accounts are breached. I hate the cliche but it’s not a matter of if. It’s truly a matter of when.
For now, credit card accounts are less important to prioritize over other types of financial accounts because financial institutions will usually not hold the card owner liable for credit card fraud. That said, credit card fraud is inconvenient and having alerts on those can be helpful for many different reasons. (To keep on top of spending amount, for example or to know when a foreign charge has been made). On the other hand, using a debit card removes money directly from the connected account and this does not come with the same protection as a credit card. I therefore discourage use of debit cards for any online transaction. In fact, I prefer to avoid them completely because of skimmers that can steal that information – for example at a gas station.
Good job being proactive and taking some simple, yet critical steps to protect yourself.
– Hayley
Hayley, I appreciate your expertise and sharing your knowledge. I spent several hours today adding alerts, researching monitoring companies, changing passwords, placing fraud alerts, and much more. Thank you for helping to keep us financially healthy in these ever changing times. You are awesome!
Thank you for reading what I have to say and a big congratulations on being proactive and taking care of this immediately. We need more people to do the same so that we make it less lucrative for cyber criminals to hack into sites and to compromise vast amounts of people and businesses in the process.
Thanks for this! I just reviewed my alerts and made a few changes in case I turn out to be impacted by this crazy Equifax breach.
Glad to be of service. Thanks for letting me know.