After a Massive Breach, Is Your Data in Danger?

National Public Data, a consumer data broker, confirmed last week that a hacker had targeted the company in December 2023, “with potential leaks of certain data in April 2024 and summer 2024.”1Other reports indicate that this leaked data had been found on the dark web and could include the names, addresses, phone numbers, and Social Security numbers of millions of Americans.2 A data breach of this magnitude is especially worrisome, and is the latest in a string of major data breaches this year.3 If you’re wondering what you can do to help protect yourself against the growing threat of identity theft, here are some steps to consider.

Place fraud alerts and credit freezes

One way to reduce your risk after a data breach is to place a fraud alert or a credit freeze on your credit report. Both are free tools that can help you prevent fraud, but they work somewhat differently.

A fraud alert is a notice placed on your credit report that warns potential creditors that your identity has been compromised. It allows them to check your credit but requires them to take extra steps to verify your identity before issuing new credit in your name. You can place a fraud alert by contacting one of the three major credit bureaus (Equifax, Experian, and TransUnion), and that agency will notify the others. An initial alert will last for one year, but can be extended to seven years if you have become an actual, rather than potential, victim of fraud.

A credit freeze (sometimes called a security freeze) may also help protect you if you suspect your personal information was stolen, but it’s more stringent. Once you have a credit freeze in place, potential creditors won’t be able to access your credit report or credit score (there are some exemptions). This helps prevent identity thieves from opening fraudulent accounts in your name. To request a credit freeze, you will need to contact each of the three major credit reporting agencies. The credit freeze will stay in place until you decide to lift it, which you will need to do at least temporarily, before applying for credit.

A fraud alert or credit freeze can be set up online, by phone, or by mail, following each credit bureau’s instructions. This may also be a good time to request a free credit report so that you can check recent credit activity. Here are the website addresses and phone numbers for each of the three major credit bureaus.

Continue to monitor your personal and financial information

  • Consider subscribing to a credit monitoring service if you need extended support. These services come at a cost, but may bundle together credit report monitoring, credit report locks, scans of the dark web, help with recovering from identity theft, and identity theft insurance.
  • Periodically review your credit reports to spot suspicious activity. You can receive free weekly online reports from all three credit bureaus at the official site annualcreditreport,com.
  • Sign up for alerts for your bank, financial, and credit card accounts that will notify you when a transaction has occurred or someone has signed into your account. Check your accounts frequently and review your statements.
  • Pick strong passwords that are different for each account, and change them periodically. For an extra layer of protection, use a password manager that generates strong, unique passwords that you control through a single master password.
  • Enable multifactor authentication when offered. For example, in addition to providing a password, you may be required to enter a code sent to your phone or email, answer a security question, use a physical security key, or sign in using a facial or fingerprint scan.
  • Keep your device and security software up to date. Operating system and software updates may include security fixes. An easy way to do this is to turn on automatic updates.
  • Watch out for phishing attempts from scammers looking to obtain passwords or financial information. Be cautious if you receive a link or attachment in your email or via social media. Don’t click on it until you can verify that it’s legitimate. Let unsolicited phone calls go to voicemail, and double-check phone numbers, even if they appear familiar or seem to come from a company that you normally do business with.
1) National Public Data, August, 2024
2) KrebsonSecurity.com, August 15, 2024
3) Identity Theft Resource Center, 2024