Identity Theft Prevention

Identity theft has become a fact of life during the past decade. If you are reading this, it is a safe bet that your data has been breached in at least one incident. Does that mean we are all helpless? Thankfully, no. There is a lot we can do to protect ourselves from identity theft and to make recovery from cyber incidents quicker and less painful.

Recognize the signs of identity theft

It is sometimes difficult to know if you've been a victim of identity theft until the damage is done. These are some indicators of identity theft:

  1. Unusual or unexplainable charges on your bills.
  2. Phone calls or bills for accounts, products, or services that you do not have.
  3. Failure to receive bills or mail regularly.
  4. New or strange accounts appearing on your credit report.
  5. Unexpected denial of credit card purchases or a loan application.

Take control of your credit reports

Here are some easy steps you can take to do this:

  1. Examine your credit report at each of the three primary credit bureaus. You can get one free report from each credit bureau once per year by going to AnnualCreditReport.com or by contacting each bureau directly. Monitor your credit report throughout year by alternating your requests with a different credit bureau every four months
  2. Make sure there's nothing inaccurate in those reports, and file for correction if needed.
  3. If you feel you may have been victim of credit fraud or your sensitive information is part of a data breach, you can direct the credit bureaus to place a Fraud Alert on your account that will notify you in the event someone is trying to access your credit.
  4. Initiate a credit freeze if you wish to restrict companies from accessing your credit information. Instructions for doing this can be found at the FTC and Krebs on Security.

Primary Credit Bureau Contact Information

Equifax

Experian

TransUnion

https://www.equifax.com/personal/credit-report-services/

https://www.experian.com/help/

https://www.transunion.com/credit-help

1-888-298-0045

1-888-397-3742

1-800-916-8800

Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069

Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013

TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016

Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788

Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013

TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094

If you've been a victim of identity theft

  1. Create an Identity Theft Report by filing a complaint with the Federal Trade Commission online (or call 1-877-438-4338).
  2. Use the Identity Theft Report to file a police report. Make sure you keep a copy of the police report in a safe place.
  3. Place a Fraud Alert on your credit reports by contacting the fraud departments of any one or all of the three major credit bureaus: Equifax (800-685-1111); TransUnion (888-909-8872); or Experian (888-397-3742).

Cybersecurity best practices to protect your identity and information

Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. This means:

  1. Keep your software up-to-date. Apply software updates as soon as provided the vendors. These updates often contain security fixes that will protect your devices and applications from malicious code and bad actors. 
  2. Think before you click. Always verify the identity of the website you are accessing by double checking the website address and verifying the site's security certificate. Be cautious of any link sent in an email. 
  3. Think before you share on social media sites. Some of those fun-to-share-with-your-friends quizzes and games ask questions that have a disturbing similarity to "security questions" that can be used to recover your account. Do you want the answers to your security questions to be published to the world?
  4. Use a password manager, like LastPass, and keep a strong, unique password for every site or service you use. That way a breach on one site will not compromise your account on another site. Also, make your master password stronger and distinctly different than any other password - it's the password that protects your passwords.
  5. Use Multifactor Authentication (MFA).  Multifactor authentication is one of the most effective methods of protecting your online accounts.  Using an additional factor to authenticate to your services makes it exponentially harder for an attacker to access your account. Find out more about MFA here.
  6. Back. It. Up. What do you do if you are hit with a ransomware attack? Or your hard drive fails? If you have a recent off-line backup, your data are safe, and you can recover without even thinking about paying a ransom.
  7. Full disk encryption is your friend. If your device is stolen, it will be a lot harder for a criminal to access your data.
  8. Check all your accounts statements regularly. Paperless statements are convenient in the digital age. But it is easy to forget to check infrequently used accounts, such as a health savings account. Make a recurring calendar reminder to check every account for activity that you don't recognize.
  9. Manage those old-style paper statements. Don't just throw them in the trash or the recycle bin. Shred them with a cross-cut shredder. Or burn them. Or do both. Data stolen from a dumpster are just as useful as data stolen from a website. 

Additional Resources