Manage Your Personal Info to Help Prevent Identity Theft

Identity theft has become a fact of life during the past decade. If you are reading this, it is a safe bet that your data has been breached in at least one incident. Does that mean we are all helpless? Thankfully, no. There is a lot we can do to protect ourselves from identity theft and to make recovery from cyber incidents quicker and less painful.

First, take control of your credit reports. Examine your own report at each of the "big three" bureaus. You get one free report from each credit bureau once per year. You can request them by going to Make sure there's nothing inaccurate in those reports, and file for correction if needed. Then initiate a credit freeze at each of those plus two other smaller ones. Instructions can be found at Krebs on Security. To keep an eye on your credit report all year, space out your credit bureau requests by requesting a report from a different credit bureau every four months.

Next, practice good digital hygiene. Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. This means:

  1. Keep your operating system up to date. When OS updates are released, they fix errors in the code that could let the bad guys in.
  2. Do the same for the application software you use. Web browsers, plug-ins, email clients, office software, antivirus/antimalware, and every other type of software has flaws. When those flaws are fixed, you are in a race to install that fix before someone uses the flaw against you. The vast majority of hacks leverage vulnerabilities that have a fix already available.
  3. Engage your brain. Think before you click. Think before you disclose personal information in a web form or over the phone.
  4. Think before you share on social media sites. Some of those fun-to-share-with-your-friends quizzes and games ask questions that have a disturbing similarity to "security questions" that can be used to recover your account. Do you want the answers to your security questions to be published to the world?
  5. Use a password manager, like LastPass, and keep a strong, unique password for every site or service you use. That way a breach on one site won't open you up to fraud at other sites. Also, make your master password stronger and distinctly different than any other password - it's the password that protects your passwords.
  6. Back. It. Up. What do you do if you are hit with a ransomware attack? (Or a run-of-the-mill disk failure?) If you have a recent off-line backup, your data are safe, and you can recover without even thinking about paying a ransom.
  7. Full disk encryption is your friend. If your device is stolen, it will be a lot harder for a thief to access your data, which means you can sleep at night.
  8. Check all your accounts statements regularly. Paperless statements are convenient in the digital age. But it is easy to forget to check infrequently used accounts such as a health savings account. Make a recurring calendar reminder to check every account for activity that you don't recognize.
  9. Manage those old-style paper statements. Don't just throw them in the trash or the recycle bin. Shred them with a cross-cut shredder. Or burn them. Or do both. Data stolen from a dumpster are just as useful as data stolen from a website.

Recognize Identity Theft

It is sometimes difficult to know if you've been a victim of identity theft until the damage is done. These are some indicators of identity theft:

  1. Unusual or unexplainable charges on your bills
  2. Phone calls or bills for accounts, products, or services that you do not have
  3. Failure to receive bills or mail regularly
  4. New or strange accounts appearing on your credit report
  5. Unexpected denial of credit card purchases or application for a loan

If you've been a victim of identity theft:

  1. Create an Identity Theft Report by filing a complaint with the Federal Trade Commission online (or call 1-877-438-4338).
  2. Use the Identity Theft Report to file a police report. Make sure you keep a copy of the police report in a safe place.
  3. Flag your credit reports by contacting the fraud departments of any one or all of the three major credit bureaus: Equifax (800-685-1111); TransUnion (888-909-8872); or Experian (888-397-3742).

Tax Season Tips

Tax season presents an opportunity for identity thieves and fraudsters to gather personal information as well as steal taxpayer refunds.

For Businesses:

  1. File withholdings electronically. The Internal Revenue Service (IRS) or state revenue agencies will not request employers to email employee tax withholding information.
  2. Store taxpayer records securely, such as in encrypted format.
  3. Notify the IRS or state revenue agency immediately if taxpayer records have been compromised.

For Individuals:

  1. Never provide personal information to an unknown person.
  2. Have all W2s and other tax documents before filing.
  3. File early and electronically.
  4. Look for signs an unauthorized person has filed a return pretending to be you, such as, more than one return associated with your SSN, unexpected notice(s) that you owe taxes, receiving a refund you did not request, collection actions with incorrect information, or the IRS alerts you a false return was filed.
  5. In Virginia, include your driver's license or state identification card number on the return.

Avoid IRS Impersonators. The IRS will not call you with threats of jail or lawsuits. The IRS will not send you an unsolicited email suggesting you have a refund or that you need to update your account. The IRS will not request any sensitive information online. These are all scams, and they are persistent. Don’t fall for them. Forward IRS-related scam emails to Report IRS-impersonation telephone calls at Learn how to protect yourself during tax season with tips provided by the IRS at

Additional Resources: