What Can You Do After a Data Breach?

Chances are you or someone you know is one of the hundreds of millions of people whose personal data has been exposed in a data breach. But once your personal information is out there, what can you do to prevent its misuse?

While there’s no single way to address all risks after a data breach, for Financial Literacy Month, we put together a list of some steps you can take to prevent misuse of your financial information, monitor your accounts to spot problems, or find help after identity theft. Read on and listen to Anna Maria Ortiz, an acting director in our Financial Markets and Community Investment team, discuss the issue:

spacer

Preventing unauthorized new credit accounts

  • Freezing your credit report is a free and useful way to prevent thieves from opening a new credit card or loan in your name. But you’ll need to request a freeze at each of the 3 nationwide consumer reporting agencies (Equifax, Experian, and TransUnion) separately.

            

  • Placing a free fraud alert on your credit report requires businesses to verify your identity before opening an account in your name. They do not prevent access to your credit report the way freezes do so they are not as strong a protection as freezes. These alerts also must be renewed annually—but unlike freezes, you’ll only need to submit a request through 1 consumer reporting agency rather than all 3—the one agency must notify the other 2.

Keeping an eye out for fraud

There’s also a chance that fraudsters can take over your existing accounts, such as debit or credit cards. There are several ways to monitor your accounts for suspicious activity.

  • Requesting your credit report at annualcreditreport.com is free from each consumer reporting agency every 12 months. If you check 1 of the 3 agencies every 4 months, you can improve your odds of catching problems throughout the year.
  • Reviewing your account statements or setting up free automatic alerts. This can help you spot transactions you didn’t make.

There are other types of identity theft or fraud, though. For instance, someone can use your identity to file a health insurance claim in your name, file your tax return to get the refund, or use your information to obtain other government benefits like Social Security payments. Reviewing your medical bills and health insurance benefit statements, filing your taxes early, and setting up an online Social Security account can help you catch these issues.

Responding to identity theft

If you suspect you are a victim of identity theft, you have several options to get help.

You can contact local and state law enforcement or state Attorney General offices–some have consumer protection helplines or victim services offices that provide one-on-one assistance.

The Federal Trade Commission’s IdentityTheft.gov can assist you in developing a customized recovery plan and can help you fill out necessary reports to send to consumer reporting agencies, law enforcement, or the IRS.

Commercial identity theft services are also available. They offer to monitor credit and identity information, insure against identity theft, or help restore victims’ identities. Experts told us that identity theft services can be convenient and can help victims recover from identity theft if they offer 1-on-1 assistance. But identity theft services do not prevent fraud from happening in the first place and they will not address all data breach risks. You can read more about these services in our 2017 report and related blog post.

Experts highlighted 4 factors to consider before deciding what options to choose after a data breach:

  1. Which options help prevent fraud;
  2. How much the options costs;
  3. How convenient the options are; and
  4. What information was exposed.

To learn more about consumer options after data breaches, check out our recent report.


  • Questions on the content of this post? Contact Anna Maria Ortiz at ortiza@gao.gov.
  • Comments on the WatchBlog? Contact blog@gao.gov.
Image | This entry was posted in Business Regulation and Consumer Protection, Information Security and tagged , , , , , , , , , , , . Bookmark the permalink.