I just read an excellent article by Dennis O’Reilly that explains what an individual should do if you are notified of a possible breach of your personally identifiable information, PII, such as your driver’s license number, social security number, passwords, addresses etc. Basically, Dennis suggests five things that you should do:
- Verify that a breach has occurred. Some sophisticated phishing schemes will notify you of a breach and then ask you to the change your password for a particular web site. When you then go to change your password, they steal the new password and then have free access to your account. So before you change your password it is imperative to call or email the company and make certain that a breach has occurred. Whatever you do don’t click on the emailed link.
- If a breach has occurred then you certainly want to act fast and change your password utilizing available techniques to develop strong passwords. It is a big pain but your web security depends on creating strong passwords of at least nine characters. Remember to not use a word that is in the dictionary and be sure to add in some numbers and some random characters like $, #, @, %. These passwords should be changed every three months.
- Keep close watch on your credit activity. It is very important to report any suspicious activities as soon as possible. If your social security number was compromised then you should pay attention to any new accounts that might be opened in your name. The best way to do this is to utilize the Annual CreditReports.com free report that you are entitled to each year. There are three credit reporting agencies so you could receive one free report every four months.
- For additional protection you can establish a security freeze on all account activity for about $10 to place and $10 to remove the alert. Any of the three credit bureaus can set up the fraud alert for you. You should leave these in place for as long as possible. The hackers may not use your data for a year so it is important to continue tracking credit activity.
- The most important thing is to be proactive. Don’t sit and wait for the company that was responsible for the breach to contact you or to help you in any way. Take the initiative immediately.
I understand that this is a real pain to have to go through these steps to keep the thieves at bay but if you do end up with a stolen identity it is infinitely more of a hassle to get your life back and get your credit rating restored than it is to protect it from the beginning.