The last few months have seen a rash of data breaches at large and small companies. Sony, Citigroup, Morgan Stanley and Sega are just a few of the ones that made big headlines. These breaches affected millions of people. No matter the company, if you are a customer, the consequences could be devastating.
If you are or were a customer of a company that suffers a data breach, your personally identifiable information (PII) may be sold to criminals. That means someone could be using your birth date, social security number, national identification number or credit card to commit fraud. Even though hackers like LulzSec claim they are compromising websites and databases only to expose their vulnerabilities, the vast majority of data breaches are done to make money. As Avivah Litan at Gartner Research said, “It’s a lot easier way to make money than physically robbing banks.”
If a company is breached, they will send you a letter or email explaining the details of the data breach and their response. They frequently will offer credit monitoring, refunds, free service and other measures to mitigate the risk of ruining your credit and having you take your business elsewhere.
So what do you do if this happens to you? Here are some tips to make sure you minimize the damage:
- Review the breached account and determine what information may have been compromised.
- Change your password (and user name if possible) for your account. If you use the same password for other accounts, change them.
- If this was a financial institution, call the company to change or cancel your credit and debit cards, if appropriate. Most have fraud policies and limit your liability if fraudulent charges appear.
- If someone stole your social security number in the US, call the Social Security Administration, the Federal Trade Commission and possibly the IRS. Each country has equivalent organizations.
- Notify your existing creditors of the breach – other financial institutions, credit card companies, etc.
- Place a fraud alert on your credit report with one of the three major credit bureaus: Equifax, Experian, TransUnion. This tells potential creditors to watch our for fraud on your account.
- Review your credit reports for any unusual activity and investigate suspicious activity. My bank offers monthly reporting free.
Depending on the company that was breached, your potential liability may be greater or lower. If you were a member of gaming network, for example, once you cancel the credit card you used, you may be safe. If someone stole information from a database with your social security number, you may have more concerns.
Be judicious in the information you give to companies to open accounts. Most companies don’t need your social security or national identification number to open an account. If they do collect this information, ask them how they are safeguarding it.
Make sure to use different passwords for your different accounts, so if one is breached there is less likelihood others will be compromised. This can be a pain, but if you use a tool like KeePass or LastPass, it makes it easier.
With more awareness of data breaches, companies will harden their defenses and hopefully these events will go the way of the dodo. Until then, make sure you know what you to do if you are a victim.
Photo credit CarbonNYC
