Data Breach Victim?

If misery loves company, then we are living in misery’s heaven because everyone is a data breach victim. Considering there have been over 600 million sensitive data records breached, this indicates every man, woman and child has been a data breach victim an average of two times, and this is only documented breaches – the actual number of victims is considerably more.

With this understanding, it is important to always practice sound identity theft prevention and detection tactics. The following list of Do’s and Don’t’s is applicable to all data breach victims.


Do close all accounts affected by the breach

Thieves collect their returns – and you are victimized – when they access your breached accounts. Many individuals do not close their breached accounts because they wrongly believe there is a minimal chance of their accounts being overtaken. If you close these accounts, then you have effectively marginalized their efforts and protected yourself from the pain and suffering of identity theft.

Do change your passwords

Criminals adjust their methods based on behaviors of their targets. Recognizing the increasing obstacles with the direct use of an identity, criminals opt for the easier and more profitable path of account takeover. With your username and password – which was obtained in the breach – a smart criminal can drain your financial accounts within minutes. Change your passwords and utilize different passwords for all of your different accounts.

Do set a fraud alert with a credit reporting agency every 90 days

If you are a victim of identity theft or believe you are a target of identity theft (which is everyone), then the Fair Credit Reporting Act legally entitles you to set a fraud alert with a credit reporting agency (CRA) free of charge. The fraud alert requires creditors to go through an additional identity verification procedure that essentially verifies that you are you. The fraud alert only needs to be set with one CRA (this CRA is required to inform the other two CRAs), it expires after 90 days and it takes less than 1-minute to complete. Fraud alerts are by far the most effective defense tactic against financial identity theft.

Do monitor your identity for fraudulent use

Most people only associate their identity with their credit report. It is also as important to check your medical, criminal, and driving records. In the case of medical identity theft, the ultimate result can be death, and criminal identity theft can lead to improper incarceration. Make certain to monitor all forms of your identity for fraudulent use.

Do contact your Congressperson for better data breach victim rights

How vulnerable do you feel the moment you realize that your personal information has been stolen from a company – or government – with whom you interact? The standard procedure for the breached organization is to needlessly delay notification in the hopes they can sweep it under the rug (which provides the thieves an invaluable head start), issue communication artificially minimizing the severity of the breach, and finally offer an identity theft protection service that does nothing to prevent identity theft. This is not acceptable.
A standard procedure and rules for organizations post breach must be established, and this will only happen when enough citizens voice their concerns to their Congresspeople.


Don’t go crazy

It is normally not necessary to close all of your bank accounts and credit cards, change your Social Security number, and legally change your name. Actions should be commensurate with the breach. If only your name is part of the breach, it is likely all that is necessary is for you to practice normal identity theft prevention and detection tactics.

Don’t pretend like it didn’t happen

The polar opposite of the previous point is to act like it didn’t happen and do nothing. Everyone is at risk of identity theft, but a data breach indicates that a criminal stole information with the specific intent of harvesting identities. Prior to the data breach, there was a target on you. Post data breach, it is a bulls-eye. If you stick your head in the sand, then the law of averages will eventually catch up to you and you will become an identity theft victim. An ounce of prevention is worth way more than a pound of cure.

Don’t trust the breached organization

There are countless examples (basically every incident) of breached organizations delaying communication alerts, downplaying the severity and downright lying to the victims of the breach. In essence, they got caught asleep in the guard tower and now they want to convince everyone that it is not a big deal. The best way for them to accomplish this is to deceive and misdirect, and this is why you cannot trust them.

Don’t rely on free identity theft defense services

Breached organizations often have a knee jerk reaction of contracting with identity theft companies to offer rather useless identity theft defense services. These are typically pigs with lipstick that may ultimately cause more harm than good. They are primarily monitoring services, and by definition, monitoring alerts you of a change in status after-the-fact. In other words, it alerts you that you are a victim, but does nothing to prevent it.

To minimize the negative press and publicity of the breach, organizations deceptively market these free services as prevention, and this ultimately provides the breached individuals a false sense of security. Don’t fall for this, or you may fall victim to identity theft.

If you are to work with an identity theft defense service, make certain it specifically includes data breach protection and focuses on identity theft prevention.

Don’t look to the government for help

The government is just as clueless as the breached organizations, and sometimes the breached organization is the government. While the government is often well-intentioned, the path to identity theft victimization is paved with good intentions. The Federal Trade Commission has some decent resources on their website, but otherwise the government is a dead end. If you look to the government, you will only be misdirecting your valuable resources, which should be focused on preventing identity theft victimization.