What To Do If Your Social Security Number Has Been Stolen in a Hack

Last week, health insurer Anthem lost over 80 million patient records, including sensitive information like social security numbers, email and physical addresses, and more. The fallout has already started, with Anthem customers getting bombarded with phishing scams. If you're an Anthem customer—or are just worried about the next hack—here's what you need to do to protect yourself.

To add insult to injury, it looks like Anthem didn't even encrypt the data that was stolen (even though the law requires them to.) So if the companies that are required by law to protect your data won't do it, how can you fill in the gaps? Here are some things you can do right now.

Put a Fraud Alert on Your Credit Report

Putting a fraud alert on your credit report alerts creditors and lenders that any time they pull your credit report—like they would to extend a new line of credit or a loan—that they should take extra steps to verify your identity. Ideally, this means that identity thieves that may try to impersonate you to open a credit card or bank account in your name will be stymied, while you'll be able to operate semi-normally. Fraud alerts last 90 days, and unlike disputes or errors, you only need to contact one of the three big credit bureaus to get your fraud alert on all of their reports. Here's where to go:

Once you place a fraud alert, you'll also get a free copy of your credit report from each of the three agencies. Keep that report, since you'll need it to make sure nothing's been opened already in your name. If everything looks good, use it as a benchmark in case something changes in the future. If you do see errors on the report, you can file disputes online right after you file your fraud alert. Like we mentioned though, fraud alerts only last for 90 days, so after that it's up to you to request an extension (often free if you've been a victim of identity theft already, but if not, there may be a fee involved).

If someone's already used your social security number or other personal information to open accounts or make inquiries on your credit report, you have more work to do to protect yourself. Fraud alerts are your first line of defense, but if you're already a victim of identity theft, here are some more things you should do right away.

Monitor Your Credit Closely

After your place a fraud alert on your credit report, the next thing to do is stand watch over your credit to make sure nothing out of the ordinary happens. Fraud alerts are great, but like we mentioned, they only last 90 days. Even if the company that lost your data offers you credit monitoring as a kind of consolation (like the Target hack or the Home Depot hack), data thieves know how the process works. They'll either get your data into the wild and start phishing for victims before the company can react, or they'll wait until the monitoring expires and then they'll strike.

If the credit monitoring is free, then by all means, take them up on it. However, after your 90 day alert expires, or after the monitoring stops, you'll still need to keep a close eye on your accounts. You can file for extensions, but they usually cost money, and there's no reason to pay when you can monitor your own credit more closely, with real-time alerts and updates, completely for free.

Combined with free services like Credit Karma or Credit Sesame, both of which monitor your credit for free in real time, your bank and financial institutions probably already have security alerts and notifications you just have to turn on yourself. Similarly, services like Mint and Personal Capital give you a 10,000-foot view of all of your accounts at once, and will notify you if anything strange happens to any of them.

Freeze Your Credit Report Entirely

If you're really worried, or you just want to take a more aggressive approach, you can freeze your credit report entirely. Placing a credit freeze essentially means that no one, including you, can pull or modify your credit report. That means it's impossible for an identity thief to open new accounts in your name...but it also means you can't either. That means you won't be able to apply for an apartment, a loan, or open a new credit card or bank account until you unfreeze it. Our friends at How-To Geek dive into the details on how credit freezes work here.

To request an freeze, here's where you'll need to go:

Placing a freeze on your credit report usually incurs a one-time fee. You can un-freeze your credit report temporarily and then re-freeze it later if you need to apply for something or pull your own report, but it can be a process. To do so, you'll need tons of identifying information (which you likely have anyway) and specific PINs from each bureau (which you set when you place the freeze.) However, this kind of lock on your account means that no one can touch your report until you say so, which is a pretty powerful tool.

Make Sure Your Social Security Number Stays Yours

If your social security number is lost in a hack—and if you're an anthem customer, yours has been—you may want to contact the Social Security Administration and the Internal Revenue Service to make sure an identity thief doesn't file a change of address to get official documents sent to a new address (like your tax refund, for example), or to try and obtain employment in your name.

It may be early to give them a heads up, but doing so makes sure that they have all the right information on record for you, helps you understand what you should do if you suddenly start seeing a new address associated with your name, or if official documents you expect seem to go missing in the mail. Similarly, the US Postal Inspection Service has an online form you can fill outif you think you've been the victim of mail-related identity theft, like someone filing a change of address to get your mail redirected to them.

Hone Your Scam Detection Skills

Hacks like these aren't your fault, obviously, so there's no amount of document shredding or strong password auditing you could have done to stop them. Even so, it's still important to be vigilant. If you data is in the wild, you can expect potential thieves to come calling, whether it's in the form of online phishing attempts, scam emails, man-in-the-middle attacks, or straight-up targeted hacking attempts. Make sure you can identify phishing and scam emails when they come, and that you're using a good password manager, preferably one that can notify you if there's been a breach in one of your accounts. Also, it doesn't hurt to make sure you're using strong, up-to-date antivirus and anti-malware tools.

Similarly, once your private data is available to others, social engineering quickly becomes a huge security concern. A thief may not have enough information to open a bank account in your name, but they may have enough to call your bank and get access to your existing accounts. Use two-factor authentication everywhere you can. Keep an eye on your spam and trash folders, and make sure you're not seeing a sudden uptick in password reset requests and other emails from institutions you're not familiar with, or don't have accounts with. Some are normal phishing emails, but a ton suddenly is a suspicious, and you should call that institution to see what's going on.

Finally, protecting your identity doesn't stop with your computer. Most identity theft occurs offline, in some cases with data obtained online. It's important to learn how to protect your offline data as well, and this is a good reminder that shredding sensitive documents, reporting lost or stolen documents, and of course, being cautious of suspicious phone calls (even from companies you trust) where someone may try to get even more sensitive information out of you.

BAKKACIMA BLOG

Search This Blog