5 Steps to Protect Your Digital Identity in The Age of Breaches

The record number of data breaches in 2017 (1,579 publicly-reported breaches to be exact) and the sensitivity of the data stolen (especially social security numbers and passwords) have led many to wonder how to protect themselves. Since I work in the identity protection industry, my friends and family have asked what recommendations they should follow to secure their personal data. In this write-up, I’ll share some basic information, options, and suggestions for what to do in the wake of a data breach.

Credit Card vs. Identity Theft, Understanding the Difference

First, let’s distinguish credit card theft from identity theft. My credit card number is stolen reliably about once per year. It’s a nuisance, but that is all. The bank eats all losses related to the theft and I simply get a new credit card number. But if a thief gets a hold of my SNAPD info (SSN, Name, Address, Phone number, and Date of birth) and applies for a credit card in my name—that is identity theft, and it is more difficult to remedy. I may not even realize it has happened until I try to buy a car and my loan application is denied because my credit has been ruined (after, for instance, a thief opened a credit card account with my information, racked up charges, and never paid the bill). I can’t easily change my SNAPD info like I can a credit card number, so I must begin a long, painful process of trying to restore my good credit. Because my information is spread out across so many companies, it’s on me as the victim to clean it up everywhere, and I may not be able to buy anything on credit until that’s done.

How do you prevent identity theft from happening? Unfortunately, there is no silver bullet. Think of protecting your identity health like protecting your body health. To be healthy, you pursue a combination of diet, exercise, physical checkups, etc. The same is true with identity health. You must follow preventative steps to keep your information safe.

While the biggest breaches are months old, we aren’t out of the woods yet. Perhaps we’ll see better protections and systems put in place over time. But for now, your SNAPD info remains a bit like a credit password you cannot reset, putting you in a horrible position if it gets stolen.

Credit Freezes

There are many articles recommending consumers freeze their credit. This involves getting a pin number you can use to turn your credit off and on with the primary credit bureaus: Equifax, Experian, and TransUnion (Innovis, the fourth largest, is also sometimes included). While your credit report is turned off (frozen), any applications for credit (including those by thieves) will be denied. When you apply for something that requires a credit check (mortgage, car loan, cell phone account, etc.), you must unfreeze your credit before you apply and then turn it off again once the credit decision is made. You will pay a fee ($10 or so per bureau, depending where you live) each time you activate and deactivate the freeze, which state attorneys general are now successfully pressuring the bureaus to waive. Freezing your credit certainly seems like a good idea now that the most sensitive information for half of all Americans is known to be in the wrong hands. It is up to each person to decide whether the hassle and cost is worth it.

It is important to understand that even after freezing your credit at the primary bureaus (remember, no silver bullet), you may still be vulnerable to identity theft. There are other smaller and less frequently used credit bureaus. Also, freezing your credit will not protect against transactions that don’t go through a credit bureau, which can include payday lending, tax filing, health care transactions, etc. That being said, don’t let the presence of scary diseases stop you from taking basic health precautions that are within your control.

Credit and Identity Monitoring

Another option to consider is credit or identity monitoring services. Credit monitoring services, including some offered for free after a breach, will alert you when you have credit activity at the major bureaus. Identity monitoring services usually include credit monitoring, plus identity monitoring features such as monitoring the dark web for your information or alerting you to other important events that do not traverse the bureaus. Some identity monitoring services will also help you to resolve issues if you are exposed to identity fraud, and/or insure you against financial losses that may result from identity theft. It can be somewhat confusing because many offerings have the name “identity” or “ID” in them, including those that only provide credit monitoring. Make sure you read the full service offering and understand everything you are being provided. Full disclosure: I am an employee of ID Analytics, a Symantec company and receive a free subscription to LifeLock, an identity theft protection service, as an employee benefit.

To summarize: When considering ways to protect your personal data, good options to consider are freezing your credit, signing up for a credit or identity monitoring service, or both. If you choose either of these options, do not take the approach of just doing something for a few months until the current breach news dies down. It may take time for the stolen data to be sold and distributed, and the bad guys are aware that everyone is on guard when breaches are top headlines. There is a good likelihood that at least some fraudsters will wait until the news cycle moves on and people let their guard down, to increase the chances of their fraud going undetected. It is common to see a burst of fraud activity a year after a breach.

Digital safety also includes protecting your passwords and being aware of phishing/social engineering techniques.


You have likely heard a lot of advice about passwords that you are not following because it’s not practical. For instance, we’re told to use different passwords for every website, but now that we all have dozens (or hundreds) of logins, remembering separate passwords simply isn’t possible. About half of consumers reuse passwords across sites and billions of passwords have been exposed in breaches.

In my opinion, the best way to solve for passwords is to use a password manager, such as LastPass, Dashlane, 1password, or Norton Identity Safe (compare features to pick the best one for you). With a password manager, you create one master password that unlocks access to all your other passwords, which it will auto-fill into web site forms for you or allow you to copy/paste whenever needed. I let the password manager generate and manage a different 16-digit complex password for each site (you must change your existing site passwords to get this benefit). It also stores other secret information for me, such as credit card numbers, family member SSNs, etc., making it a full-featured secure digital wallet. It allows me the convenience to copy/paste these values whenever needed across all my devices, along with the security of strong encryption.

At a minimum, take the time to create two reasonably complex passwords, one that you use for less secure sites (cat toy shopping sites, knitting discussion boards, etc.), and a second that you use for sites that must be secure (banks, retirement accounts, etc.). If thieves steal username and password combinations from less secure sites, they will try them at bank, investment, and email sites too. By separating those two categories of sites, you add some protection. A reasonably complex password should be 8-20 characters and include uppercase, lowercase, numbers, and special characters.

Phishing / Social Engineering

Phishing and social engineering fraud involves fraudsters trying to trick you into giving them your information willingly (under false pretenses). It may be a phone call where they ask for personal info or passwords, it may be an email with a link or attachment, or it may be a browser window that pops up from a web site you visit. The best general defense against this is to educate yourself. Consider taking an online mini-course to become familiar with the types of emails, pop-ups, and web addresses that are considered suspicious. If you’re a novice, try AntiPhishing Phil. It’s dated, but it’s the best game I could find to teach some basics. Below are two other scenarios to be mindful of, which I have seen friends and neighbors fall victim to.

Do not click on or follow the instructions of any warnings saying your computer has been hacked, encrypted, is in danger, or instructing you to call a number for protection or more information. In my experience, 99% of the time, these are browser pop-ups trying to trick you into clicking something. Just turn off your computer and avoid that website. If you don’t have a quality antivirus & security package installed, this is another important piece of protection.

Do not give any personal information or passwords over the phone (or in person). Good guys will never ask you for your password (though my cell phone company now asks me for a passcode I had to set up for service calls…sigh) and should not ask you for sensitive information like full SSN. I have had legitimate folks ask me for my SSN to look me up in their system, I simply ask them to look me up another way. Be very mindful of whether you initiated an email or phone call or if the other party did (other party = more risk). If the caller claims to be from an institution you do business with, but you doubt the legitimacy of the call, hang up and call the main number for the business to verify that they were in fact trying to contact you.

When it comes to digital safety, the good news is that I believe over time, more and more solutions will be created that move the burden of security away from individuals. New technologies show a lot of promise that trust can be built into the technology architecture itself. In the meantime, I hope this primer has been helpful.

If you’re concerned your credit has been impacted by identity theft, you can check your three credit reports for free once a year. To track your credit more regularly, Credit.com’s free Credit Report Card is an easy-to-understand breakdown of your credit report information that uses letter grades—plus you get a free credit score updated every 14 days.


Matt Lewis is Director of TechOps for ID Analytics, with more than 20 years of experience in software and technology operations. In this role, he leads the 30-person TechOps department whose philosophy for operational excellence is to build automation that runs the environment, continuously working to eliminate manual steps wherever possible.

Lewis has championed products which use analytics to protect companies from identity and credit card fraud, previously holding positions at HNC Software and FICO. Lewis holds a Bachelor of Science in Electrical Engineering from the University of California, Los Angeles (UCLA).


Image: iStock

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team