The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
We asked Eduard Goodman, Identity Theft 911 chief privacy officer and an expert on international privacy and data protection law, what to do when a data breach notification letter lands in your mailbox.
His short answer: Don’t panic. Just pay attention.
Q: My bank just sent me a notice saying my personal data may have been compromised. Now what?
Whether the trouble starts with a pilfered laptop or an insidious cyberattack, a breach of personal electronic data triggers mandatory notification laws in 46 states* as well as Washington D.C., Puerto Rico, and the U.S. Virgin Islands. If you haven’t received such a notice already, chances are, you will. Since the first of the year, the nonprofit Identity Theft Resource Center has tracked 226 incidents exposing more than 11.9 million records nationwide.
Does this mean I’m now an identity theft victim?
No. It means something’s happened that could put you at risk. We don’t have good statistics on how many breaches actually turn into fraud because it’s difficult to pinpoint when, how, and where information might have been compromised. Thieves can “bank” stolen data for years before using it.
Faced with a breach notice, most people do one of two things—both wrong. They ignore it and throw it away or they freak out and start closing accounts. Do this instead:
Are some breaches worse than others?
Intent is key. In many cases, a thief who breaks into a car to steal a laptop just wants to make a quick buck by selling the laptop. On the other hand, hacking incidents show real intent to profit off personal data.
The kind of information matters, too. If it’s debit or credit card numbers only, there’s a good chance someone will try to use them. On the upside, exposure is limited and, if your bank thinks the risk is high, it will automatically reissue new cards (effectively shutting down the identity thief).
Degree of risk gets stickier when data like Social Security numbers, birth dates, and addresses is stolen. It has a long shelf life and can be traded internationally among organized criminals. It’s valuable because, unlike a single credit card number, it can spawn dozens of new accounts. While it’s less likely to be used than a single stolen credit card number (which requires much less time and work), potential damage to your good name is greater.
What should I do going forward?
Keep up your good data-management habits—shred sensitive documents before throwing them away, use a locking mailbox, and take advantage of the Do Not Call and Do Not Mail registries. Review your free credit reports every year.
And, if you do spot something amiss, call your insurance company or bank to see if you qualify for Identity Theft 911 services. We’ll help you assess your risk and, if warranted, take steps to make you less vulnerable.
*Currently, Alabama, Kentucky, New Mexico, and South Dakota do not require businesses to notify customers of data breaches.
This article originally appeared on IdentityTheft911.
Image by Vicente Martinez, via Flickr
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams