Even if you haven't received notice of a data breach lately, your personal data may still be at risk. Millions of consumers’ sensitive information, such as login credentials, bank account info and Social Security numbers, is floating around the internet, just waiting to be exploited.
So it's smart to act as if your information has been compromised and take steps to protect yourself from identity theft.
Personal information includes your Social Security number, birthdate and mother’s maiden name. Among these, your Social Security number is the most sensitive, because you can’t change it and it’s often used to verify your identity.
“If you look at the companies that have been compromised, the chances are really good that your personal information is out there,” says Gary Davis, who served as the “chief consumer security evangelist” at the cybersecurity company McAfee. An example is the 2017 Equifax hack, in which more than 147 million U.S. consumers had their credit profiles and Social Security numbers exposed. It's not a recent breach but promises to have lasting effects for many consumers.
With access to your personal information, scammers could apply for new lines of credit in your name, potentially saddling you with debt, ruining your credit or both. With your Social Security number, a criminal could also steal your tax refund.
What you can do
Take three important steps to limit the exposure of your personal info and protect yourself if some data is already out there.
Limit exposure: Avoid giving out your Social Security number whenever possible. Many services ask for it to verify your identity but may offer other ways to confirm who you are. Limit the number of databases and filing systems containing this identifier.
Freeze your credit: Safeguarding your credit files is fairly easy — and free. The best approach is to freeze your credit with the three main credit bureaus: Equifax, Experian and TransUnion.
Regularly check your credit reports: You’re entitled to a free copy of your credit report from the three major credit bureaus every 12 months. Review your reports and look for any lines of credit you don’t recognize because that can be a red flag for fraud.
For an added sense of security, you might want to consider credit monitoring and identity theft protection services, which can alert you to attempts to use your personal information. But they charge a fee and can’t prevent ID theft, just alert you after the fact.
This refers to things like your email, bank account or social media login credentials. Some of your digital information may have been exposed if you use Facebook, Yahoo or Capital One, to name just a few high-profile breaches. In addition, the information you share on social media can leave you vulnerable to identity theft.
Protecting your digital information helps thwart many forms of identity theft. If your Facebook account is accessed by hackers, for example, they could tap your network and create scams targeting your friends and family. Criminals with your bank login credentials could siphon money from your account or run up charges on a credit card.
What you can do
Some fairly simple measures can help protect your digital information.
Protect your accounts: While it might sound like a no-brainer, make sure you’re using secure, unique passwords for each of your accounts. “Secure” means something that’s hard to guess; use capital and lowercase letters, and mix in numbers and special characters. “Unique” means not repeating a password, so someone who accesses one of your accounts can’t get into all of your accounts. Keep in mind, the easier it is for you to access your accounts, the easier it may be for a criminal to do so as well.
Use technology to help you: Password manager apps and two-factor authentication services can make it more difficult for hackers to get into your accounts.
Safeguard your smartphone: These devices can be one of our biggest vulnerabilities to id theft. Use a passcode on your phone and consider adding a security code to your phone account. “Keep your software current and don’t delay updating it,” says Lisa Schifferle, ID theft program manager at the Federal Trade Commission. “Scammers know there’s a delay when people update, and they use that time to break into phones.”
In the long term, you can mitigate the future risk of privacy violations by being conservative with the services you use. If a company is a repeat offender, consider dropping the platform.
“Don’t reward companies for bad behavior,” Davis says. “If you hear about companies that aren’t treating our data and your privacy as strongly as they should, don’t use them anymore. Show them with your feet that you care about these things.”