6 ways to protect your identity in a data breach

As data breaches increase, it's up to consumers to stay wary

There's an old Chinese proverb that says whoever steals an egg will steal an ox.

Fast forward to the 21st century, replace "egg" with a credit card number and "ox" with your Social SecurityHow to protect your identity in a data breach number, and you've tapped into one of the biggest threats to the information age -- identity theft.

Identity theft -- the act of having your personal and financial information stolen from you, often by cyber-means -- is a burgeoning problem.

  • According to an April 15, 2008, study of identity theft victims by the Poneman Institute, a Michigan-based research group, 55 percent suffered two or more information breaches in the past two years.
  • According to a February 2009 report by Javelin Strategy and Research, in 2008, the number of identity fraud victims grew 25 percent -- affecting 9.9 million people. This is the first time since the report began in 2004 that the numbers have increased. In 2007, about 8.4 million people were victims of identity theft, one person every four seconds, which was down from more than 9 million the year before.
  • On Jan. 20, 2008, Heartland Payment Systems, a financial transactions company, announced a security breach that occurred in late 2008 that left tens of millions of credit cards vulnerable to cyber-fraud. Heartland doesn't know yet how many accounts were breached, but it handles payment processing for 250,000 customers, 40 percent of which are restaurants. Heartland processes over 100 million transactions each month, according to company chief financial officer Robert Baldwin.

The good news is that taking action to stem ID theft is both easy and doable. CreditCards.com asked some leading information security experts what steps to take to secure your personal identity and here is what they had to say:

1. Be aware: First, how do you know your identity has been breached? Bruce Cornelius, chief marketing officer at Canoga Park, Calif.-based CreditReport.com, says you'll know when you start getting letters and phone calls saying your application for credit has been approved or rejected. Or, you notice that your credit card statement has charges you never approved. Another red flag is getting phone calls from collection agencies saying you owe money.

2. Act fast: The key is to get out in front of the problem as soon as possible -- before heavier damage can be done. "Oftentimes thieves will use your credit card data to commit nonfinancial identity theft crimes which become much larger problems," says Justin Yurek, president of Denver-based IDWatchdog.com. "As thieves begin to truly clone your identity, they can move from buying items in your name to committing crimes in your name, or obtaining employment benefits in your name, or obtaining medical services in your name. Unlike a thief fraudulently purchasing products in your name, there is no easy reversal for these crimes, and the consequences to the victim are much more severe."

As thieves begin to truly clone your identity, they can move from buying items in your name to committing crimes in your name...

--Justin Yurek 
President, IDWatchdog.com

3. Prevention defense: ID theft specialists say that the real key in stopping identity breaches is in prevention. "To prevent identity theft, cardholders need to guard their cards and keep secret any identifying information about their accounts," says Scott Crawford, CEO of DebtGoal.com "This includes shredding account statements and keeping account and personal information secret. Look through your statement carefully to identify transactions that you didn't initiate and take advantage of alerts that your credit institution offers. Many allow you to get alerts for abnormal transactions that can warn you to potential fraud on your account."

4. Check URLs: Always check a website's URL and security certificate before entering in your personal information. "With phishing schemes becoming increasingly sophisticated, it is important to ensure that you are doing business with the person you think you are and not an impostor," says Yurek. "Also, never send your personal information such as a Social Security number or credit card number in a nonsecure format such as an e-mail."

Identity fraud victims chart5. Play it close to the vest:  Always keep your personal information as private as possible, and take concrete steps to eliminate your "financial footprint." "Don't give out your Social Security number unless it is absolutely necessary," says Scott Stevenson, founder and CEO of Eliminate ID Theft.  "If you do not want credit offers to come to you, contact the three credit reporting agencies and 'opt out' of these offers. They should remove your name for two years from mailing and telemarketing lists. Don't carry your Social Security card, passport or birth certificate in your wallet or purse and only carry the credit cards that you need." Stevenson also advocates checking the "inquiry" section of your credit report to see if there are unsolicited creditors reviewing your credit that you haven't done business with. Be careful about your mail habits, too. "Don't mail bills or any documents like tax forms from your personal mailbox. Take them directly to the post office or pay them online. Thieves will rummage through your mailbox and take your valuable information."

6. Contact the authorities: If you've been the victim of an identity theft crime, contact the police as soon as possible. CreditReport.com's Cornelius also advises to close all accounts you didn't open and ones that were taken over. "Also use the Federal Trade Commission's identity theft affidavit from the FTC website, to file a complaint that can be used to investigate identity theft," adds Cornelius. "Then file a report with your local police department and in the community where the identity theft occurred. Get copies of this police report to help you prove to credit card companies and banks that your identity was stolen."

One common denominator among all ID theft experts? Get ahead of the problem before it gets ahead of you. That way, both your egg and your ox are well protected.

See related: Payment processor involved in massive security breach, Identity theft sample letters, Don't take the bait when you receive a phishing e-mail, How to read, understand your credit report, 4 ways to opt out of credit card affiliate marketing

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.

Updated: 03-22-2019