Defend your data after a breach

@Money September 7, 2011: 10:35 AM ET
Identity theft protection

(MONEY Magazine) -- Following a slew of corporate data breaches in recent months, you may have received a chagrined letter from a company with which you do business.

Sony, Citigroup, and Morgan Stanley Smith Barney are among the big-name firms that have reported that personal information about their customers -- which could be used to commit identity theft -- was accessed by hackers or otherwise compromised.

chart-id-theft-costs.03.gif

So far this year, the nonprofit Privacy Rights Clearinghouse has tracked 313 corporate breaches. These have involved nearly 23 million sensitive records, as compared with 12 million for the whole of 2010.

Federal law requires banks to inform customers of breaches; 46 states have laws mandating that other companies do the same, and big firms typically contact all customers regardless of residency, says Brian McGinley, senior vice president at Identity Theft 911, which advises businesses on security.

While the tone of such letters and e-mails is often reassuring, don't be lulled into a false sense of security: Just 4% of American adults are victims of ID theft, but for those who have been notified of a breach, the incidence jumps to 17%, reports Javelin Strategy & Research.

What action you should take to protect yourself depends on the type of data compromised, which is usually specified in the letter. If it was ...

A PASSWORD

Sony announced in April that passwords (along with other data) of more than 100 million gaming customers were obtained by hackers.

When a password has been exposed, experts recommend changing it immediately. If you use the same code for other accounts, change those too, making each one unique.

AN E-MAIL ADDRESS

The main risk is that you'll be the target of phishing attempts, in which fraudsters pose as friends or companies you do business with to get you to reveal other data.

So watch your inbox for any message that requests information or asks you to click a link. "Call the supposed sender of any suspicious e-mail to see if they really did send it," says Jay Foley, of the nonprofit Identity Theft Resource Center.

A CREDIT CARD NUMBER

In June, Citibank reported that 360,000 customers' credit card numbers were hacked. If you're notified of a similar breach, you could simply monitor the account online every day for suspicious activity; federal law limits your losses from fraud to $50.

But it's just as easy to call the creditor and ask for a new card with a new number, says Foley. (Citibank voluntarily reissued cards to affected customers.)

A DEBIT OR BANK INFORMATION

While banks generally cover losses from fraud, sorting out the situation and restoring the funds takes time. If only the debit card number was compromised, cancel the card and change your PIN; that will shut off access to the account.

Send The Help Desk your questions about identity theft.

But if the account number is exposed, close the account and get one with a new number. Also ask for a "verbal password" as an extra layer of protection.

When in use, bank personnel are prohibited from discussing your account unless the caller provides the password.

BROKERAGE ACCOUNT INFORMATION

Morgan Stanley Smith Barney alerted customers in July that CD-ROMs with data on 34,000 clients went missing en route to a state tax office. (There's been no sign of illegal activity, but the company says it's watching affected accounts closely.)

Brokerages have generally covered losses due to unauthorized access, but customers need to be vigilant. When account numbers are leaked, close the account and get one with a new number; just transfer shares to the new account.

YOUR SOCIAL SECURITY NUMBER

This is the most serious breach, since your SSN allows a fraudster to open new credit in your name. Act fast to request a fraud alert on your credit reports. This lets lenders know they should take extra steps to verify it's you before issuing credit.

Contact any of the three major credit bureaus (Experian, Equifax, and TransUnion) to have the alert placed on all three. It lasts 90 days, and can be renewed.

The toughest backstop is to ask the bureaus to set up a "security freeze," which prevents anyone from opening credit in your name.

The catch: To get new credit yourself, you must lift the freeze. And each time you enact or remove it you'll pay $5 to $10. If you've been a victim of ID theft, however, it's free -- and worth doing.

ANY OF THE ABOVE

After a breach, you may be offered free credit monitoring, a service that alerts you to suspicious activity on your credit reports. Take it.

Not an option? You can buy this service for around $10 a month. Or be your own watchdog: You're entitled to one free credit report a year from each of the three bureaus through AnnualCreditReport.com. Request one every four months.  To top of page

Help! We need a makeover
Young dad, $15,000 in credit card debt
Readers' Choice

Carlos Rodriguez is trying to rid himself of $15,000 in credit card debt, while paying his mortgage and saving for his son's college education.

$400,000 portfolio, too many holdings
Readers' Choice

Susan Carson and Laura DeLallo make $225,000 and have half a million in retirement savings, but their sprawling portfolios is proving hard to manage.

Overnight Avg Rate Latest Change Last Week
30 yr fixed4.41%4.44%
15 yr fixed3.33%3.31%
5/1 ARM3.34%3.55%
30 yr refi4.39%4.41%
15 yr refi3.31%3.30%
Rate data provided
by Bankrate.com
View rates in your area
 
Find personalized rates:
CNNMoney Sponsors
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.