(MONEY Magazine) -- Following a slew of corporate data breaches in recent months, you may have received a chagrined letter from a company with which you do business.
Sony, Citigroup, and Morgan Stanley Smith Barney are among the big-name firms that have reported that personal information about their customers -- which could be used to commit identity theft -- was accessed by hackers or otherwise compromised.
So far this year, the nonprofit Privacy Rights Clearinghouse has tracked 313 corporate breaches. These have involved nearly 23 million sensitive records, as compared with 12 million for the whole of 2010.
Federal law requires banks to inform customers of breaches; 46 states have laws mandating that other companies do the same, and big firms typically contact all customers regardless of residency, says Brian McGinley, senior vice president at Identity Theft 911, which advises businesses on security.
While the tone of such letters and e-mails is often reassuring, don't be lulled into a false sense of security: Just 4% of American adults are victims of ID theft, but for those who have been notified of a breach, the incidence jumps to 17%, reports Javelin Strategy & Research.
What action you should take to protect yourself depends on the type of data compromised, which is usually specified in the letter. If it was ...
Sony announced in April that passwords (along with other data) of more than 100 million gaming customers were obtained by hackers.
When a password has been exposed, experts recommend changing it immediately. If you use the same code for other accounts, change those too, making each one unique.
AN E-MAIL ADDRESS
The main risk is that you'll be the target of phishing attempts, in which fraudsters pose as friends or companies you do business with to get you to reveal other data.
So watch your inbox for any message that requests information or asks you to click a link. "Call the supposed sender of any suspicious e-mail to see if they really did send it," says Jay Foley, of the nonprofit Identity Theft Resource Center.
A CREDIT CARD NUMBER
In June, Citibank reported that 360,000 customers' credit card numbers were hacked. If you're notified of a similar breach, you could simply monitor the account online every day for suspicious activity; federal law limits your losses from fraud to $50.
But it's just as easy to call the creditor and ask for a new card with a new number, says Foley. (Citibank voluntarily reissued cards to affected customers.)
A DEBIT OR BANK INFORMATION
While banks generally cover losses from fraud, sorting out the situation and restoring the funds takes time. If only the debit card number was compromised, cancel the card and change your PIN; that will shut off access to the account.
But if the account number is exposed, close the account and get one with a new number. Also ask for a "verbal password" as an extra layer of protection.
When in use, bank personnel are prohibited from discussing your account unless the caller provides the password.
BROKERAGE ACCOUNT INFORMATION
Morgan Stanley Smith Barney alerted customers in July that CD-ROMs with data on 34,000 clients went missing en route to a state tax office. (There's been no sign of illegal activity, but the company says it's watching affected accounts closely.)
Brokerages have generally covered losses due to unauthorized access, but customers need to be vigilant. When account numbers are leaked, close the account and get one with a new number; just transfer shares to the new account.
YOUR SOCIAL SECURITY NUMBER
This is the most serious breach, since your SSN allows a fraudster to open new credit in your name. Act fast to request a fraud alert on your credit reports. This lets lenders know they should take extra steps to verify it's you before issuing credit.
Contact any of the three major credit bureaus (Experian, Equifax, and TransUnion) to have the alert placed on all three. It lasts 90 days, and can be renewed.
The toughest backstop is to ask the bureaus to set up a "security freeze," which prevents anyone from opening credit in your name.
The catch: To get new credit yourself, you must lift the freeze. And each time you enact or remove it you'll pay $5 to $10. If you've been a victim of ID theft, however, it's free -- and worth doing.
ANY OF THE ABOVE
After a breach, you may be offered free credit monitoring, a service that alerts you to suspicious activity on your credit reports. Take it.
Not an option? You can buy this service for around $10 a month. Or be your own watchdog: You're entitled to one free credit report a year from each of the three bureaus through AnnualCreditReport.com. Request one every four months.
|GM raising Corvette prices|
|Albertsons to buy Safeway|
|Boeing reports wing cracks on Dreamliners|
|Everything must go: There's a flood of store closings|
|Here's why Bitcoin matters|
Carlos Rodriguez is trying to rid himself of $15,000 in credit card debt, while paying his mortgage and saving for his son's college education.
Susan Carson and Laura DeLallo make $225,000 and have half a million in retirement savings, but their sprawling portfolios is proving hard to manage.
|Overnight Avg Rate||Latest||Change||Last Week|
|30 yr fixed||4.37%||4.31%|
|15 yr fixed||3.40%||3.32%|
|30 yr refi||4.38%||4.31%|
|15 yr refi||3.39%||3.32%|
Today's featured rates: