Just because you’re extra careful with your personal data doesn’t mean that you’re immune to identity theft. All it takes is one data breach at a bank or other institution you do business with, and your data is compromised anyway. To add to that, identity theft is stealthy by its nature. Identity thieves can go for months undetected until you stumble upon the intrusion.
The standard procedure when you’ve had your identity stolen is to lock down all your accounts and log-ins and inform the bank, the Social Security office, the IRS, or any other institutions you think may have been affected. Then change the passwords on everything. But finding out if you’re an identity theft victim in the first place is tricky. The surest method to detect a personal data intrusion is to run a full background check on yourself and look over the results for activities attributed to you that weren’t by you.
Anatomy of a data breach
In 2017, the credit reporting agency Equifax got hit by hackers conducting a data breach. This affected 143 million consumers, prompting a massive government effort to contain the damage. This resource at USA.gov is a guide to action steps to take for anyone affected by this incident, but in general, the same rules apply to any data breach recovery. The FTC has further instructions for those affected by a data breach.
The typical warning signs of a stolen identity may include:
- Unexplained account activity
- You stop getting bill statements or mail from agencies because your address was unknowingly changed
- Your checks start bouncing
- Debt collectors contacting you about debt that isn’t yours
- Medical bills for treatment you didn’t receive
- Unexpectedly reaching your medical insurance limit
- The IRS notifies you that you double-filed tax returns one year
However, not all identity theft is so obvious. One common scenario is for the thief to run afoul of the law and pin the rap on you. If you start getting warrants or summons for charges or tickets that weren’t yours, this is another identity theft sign.
If you run off a full background check on yourself and find misplaced incidents, it’s also not always a sign of identity theft. If it’s just a single incident, there might just be an error. One in five people has a mistake on their credit report. Of course, no matter what the cause, it’s good to get these mistakes cleared up to while you’re at it.
Steps to take once a breach is confirmed
- Place a “credit freeze” on your data
- Change passwords, PIN numbers, and any other security metrics you can find
- Report the incident to the FTC and to your local police
- Replace your IDs, such as Social Security cards and driver’s license
- Notify your phone and utility companies
- Correct any incorrect information on your credit reports
A credit freeze or fraud alert is something you place with the three credit reporting agencies. This sets a flag on your identity which forces them to double-check any requests to open new accounts or apply for lines of credit in your name. Likewise, your phone and utility companies need to know because a utility bill showing proof of address is a common identity confirmation method.
“Forewarned is forearmed.” The USA.gov site also has an impressive collection of articles on common frauds and scams, with tips to avoid them. One new development is healthcare fraud, which has become a more frequent vector for attack.
On the whole, most of the methods for protecting yourself from identity theft are pretty basic. They involve guarding your privacy and never giving out your data to someone until you know they have a very good reason to ask. It’s all about avoiding making yourself an easy target.