By Joel Dresang
I’m tired of writing first-person accounts of identity theft and scams.
Last month, I was notified that my personal information was compromised through the National Public Data breach. Apparently, my phone number, email address, Social Security number and a password were among the perhaps billions of private data exposed.
As previously reported, there’s little you can do to protect your sensitive information from being leaked from other organizations and institutions. Once your info is out there, though, you can and should take steps to minimize damage.
You can pay companies to provide similar monitoring services, but they don’t guarantee to catch everything. A lot of what they provide, you can do yourself. Besides, the necessary cleanup work is still on you. They can tell you the horse is out of the barn, but you have to wrangle it back.
Here’s what the alert advised me to do:
Learn more
Heads Up: Dealing with data breaches, by Joel Dresang
Don’t let ID thieves get your money too, by Joel Dresang
What to do If You Receive a Data Breach Notification?from the Identity Theft Resource Center
Identity Theft, from the Criminal Division of the U.S. Department of Justice
How to be safer online: Passwords, a Money Talk Video with Jason Scuglik
- Place a fraud alert on my credit file, which for one year makes it harder for someone to open credit in my name.
- Freeze my credit at all three credit bureaus: Experian, TransUnion and Equifax
- Monitor my credit report at all three bureaus for activity I don’t recognize. (The reports are free via AnnualCreditReport.com.)
- Review protections from Social Security.
Subsequent notices reminded me to engage in protections I have tried to make a habit:
- Scrutinize financial accounts – including credit card and checking account statements – for suspicious transactions.
- Beware of texts and phone calls seeking sensitive information.
- Avoid clicking messages from unknown senders and sharing private information with strangers.
Aside from a couple of hiccups with freezing my credit (I had to try more than once at a couple of the credit bureaus.), the steps were relatively easy.
But, because both my email address and a password were possibly compromised, the alert recommended changing my password – and not just for my email. It said I should also create a new password for any sites where my email address is my username – which happens to be many.
So now I’ve been going through my accounts in my password manager to see which ones use my email address as the username. In some cases, I’m deleting accounts. In others, I’m changing the password.
In fact, the alert I received last month was because I had enrolled in a free credit monitoring program I was offered as a victim of the 2017 Equifax data breach. The service provides frequent updates on my credit report and any suspicious activity involving my personal information, including on the secretive “dark web.”
I know enough not to repeat passwords and to make them complex. The password manager helps create that complexity and then remembers it for me when I need it.
“I strongly recommend the use of a password manager as a foundational step in safeguarding your online presence,” Jason Scuglik advises. “In today’s digital environment, managing credentials securely across multiple platforms has become increasingly difficult without the support of specialized tools. Password managers not only generate and organize passwords, but also securely store them for use across your devices.”
He adds: “It is essential to protect your password manager with a robust, unique password.”
Also, I’m worried less about accounts allowing multi-factor authentication – where I need not just the username and password but a short-lived one-time code sent to me on another account or device.
“I highly encourage implementing multi-factor authentication,” Jason says. “MFA provides an extra layer of security, making it significantly more challenging for unauthorized individuals to access your accounts, even if your credentials are compromised.”
So-called passkey technology using biometric security features is an emerging alternative to passwords, Jason says.
“This can be an excellent security option for those comfortable adopting new technologies, although there may be some early-stage challenges,” he says. “For those who are less familiar with technology, it may be wise to wait until the technology is more widely established.”
Joel Dresang is vice president-communications at Landaas & Company LLC.
(Heads Up is an occasional alert on consumer and investment scams.)