Act Quickly If You Learn Your Identity Was Stolen
- Why it is important to act quickly when you learn you have had your identity stolen
- What steps to take after the very important initial actions you take and reports you file
- How your child’s credit can be destroyed before he or she is 18
- Ways to reduce your risk, according to the Federal Trade Commission
Equifax Data Breach Affected 143 Million Americans
Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new accounts or get medical treatment on your insurance.
Credit reporting firm Equifax says the breach of their database in September 2017 potentially affected 143 million U.S. consumers. Essentially, if you have a credit report, your confidential data is likely to have been stolen and exposed for use by cyber-thieves.
We echo a recommendation by Equifax to seriously consider freezing your credit. What this means is any attempt to open new credit will be rejected as long as you leave the freeze in effect. This will prevent identity thieves from opening new credit in your name.
Equifax is offering credit freezes for free in the wake of the data breach. To ensure you are fully protected, you must also request credit freezes from the other two credit reporting agencies, Experian and Trans Union. You will pay a $10 fee to both for a credit freeze.
Acting quickly is the best way to limit the damage if your identity has been stolen. The information in this report is summarized from recommendations made by the United States Federal Trade Commission.
1) Place an initial fraud alert
The first thing you should do is call either Equifax, Experian or TransUnion to put an initial fraud alert on your account. The agency you call must then tell the other two companies, which saves you some hassle at a stressful time. An initial fraud alert can make it harder for an identity thief to open more accounts in your name, because it will prompt the credit bureaus to contact you directly before any new credit is issued.
And, you may want to request a credit freeze. That means potential creditors won’t be able to get your credit report, making it less likely an identity thief can open accounts in your name. Doing this does not affect your credit score.
2) Order your credit reports
After placing the initial fraud alert, you are entitled to free credit reports from each of the three credit reporting companies, so request them. Then contact the businesses with whom you have accounts that you know have been tampered with, and talk to someone in the fraud department of each company. They will likely ask you for information, so send letters by certified mail, and ask for a return receipt. This creates a record of communications.
3) Create an identity theft report
This helps you deal with credit reporting companies, debt collectors and businesses that opened accounts in your name without realizing the requests were fraudulent.
When you finish, print a copy. It will print as an identity theft affidavit.
Use this theft affidavit to file a police report on the incident. You will attach a copy of the affidavit to create an identity theft report. Keep close track of the dates you file/create these reports, and keep copies of all of them.
4) Minimize losses from ATM and debit cards
If you contact your bank(s) within two business days after you learn about the loss or theft, the maximum loss you will incur is $50. The longer you wait, the more the maximum loss can increase. For example, if you wait more than 60 calendar days after your statement is sent to you, you stand to lose all of the money taken from your account with no reimbursement from the bank.
Consider creating an extended fraud alert, which stays in effect for seven years. You can do this once you have created a complete identity theft report with the police.
1) Review your credit reports
If you see errors or accounts you didn’t open, contact the credit reporting companies or the fraud department of each business.
2) Dispute errors with credit reporting companies and have fraudulent transactions blocked
Ask the credit bureaus and affected businesses to block the disputed information from appearing on your credit reports.
Credit reporting agencies must block fraudulent transactions and accounts if you are an identity theft victim.
If the credit bureau accepts your letter of complaint, which should include your identity theft report and proof of your identity including name, address and Social Security number, it must block the fraudulent information on your credit report within four days of receiving your complaint.
Each business has 30 days to investigate after it receives notice of an error from the credit bureaus. The credit reporting companies can’t add the disputed info back to your report, unless the company says it was not part of an identity theft crime.
Send the complaint letter referenced above to each business affected. The business must stop reporting the inaccurate information to the credit bureaus. Sample letters available at www.ftc.gov/idtheft.
3) Get copies of documents the identity thief used
Contact the business that has the records of the transactions the identity thief made, or write a letter giving a law enforcement officer permission to contact the company on your behalf.
4) Check other personal accounts that may be compromised or opened fraudulently by identity thieves, including:
checking accounts, credit cards, bankruptcy filed in your name, investment accounts, government-issued identification, mail theft, utilities and student loans.
We strongly recommend checking these accounts at least monthly for anything that looks irregular or unfamiliar.
Computers Are a Common Identity Theft Tool
Computers connected to the Internet are particularly vulnerable to identity thieves. Be alert to impersonators online, including impersonators of reputable companies.
Genuine emails will come from a company’s actual website address. One example of this is a recent email one of our associates received, saying there was a problem with his PayPal account. He first checked the address the email was sent from, and it was email@example.com. Had it truly been from PayPal, it would have been from a PayPal.com email address.
This applies to any and all reputable companies. If you have any doubts, do not click any links or open attachments, and do not submit any information online to emails from these odd domains.
You should use double-factor authentication for logins to websites with financial or other important personal information. What this means is when you login, typically a security code will be texted to your phone or sent to your email. You then enter that code to get access to the account. If an identity thief has your password but doesn’t have access to your mobile phone or your email, that second level of security ends his or her attempt to get access to your information.
Speaking of passwords, there are many common bad habits among computer users. The most potentially damaging is using the same password for many websites and accounts, because it is easy to remember. It’s a hassle to have to check some reference list each time you need to use a password, but criminals don’t care.
Also, some people who use different passwords for each account keep the password list on their computer for ease of access. That ease of access also applies to thieves. We recommend keeping your electronic password list on an external hard drive or perhaps a thumb drive that you can easily plug in to your computer when you need access to the list. Another option is an online password vault service.
Ways to Reduce Risk
Don’t wait to become a victim. Millions of people become identity theft victims each year, as the cyber thieves have, unfortunately, become very good at what they do. Consider these actions as ways to reduce your risk:
You are entitled to a free copy of your report from each of the three credit reporting agencies once a year, so you should request and review each of them. Also, read your account and billing statements and your explanation of medical benefits.
Respond quickly to notices from the IRS that suggest someone may have misused your Social Security number. File your tax return as early in the tax season as you can.
One common tactic of identity thieves who get access to a Social Security number is to file a false tax return using the stolen Social Security number and name, and receiving a tax refund. Of course, each person can only file one return per year. So when a false one has been filed in your name, it poses many problems. Filing early reduces the time window for any thief who might have your Social Security number.
Perhaps the most important proactive steps you can take involve protecting your personal information, including locking up your financial documents and records, leaving Social Security and Medicare cards at home or in a secure place when you go out, and picking up new checks at the bank instead of having them mailed to you.
Identity thieves have zeroed in on specific types of correspondence as targets. Ways to derail their efforts include taking your mail to the nearest post office or collection box to be mailed, and retrieving mail delivered to your home as soon as possible.
Instantly download a PDF of this report.
Receive future reports directly to your inbox.