Last year, I was notified that my data was exposed to two data breaches. I must admit it’s pretty scary to know that my personal information can be purchased for pennies on the dollar on the dark web. While cybercriminals have clearly been on the attack, I’m not defenseless.
How a Credit Freeze Works
One of the most harmful ways your hacked data can be used against you is to open a line of credit under your name. Most stolen data is bundled and sold on the dark web for financial gain. If someone can gather enough personally identifiable information (PII), they can create an accurate enough profile to impersonate you. Once they do so, they’re only a few clicks away from accessing loans or opening new credit cards under your name.
Even if a criminal has a treasure trove of personal data, they won’t be able to steal your identity and use it to take out loans or otherwise if you freeze your credit. In that, a credit freeze is exactly as it sounds. You contact the three main credit bureau reporting agencies—Equifax, Experian, and TransUnion—and request that they stop any new credit activity related to you.
So, before any application for credit, such as a new credit card, a car finance deal, or a mortgage, lenders check your credit report. Freezing your credit report denies any hacker access to it, and without access, they’ll be denied any new lines of credit.
How to Protect Your Credit Rating After a Data Breach
Data breaches aren’t fun. But there are several steps you can take to protect your data, identity, and, importantly, your credit rating.
Investigate What Data Was Exposed
When my data was exposed, the breached company sent me a letter detailing my potentially exposed data. In most cases, companies legally must inform customers if their data has been breached. Should a breach occur, expect to receive a letter weeks, if not a month or so after your data was exposed. I received a letter in the mail a month after the company detected the breach.
Don’t expect any notifications from companies to be able to tell you with exact certainty whether your data was exposed or which data was exposed. While they know that some data was taken and the data type, you’ll never be informed if your specific data was affected. This is partly due to how difficult it is to determine which data was stolen.
Carrying out digital forensics to learn more about a hack takes time. Companies will sometimes inform you of a hack before having all the facts. As they’re always learning more, check for letters, emails, articles posted on the company’s website, or news articles to learn more about the hack.
Secure Potentially Impacted Accounts
Once you’ve been notified of the data breach, you’ll know which accounts need securing. To do so, change the passwords of the hacked accounts. To further strengthen your security, I recommend enabling multi-factor authentication (MFA) to provide another layer of security. If the company suffers another data breach or you’re targeted through a phishing attack, MFA makes it difficult to access your data.
When changing the password impacted, take this moment to address password hygiene. Ask yourself if you use this password to access other accounts. If so, you must change this password for other accounts as well. Some password managers and browsers make it easy to check if you’ve reused a password for more than one account.
For example, in Google Chrome, head to Settings > Google Password Manager > Checkup. Once here, Chrome will comb through your saved passwords to determine which ones you’ve reused. Immediate replace any using the same password as the breached account!
Create a Fraud Alert
Creating a fraud alert does much more than notify you when someone attempts to open a new credit line in your name. While an alert is not the same as a credit freeze, an alert not only notifies you of possible fraud but also requires lenders to jump through various verification hoops before giving out a loan or processing a new credit card.
Creating a fraud alert through Experian is a two-minute process that involves opening a free account and choosing the type of alert you want to create. There is no need to create an alert with every credit bureau, as Experian will also notify Equifax and TransUnion of your alert. Fraud alerts can be activated for 12 months or up to seven years. They’re free to create and can be created and removed in just minutes.
Freeze Your Credit on Experian
If you have no intention of soliciting new credit, you can put an all-out freeze on lenders accessing your credit report. Doing so will prevent the creation of new credit lines under your name. Freezing your credit won’t negatively impact your credit score and is the only surefire way to protect against fraud. Should you want to apply for credit, all you need to do is unfreeze your account or “thaw” it, allowing your credit report to be accessed for a brief window so lenders can access it before it is frozen again.
Unlike with a fraud alert, when you freeze your credit, you’ll need to contact the two other credit bureaus, Equifax and TransUnion.
Your data will inevitably be exposed, but what isn’t a guarantee is that it will be used for fraudulent purposes. Being mindful of data breaches and taking appropriate action afterward will ensure that your data can’t be used against you.
