My Data Breach Experience
I suppose it was inevitable. Thirty percent of American consumers were notified of a data breach involving their personal data in 2017, according to Javelin Strategy & Research. This year it was my turn. Here's what happened to me, and how I handled the problem...
Data Breach: My Turn
In the past, I've used a service called ComplyRight to handle tax reporting of money that I pay to contractors. ComplyRight notified me recently that its security had been breached and the data of my contractors and me had been stolen. The specific data include name, address, phone number, email address, and Social Security Number. Yikes, that leaves all of us vulnerable to identity theft.
ComplyRight tendered all the usual mea culpas, and offered all affected parties the following assistance to defend ourselves:
Free credit reports from all three major credit reporting agencies: TransUnion, Experian, and Equifax. That cost ComplyRight nothing; the agencies are legally required to provide one free report annually to everyone in their databases. See my article What's The Deal on Free Credit Reports? to learn to best way to request your free credit reports without getting scammed.
If you find discrepancies in your credit reports, and you think it's due to fraud, contact your local police and have them create a formal police report. The credit reporting agencies will want a copy of a police report when it’s time to correct your records.
File a complaint with the Federal Trade Commission about the incident. You will get a “recovery plan” in return, and your report will be added to the commission’s ID Theft Data Clearinghouse where it may aid investigations.
Break Out the Freeze Gun
Again, none of these remedial steps cost ComplyRight any more than the cost of the letter describing them. But the next phase will.
It is generally a good idea to place a freeze on your credit file with each of the three majors following a data breach. A “credit freeze” prevents anyone from opening a credit account in your name without your explicit permission. It also prohibits the reporting agency from releasing any information about you or your file.
Freezes leave the credit reporting agencies nothing to sell, so they prefer to charge money for freezes. State laws regulate freeze fees, which range from zero to about $10 ComplyRight will pick up the tab for that.
A freeze remains in effect until you lift it. You can lift a freeze permanently or for a specified period. You can even lift it temporarily for just one entity, such as a finance company, and no one else. To order a freeze on your credit file, contact each credit reporting agency as follows: Equifax Freeze (or call 800-685-1111); Experian Freeze (or call 888-397-3742); TransUnion Freeze (or call 888-909-8872).
When you place a freeze you will receive a PIN or password that allows you to release the freeze when you wish. DO NOT LOSE IT or you will jump through many hoops to authenticate a release request. Along with a passcode you will need to submit: Proof of your identity, e. g., a scan of your driver’s license or state ID card; Information about the party that is to receive a credit report or the period of time that access to your report should be granted; Payment of a fee, if applicable.
Reporting agencies are required to honor requests for temporary lifting of freezes within three business days of receiving a written request, or within 15 minutes of receiving a proper phone or online request.
A freeze does not apply to companies with which you have an existing ongoing credit account, for certain types of account review, for collection efforts, fraud control, or “similar activities.” It also does not apply to uses in setting or adjusting insurance rates or claims or underwriting, for certain government purposes, and for purposes of “prescreening” as defined in the FCRA.
Finally, ComplyRight will pay for a year of credit monitoring provided by TransUnion Interactive under the brand MyTrueIdentity.com. I was provided with a coupon code to activate that benefit, and a passcode to use if I registered by phone.
Once I’m enrolled, I will receive an email alert any time my credit file changes. I will also be told who tried to access my credit file. If my identity is stolen and abused, I will get assistance in cleaning up the mess. That’s all very nice, but I wish ComplyRight had paid better attention to IT security in the first place.
On one level, I'm glad I got that letter about the data breach. It reminded me to be vigilant about checking my credit reports. My article What's The Deal on Free Credit Reports? details a strategy to help you keep tabs on your credit report throughout the year, without spending anything.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 23 Aug 2018
|For Fun: Buy Bob a Snickers.
[HOWTO] Save Money on Ride-Sharing
The Top Twenty
AVG AntiVirus is Actually Malware?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- My Data Breach Experience (Posted: 23 Aug 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved