As I mentioned yesterday, the first step is to learn exactly what was stolen. The proper response to these breaches will vary based on what data was compromised. You don't need to pay to completely freeze your credit if an attacker only got your address and phone number.
In order to keep these tips to a manageable length, I am splitting up my suggested responses based on what information was compromised. In part one, I discussed what to do if your username, password, or other contact data is breached; today's part two contains what to do if your credit card or bank account number is stolen; and part three will list actions to take if your social security number is compromised.
Part Two: Credit Card or Bank Account Information Stolen:
Obviously, this is much worse than just losing your password, but unlike a social security number, these account numbers can be changed to stop fraud. Most of these suggestions will deal with a compromised credit card number, but they are equally applicable to a stolen debit card or bank account number. If your credit card or bank accounts have been a part of a breach, here are some steps to take:
1) Contact Your Bank - If you have even the slightest suspicion that your credit card number may have been involved in a hack, contact your bank right away using the 24-hour number printed on the back of the card, even if there are no suspicious charges. This serves two purposes. First, your bank will examine your transactions more carefully for signs of fraud. This may help them catch transactions that might not have been flagged otherwise. Second, your bank may decide to go ahead and issue you a new card, even if your card has not been used.
As a side note, it is a good idea to store the bank's contact number in your phone in case your card is ever lost.
2) Follow Up - While the phone call is a good first step, you should always follow up your phone call with a letter. Make sure to include the date and approximate time of the call, the name of the agent you spoke with, and the matters you discussed. Make a copy for your records, and record the date you put it into the mail. If you want to be extra vigilant, send it using priority mail with a tracking number, and record the tracking number and a copy of the website information showing that it was delivered. It is fine to discuss business over the phone, but if you want to have a legally-provable way to show what you discussed, it needs to be put in writing.
3) Monitor All Your Accounts - You have no way of knowing for sure how the attackers got your credit card number. If you know your card was used at a company that was breached, you can be relatively confident it came from that attack, but it could have come from spyware on your computer, instead. If one account is compromised, be extra vigilant in monitoring your accounts for the next few months.
4) Accept--But Don't Blindly Trust--Credit Monitoring - If a company offers you free monitoring in the wake of a breach, sign up for it! They will help keep an eye out for suspicious activity and can even complete much of the process of reversing damage that occurs. They can also give you excellent advice on what to do in the event your card is used or your identity is stolen. However, do not allow credit monitoring to take the place of personal vigilance with your accounts. Keep a close eye for unusual activity on all your accounts. Attackers will also know how long the monitoring will last, and they may decide to sit on the data for the 1-2 years your credit is being monitored, and then use it once the free credit monitoring has expired.
5) Consider Contacting the Credit Bureaus - Contact one of the three credit bureaus (Experian, TransUnion, or Equifax) and ask that a fraud alert be placed on your account. (This is a completely free process.) This will notify prospective lenders who run your credit that you suspect you may have been a victim of fraud, and it will also prevent certain types of accounts from being opened without contacting you directly. All three bureaus have online forms where you can submit the information, or you can also contact them by phone. The three bureaus will share the fraud alert information with each other, but if you have the time, it never hurts to notify each one individually.
While you are there, it would be a good time to request your free credit report from each organization if you haven't received one in the past year.
6) Beware of Scams - Obviously, this one applies no matter what has been compromised. Attackers will always be on the lookout for ways to trick people into giving up their personal information. After a breach of any kind, there will be a multitude of phishing emails going out pretending to be the breached company. Make sure you don't fall victim to these scams and add to your headache!
No comments:
Post a Comment