Data-breach protections aren’t foolproof
AMichelle Singletary
nother day, another major data breach. But there is one thing that you should do now to put up a serious roadblock for identity thieves.
Each breach is a reminder that you need to take steps to protect yourself. I’d like to go over some of the recommendations and point out where the action still leaves you exposed to fraud or identity theft.
The action: Sign up for credit monitoring.
Why you’re still vulnerable: Credit monitoring is like putting a Band-aid on a deep cut. It provides some relief, but the protection comes after the injury.
I am guarded by two credit monitoring services, courtesy of two major data breaches that affected my personal data. And yet I’ve had four incidents of fraud this year alone. Monitoring alerts you to something nefarious only after it’s happened.
The action: Monitor your accounts. Sign up for alerts on all your accounts.
Why you’re still vulnerable: Most recently, thieves were able to make $200 worth of fraudulent purchases on one of my credit cards in just seconds. I had an alert set. But I couldn’t freeze my credit card soon enough. The charges were processed, and I spent a few days dealing with the fallout.
The fraud incident happened a week before my bill was due. I always pay in full. The customer representative told me to just make a payment for what I legitimately owed minus the fraudulent charges. But here was the problem: I would be charged interest on the remaining balance. I was assured that the interest charges would be reversed once the fraud investigation was complete. After I made a few more calls, the charges were removed before my bill due date.
The action: Change your passwords often. It’s a pain, but we have to do this.
Why you’re still vulnerable:
If the crooks get your email address and other personal information, they could still get around protection protocols. For example, a security question might ask you to verify that you have or had in the past a certain credit account. This is among the information stolen in the Capital One breach revealed last week.
The action: Set up two-factor authentication.
Why you’re still vulnerable: Your credit card account can still be compromised.
There is one step that is notably strong in protecting you against fraud.
“”ost of the data that the average consumer thinks is private is in fact not, and is available for free online in various databases or for sale in the underground,” said Brian Krebs, author of the security blog krebsonsecurity.com. “The only sane response to the fact that the bad guys already have access to all the information they need to hijack your identity is a credit freeze.”
A law enacted last year gives consumers the right to a free credit freeze, also known as a security freeze, at all three major credit bureaus: Equifax, Experian and Transunion. You can learn how to place a freeze at these bureaus on the Federal Trade Commission’s website: ftc.gov. Search for “Credit Freeze FAQS.”
With a freeze, the credit bureaus can’t release any information for new credit accounts without your permission. But there are quite a few exceptions as to who can still view your files. For instance, financial companies with whom you do business, or to whom you owe money, can still see your files.
“”redit freezes don’t work for noncredit ID theft, such as tax or medical ID theft,” said Chi Chi Wu, a staff attorney at the National Consumer Law Center.
Readers can write to Michelle Singletary c/o The Washington Post, 1301 K St., N.W., Washington, DC 20071. Her email address is michelle. singletary@washpost.com.