Yesterday on Bloomberg West, host Emily Chang reported on a breach that affected her personally identifiable information (PII). She asked what she should do now that she is a victim of data theft. This is my answer.
First, I recommend changing passwords for any accounts associated with the breached entities.
Second, if you used the same passwords from the breached entities at unrelated sites, change passwords at those other sites.
Third, if any of those entities offer two factor authentication, enable it. This likely involves getting a code via text message or using an app that generates codes.
Fourth, read Brian Krebs’ post How I Learned to Stop Worrying and Embrace the Security Freeze. It’s a personal decision to go all the way to enable a security freeze. I recommend everyone who has been a PII or credit data theft, at the minimum, to enable a “fraud alert.” Why? It’s free, and you can sign up online with one credit bureau and the others will enable it as well. The downside is that it expires 90 days later, unless you re-enable it. So, set a reminder in your calendar app to renew before the 90 days expire.
Fifth, create a schedule to periodically check your credit reports. Theft victims usually get credit monitoring for free, but everyone should take advantage of AnnualCreditReport.com, the FTC-authorized place to order credit reports, once per year, for free. For example, get one bureau’s report in January, a second in May, the third in September, and repeat with the first the next January.
Sixth, visit your credit, investing, and bank Web sites, and enable every kind of monitoring and alerting you can handle. I like to know about every purchase, withdrawal, deposit, etc. via email. Also keep a close eye on your statements for odd purchases.
Last, secure your email. Email is the key to your online existence. Use a provider that takes security seriously and provides two factor authentication.