Any Friends fan remembers “The One With the Fake Monica,” where Monica finds out her identity has been stolen. In the episode she tracks down the culprit, only to find she’s been living Monica’s best life for the both of them. Fake Monica spends the real Monica’s money on tap dancing lessons and Broadway shows. On top of everything she’s SUPER fun to hang out with.
While it’s unlikely that someone will want to write a sitcom based on the time you got hacked, if there is a security breach at a company that has your personal data, there are immediate steps you can take to lessen the inconvenience and avoid any tap-lesson-related pain.
Time matters: the sooner you make moves, the better. Here are rules to follow once you receive an alert about a data breach (unlike in the case of Fake and Real Monica, getting drunk with the person who stole your identity is not on this list).
Step # 1 : Go straight to the source
If your credit card is compromised or your bank account is hacked, your info can be used to open other lines of credit or withdraw money from your account. If your credit card company alerts you that they experienced a data breach, reach out to them first. Don’t wait for them to contact you—scammers will sometimes contact those affected after a breach to get even more info. Also, you want to be sure that the data breach is real in the first place. Talking to an actual person can be reassuring, and they’ll let you know exactly what kind of information has been compromised.
If your personal data is exposed, i.e. your social security number, you could be the victim of identity theft, meaning someone could commit fraud in your name. Read on for what to do if your identity is stolen.
Step#2: Contact the three major credit bureaus
Take advantage of the services provided to you. If your information has been compromised due to a data breach, especially your personal identification information like your SSN, you’ll likely be offered free credit reports and credit monitoring, identity theft protection services, and in some cases, cash for expenses while this whole fiasco gets sorted.
But you’ll want to cover your bases by contacting all three major credit reporting agencies: Equifax (888-766-0008), Experian (888-397-3742), and TransUnion (800-680-7289). They can put a fraud alert on your credit file for free that you only have to renew once a year. You can request this online or by calling the numbers listed above. Creditors and lenders will have to verify your identity before granting loans, so if someone is trying to use your social security number for this purpose, you’ll get an alert.
You can also request a credit freeze. Why? If someone has access to your personal info, they can open new lines of credit. A freeze makes this more difficult because creditors and lenders can’t pull your credit score in order to approve a loan. Unfortunately, it also prevents you from applying for new credit cards during this time. Contact Equifax, Experian, and TransUnion by phone or by mail to request a credit freeze (this is also free). Note that there are different lines to call at each credit bureau to request a credit freeze: Equifax (800-349-9660); Experian (888-397-3742); TransUnion (1-800-680-7289).
Step #3: File an identity theft report with the Federal Trade Commission (the FTC).
Call (877-438-4338) or go online: IdentityTheft.gov. You can contact your local police department, but that’s only really necessary/helpful if you know the identity of the thief, or if you need to show a police report to a creditor or debt collector. In most cases, contacting the FTC is your best bet.
Step #4: Change your passwords
You should always change your passwords after a breach. There’s a good chance the password you’re using on a compromised account is also being used elsewhere, which means your stolen info could be used to hack into another one of your accounts.
Really, you should use a strong, unique password on every account. Sound like an impossible feat of memory? That’s where password managers, like Dashlane, can help. Dashlane has a built-in password generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.
What to do if your healthcare data and medical records were hacked
Just when you thought people couldn’t get any worse, you learn there is such a thing as “medical identity theft.” This is where someone impersonates you to get medical treatment and prescription drugs. This could affect you down the line if you are seeking medical care or medication.
Ask for copies of your medical records from your doctor’s office, as well as your benefits statement from your healthcare provider, to see if anyone has used your information to receive treatment or medication. Your healthcare provider is required to share with you a list of anyone with whom they’ve shared your protected health information, so contact them immediately to ask who might be on that list.
Think about the info that they have on file: your banking information, social security number, etc. This will help you decide how to move forward. Consider taking the same steps you would take in a financial security breach (see above), like contacting major credit bureaus and checking your credit report, in case your credit card number or other personal data was exposed during the breach.
Have an HSA or FSA? Check your balance to make sure all those charges look gravy.
DON’T THROW OUT THAT BILL. Sometimes we (meaning, me) like to ignore medical bills, knowing that we can put off paying them; plus, that envelope is taking up space on the coffee table and causing a lot of anxiety. Take a deep breath and open the bill. Make sure it is for treatment you actually received. If not, be sure to take it up with the medical facility and let them know that you may be a victim of—here’s that phrase again—medical identity theft.
What to do if your passport was stolen
I won’t delve into the time I left my passport on a bus in Manchester (luckily I wasn’t worth enough for my identity to be stolen, apparently). But what are the risks if you lose yours? It’s harder to commit identity theft with just a passport number; more likely, someone would be forging your passport to be sold on the dark web (spooky). Of course, if the number is stolen in conjunction with other financial information, this will definitely make identity theft easier. That’s why it’s important to (see again, step #1) go straight to the source and find out exactly what information was exposed during a data breach.
Where else might your personal info be?
Your Social Security number and driver’s license info is tossed around pretty recklessly these days. You’ve put them on countless job and apartment applications, and places like the university you attended have them as part of your personal records. If there is a breach at any company or financial institution, you’ll want to find out if your SSN was part of the information that was exposed. And if that’s the case, you’ll want to take proactive measures to protect your info and identity.
Looking for more info?
Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.