The U.S. Office of Personal Management disclosed last week that the records and personal data for over 21 million individuals were stolen in a widespread data breach. The records included Social Security numbers and background information such as employment history, relatives, addresses, past drug abuse and emotional disorders. Officials are linking this and other recent data breaches to China. As a result of the break-in, OPM director Katherine Archuleta resigned on Friday.
By now it should be apparent that if your personal and confidential information hasn't already been compromised, it will be.
The rational way to think about this is that it's inevitable. When you come to this realization, you can take two approaches: prevention or detection.
I'm really not sure what anyone can do to prevent the theft of their data. Sure, you can place a temporary fraud alert on your credit file, or take an even more drastic measure by placing a security freeze on your credit files. You can also activate credit monitoring and protection services such as LifeLock. You can also use a cross-cut shredder to destroy all unneeded paper financial records and unused credit cards. These measures can help.
And clearly bad folks everywhere are looking for an easy mark where they can grab a credit number and use it to make a few fraudulent purchases. That's why you should never use a debit card when making purchases online. Use only credit cards that come with the strongest protections, including not being directly connected to your cash in a bank account and the legal right to dispute illegitimate charges immediately.
But here's the thing. The target of professional data thieves are the big data warehouses at retailers, large employers and even the federal government. These are coveted by hackers who have world-class skills to devise and pull off large-scale heists of millions of records.
Recent industry reports have predicted that as retailers increasingly transition to the more secure chip-and-PIN technology on credit and debit cards, criminal activity will rise in the coming months before these more secure payment technologies are widely implemented.
And health care providers are using more technology such as electronic medical records, patient portals and wearable technology. This makes the industry a more vulnerable and a attractive target for cyberthieves.
Finally, the widespread use of social media only increases the risk. In fact, a recent study found a Twitter account is worth more on the black market than a credit card number. Stolen identities including online credentials are worth upwards of $25 per record.
Early detection and immediate action is the only way to limit the damage when your personal information is fraudulently used.
Here are a few things you can do to help:
Carefully review all activity on your credit card and bank statements, and dispute or report unauthorized activity as soon as it's detected.
Review your credit reports regularly, looking for changes and any incorrect account information.
If your credit information has been compromised, ask the three credit bureaus to place a free fraud alert on your credit report file. Unless you qualify for an extended fraud alert, you'll need to renew this every 90 days. A fraud alert notifies lenders that they should take extra steps to confirm your ID, such as calling you at a preset phone number, before issuing new credit.
You can also put a lock or security freeze on your credit report file. A freeze (which can be free or can cost about $10 per file depending on the state where you live) prevents new lenders from accessing your credit report. But be aware that when you use a security freeze, it may delay, interfere with or prohibit the timely approval of any application for a new loan, additional credit or applications for insurance, employment background checks, cell phones, etc.
The bottom line: You have to take more interest in your credit and financial information than the bad guys do.