How a Data Breach Could Affect Your Credit
Data breaches occur more often than people realize. Not all data breaches are as highly publicized as the one that occurred with Target in 2013, mainly because the company suffering the data breach may not be as large, nor have the security staff that Target does. The number of affected customers may also be smaller, and state laws may not require the company to report its data breach.
It’s important to note that the data breach itself doesn’t directly affect your credit, but rather how the stolen information is used—if it’s used at all. There’s a chance that your credit may not suffer—especially if the stolen information isn’t enough to attract identity thieves. The impact of the data breach depends on the type of information stolen, which can range from your email address to your social security number.
Stolen Personal Information
Names, addresses, and birthdates can be compromised in a data breach, but that information alone may not be enough for a thief to commit fraud or identity theft. However, a thief could try to use this information to launch a phishing attack, where they try to get you to give up additional personal information, like a credit card number, account information, or your social security number.
Stolen Email Addresses
Your email address on its own isn’t enough to directly commit credit card fraud or to steal your identity. If your email address is stolen in a data breach, the thief could attempt to gather information from you by sending emails to you that appear to be from a legitimate financial institution or business. This is known as phishing.
Phishing is the term for emails or text messages that are sent attempting to gather your information by claiming a need to update payment methods or that there is an account problem. You'll be given links to click on to fix the problems or offered free items.
These emails usually include links, which typically direct you to a fake website that looks legitimate. These websites have prompts that will ask you to log in—at which time your credentials are recorded and your account at that institution is available to the thief.
Contact your creditors, lenders, or other businesses directly via the business’ official website if you receive official-looking email correspondence. Or, call the number on the back of your credit card or on your billing statement with any concerns you have about your account.
Usernames, Passwords and Security Answers
The method in which stolen usernames and passwords are used depends on the website for which they were stolen. Obviously, the username and password for your bank or credit card login are far more sensitive than that for a non-financial account. Login details for your email account are also risky since a thief can intercept emails from important businesses and use the information to gain access.
If you suspect that your login details may have been compromised in a data breach, change your password right away. It’s a good idea to change your passwords periodically anyway, especially for your more important accounts.
Stolen Credit and Debit Card Numbers
Credit and debit card numbers stolen in a data breach may not be enough for a thief to work with. They’ll also need your name, the expiration date on the credit card, and the CVV number (the security code) from the back of the credit card. If all this information is stolen in the data breach, a thief could create fake credit cards and use them to make fraudulent purchases.
Encrypted PINs could be stolen in the data breach. These encrypted PINs may be useless to a thief because the PINs would have to be decrypted before they could be used at an ATM. The difficulty in decrypting these PINs depends on the type of encryption that was used. However, if a thief does successfully decrypt the PINs (or if they weren't encrypted at all), your card information could be used to create a clone credit card that could be used to withdraw cash from an ATM.
It is possible to catch fraud activity while it is happening, or in enough time that transactions will not have completed. Frequent monitoring of your account can help protect you.
If your credit or debit card numbers are stolen in a data breach, you should continually monitor your account for suspicious activity. Report any unauthorized charges to your bank or credit card issuer immediately. Continue to make required minimum monthly payments on your credit card as normal, especially if a portion of your credit card balance was not affected by fraud. Otherwise, your credit card issuer may report missed payments to the credit bureaus.
The risk of credit card or checking account fraud is there even when you haven’t been a data breach victim. Get in the habit of looking for suspicious activity a minimum of once a month.
Stolen Social Security Numbers
Social security numbers are the most dangerous type of information stolen, especially if the thief also steals your name and date of birth. With your social security number, a thief can steal your identity, open up new accounts and create debt in your name.
Identity theft, whether it results from a data breach or not, can be devastating for your credit. It can take months or years to clear up the impact of identity theft, which can include the work to clean up the negative accounts the thief created.
Fraud Alerts and Security Freezes
If you receive notice that your social security number has been stolen in a data breach, strongly consider placing a fraud alert on your credit report. The fraud alert would signal businesses to further confirm your identity before opening any new accounts. The process is free and only has to be done with one credit bureau, which protects your credit with all three bureaus.
Another option is to place a security freeze on your credit report. Most businesses cannot pull your credit report at all unless you’ve first lifted the freeze from your credit report. Businesses that you already have an account with, and some government agencies, can still access a credit report with a security freeze. Creditors who require a credit check to open an account would typically deny an application for a person whose credit cannot be accessed.
Tips for Data Breach Victims
If you learn that your information may have been stolen in a data breach, begin taking extra steps to protect your credit. Experian, Equifax (you'll need to create an account), and TransUnion all provide online tools to report credit fraud, along with tools to report other types of theft and fraud. The Federal Trade Commission also provides reporting services.
If your bank or lender offers free credit monitoring, use it, but don't forget to monitor your credit at the other credit bureaus and to frequently check the transactions on your credit and debit card accounts.