Face it, you’ve been hacked. Your data has been breached.
You are right on the edge of every bad thing that could happen to you when it comes to identity theft, fraud, damage to your financial accounts, credit files and your credit score.
And it’s your own fault.
Sure, you could blame Capital One, the credit-card giant that on Monday announced that roughly 100 million American consumers had data hacked in March. While credit-card account numbers and login credentials were not compromised, personal data was.
Or you could blame Equifax, which just last week announced that it would pay between $575 million and $700 million to settle federal and state investigations related to a massive security incident two years ago that exposed the personal information of 147 million Americans.
Blame it on Yahoo, Marriott, Target Stores, eBay, JPMorgan Chase, Home Depot or any of the other companies or websites that have had enormous data issues in the last few years.
You may not have seen any bad effects from any of those problems — there is no evidence that the Equifax breach has led directly to cases of ID theft, and early reports on the Capital One breach suggest that none of the records appear to have been sold for illicit purposes — but this is kind of like spotting a few carpenter ants near your home. One or two little bugs, independent of each other, doesn’t mean your home is infested, but it is a sign of potential trouble.
Treat it now or risk that it gets worse.
“By now, I think everyone should probably assume that their information has been compromised,” said Jill Gonzalez, spokeswoman for WalletHub.com. “It’s naive to assume that just because you haven’t had a problem that your data is safe and has never been hacked.”
Acting naive is why it’s your own fault, because the vast majority of Americans spend more time looking at their options for adding to their credit — with new cards, better rewards deals, refinanced loans and more — than they spend protecting themselves.
Each card you add, each deal you sign up for increases your surface area as a target.
Protecting yourself takes minutes. It is a series of small, easy financial chores that you can complete in a few minutes as you read and finish this story.
Do it. Give yourself peace of mind, protect yourself against whatever information of yours is out there or will be lost in the next cyberattack.
Failing to do this — before you have real trouble, assuming you haven’t had the big issues yet — you will have no one to blame but yourself if and when your data is used against you:
1. Check your credit reports.
You can get free reports from each of the three major credit bureaus at annualcreditreport.com. Ideally, you would review one every four months — cleaning up any mistakes or problems and watching to make sure nothing new pops up — but the important thing is to give them a look-see at least once every 12 months to make sure they reflect your actual credit activities.
2. Once you know the credit reports are right — and unless you are looking for a new loan or credit card in the near future — freeze your credit files.
Freezing your credit reports at the three major bureaus — Experian, Equifax and TransUnion — prevents anyone new from accessing them. Credit freezes became free almost a year ago, and yet remain vastly underutilized.
Freezes can be lifted — temporarily or otherwise — if you need to have a credit check for a new loan or credit card, new cellphone service, a job search and more.
You need to contact each credit bureau independently for a freeze. You’ll need to provide your name, address, birth date and Social Security number. There will be a few questions to verify your identity and get a security code for thawing and refreezing reports as needed. (Be careful not to lose your identification code or you will have a tough time thawing out.)
Equifax: Use the website — www.equifax.com/personal/credit-report-services — or call 1-800-685-1111.
Experian: Visit the online freeze center — www.experian.com/freeze/center.html — or call 1-888-EXPERIAN (397-3742).
TransUnion: Go to www.transunion.com/credit-freeze or call 1-888-909-8872.
If you have children under the age of 16, you may want to freeze their reports too.
3. Sign up for credit monitoring.
There are plenty of free services out there; look for 24/7 monitoring in case anyone tries to open an account in your name.
Yes, the credit freeze should eliminate the need — one reason why paying for additional protection seems redundant and unnecessary — but if your information has already been compromised and if hackers have login or other key information with existing lenders, they may be able to get around your defenses.
Monitoring is another level of protection, kind of like carrying an umbrella along with wearing a raincoat. The idea here is to come through storms untouched.
4. Use extra layers of security, even when they seem like a pain.
Accounts may be hacked, but you still have protection if you enable two-step authorization. That’s when you log into a bank or credit account and are required to get a verification code texted or called into you. It is an extra step that adds a moment to a transaction, but it thwarts bad guys who might otherwise access your accounts.
5. Change passwords.
You can use a password manager or simply make changes yourself, but don’t make easy passwords and never let those entry codes get stale, obvious or easy to crack. Moreover, don’t re-use old passwords, a mistake that roughly 80 percent of Americans admit to in various surveys.