WASHINGTON — Another day, another major data breach. But there is one thing that you should do now to put up a serious roadblock for identity thieves.
Before I get into this strategy, here’s a recap of the past week.
Capital One Financial Corp. disclosed Monday that a hacker was able to access the personal information — names, addresses, phone numbers, email addresses, dates of birth and self-reported income — of more than 100 million customers in the U.S. and 6 million more in Canada. The breach included information on not just the bank’s current customers but also people who had applied for its credit card products.
Additionally, 140,000 of Capital One’s customers had their Social Security numbers stolen, and about 80,000 bank account numbers linked to Capital One secured credit cards were compromised.
This breach comes within a week of the Equifax multimillion-dollar settlement for failing to protect the personal data of about 140 million of its consumers.
Each breach is a reminder that you need to take various steps to protect yourself. But I’d like to go over some of the recommendations and point out where the action still leaves you exposed to fraud or identity theft.
The action: Sign up for credit monitoring. “We will make free credit monitoring and identity protection available to everyone affected,” Capital One said in a statement.
Why you’re still vulnerable: Credit monitoring is like putting a Band-Aid on a deep cut. It provides some relief, but the protection comes after the injury.
I am guarded by two credit monitoring services, courtesy of two major data breaches that affected my personal data. And yet, I’ve had four incidents of fraud this year alone. Monitoring alerts you to something nefarious only after it’s happened.
The action: Monitor your accounts. Sign up for alerts on all your accounts.
Why you’re still vulnerable: Most recently, thieves were able to make $200 worth of fraudulent purchases on one of my credit cards in just seconds. I had an alert set. But I couldn’t freeze my credit card soon enough. The charges were processed, and I spent a few days dealing with the fallout.
The fraud incident happened a week before my bill was due. I always pay in full. The customer representative told me to just make a payment for what I legitimately owed minus the fraudulent charges. But here was the problem: I would be charged interest on the remaining balance. I was assured the interest charges would be reversed once the fraud investigation was complete.
No, ma’am, I told her. That would mean additional worry and time spent making sure the interest fees were removed. After a few more calls, the charges were removed before my bill due date.
The action: Change your passwords often. It’s a pain but we have to do this.
Why you’re still vulnerable: If the crooks get your email address and other personal information, they could still get around protection protocols. For example, a security question might ask you to verify that you have or had in the past a certain credit account. This is precisely the information stolen in the Capital One breach.
Set up two-factor authentication. Again, this is a vital level of security.
Why you’re still vulnerable: Your credit card account can still be compromised in spite of having it.
There is one step that is notably strong in protecting you against fraud.
“Most of the data that the average consumer thinks is private is in fact not, and is available for free online in various databases or for sale in the underground,” said Brian Krebs, author of the security blog krebsonsecurity.com. “The only sane response to the fact that the bad guys already have access to all the information they need to hijack your identity is a credit freeze.”
A law enacted last year gives consumers the right to a free credit freeze, also known as a security freeze, at all three major credit bureaus — Equifax, Experian and TransUnion. You can learn how to place a freeze at these bureaus on the Federal Trade Commission’s website: ftc.gov. Search for “Credit Freeze FAQs.”
With a freeze, the credit bureaus can’t release any information for new credit accounts without your permission.
But I have to warn you: A credit freeze isn’t foolproof. There are quite a few exceptions as to who can still view your files. For instance, financial companies with whom you currently do business — or to whom you owe money — can still see your files.
“Credit freezes don’t work for noncredit ID theft, such as tax or medical ID theft,” said Chi Chi Wu, staff attorney at National Consumer Law Center.
Even with its limitations, a freeze is a barrier that’s worth putting in place to ice out criminals capitalizing on these data breaches.
— Washington Post Writers Group