Back in 2017, Equifax announced that hackers stole half of the US population’s Social Security numbers in what, we said, “will likely end up being one of the worst data breaches to ever affect the country.” Perhaps — until this year, when about 2.9 billion rows of data were collected through a breach at National Public Data (NPD), a company that resells collected personal data for background checks. This data included names, Social Security numbers, and other personal information.
As usual, when this sort of thing hits the news, our immediate reaction is to wonder what we can do to prevent ourselves from falling prey to identity theft, unauthorized withdrawals, false credit applications, and other nasty consequences. And, also, as usual, the information from the breached organization — and from most news organizations — is often vague and unsatisfactory.
How do I know if my data was stolen from National Public Data?
Unfortunately, at the time this story was written, National Public Data was not providing a lot of information about whose data was stolen. There are a couple of websites out there (specifically, npdbreach.com, from Atlas Privacy, and npd.pentester.com) that say they can tell you, but since they ask you to enter data such as your birth year, it’s up to you whether you want to trust them or not.
Many companies that have suffered a breach eventually offer the services of a security firm that will monitor your account for a period of time; but so far, the only thing NPD is doing is recommending that you monitor your accounts, get a free credit report, and initiate a credit freeze.
What’s a credit freeze?
A credit freeze prevents creditors from viewing your credit file. Whenever you apply for a credit card, loan, mortgage, or even just to rent an apartment, the bank or landlord evaluates your credit and the risk of approving you. A freeze blocks them from retrieving your credit information, thereby preventing an attacker from taking out new credit in your name.
How do I place a freeze?
The good news is that placing a credit freeze is free, and will last until you decide to remove it. The bad news is that you’ll have to reach out to each credit reporting company independently. There are three main companies in the US: Equifax, Experian, and TransUnion.
Here are the contact numbers for each company, as well as links to their freeze landing pages.
- Equifax: 1-800-685-1111
- Experian: 1‑888‑397‑3742
- TransUnion: 1-888-909-8872
Does this mean I won’t be able to rent an apartment, take out a new credit card, or get a loan?
No, you’ll just have to temporarily lift your freeze, and the approval process might be slightly delayed. If you can find out which credit reporting company your potential landlord or bank uses, you can lift it only for that company. This won’t affect your credit score, and it won’t prevent you from receiving a credit report. You can also keep using your same credit cards, although if you think they might have been compromised, you should get new ones.
Couldn’t an attacker lift my freeze and open a new line of credit?
In order to lift a freeze, you need either an account with the credit bureau, a password, or a PIN (depending on the credit bureau). Each bureau puts in several safeguards to make sure only the owner of the account can change it.
When should I put this freeze on my account?
You’re probably here because you’re worried your data has been compromised. You should try to do this as soon as possible. Even if you’ve happened here by accident, you might consider putting this freeze on your accounts as a safety precaution because there’s no telling whether your data is out there. And once you request a freeze online, it is required to take effect within one business day.
When should I unfreeze my credit?
It’s fairly easy to lift your freeze in the event that you want to open a new credit card or rent a new apartment (or do anything else involving your credit). And every company must lift your freeze within one hour of it being requested online. Still, it won’t hurt to give your creditor a heads-up, just in case.
Is there anything else I can do?
There are several other steps you can take:
- Keep a watch on your savings and checking accounts, credit card statements, and any other financial accounts, and immediately chase down any expenses or withdrawals that you don’t recognize — even small ones. Fraudsters will sometimes test to see if you actually read your statements by charging or withdrawing small amounts and, if you don’t report it, will then follow up with larger thefts.
- You are entitled to a free credit report once a week. These reports contain information on loans, bill payments, debts, and other financial dealings that have occurred, and so will let you know if anything has happened that you may not have authorized. There is actually a single place you can go to obtain a credit report from all three agencies, AnnualCreditReport.com, which will then move you to each agency you want a report from.
- You can set up a fraud alert, which means a business must verify your identity before extending new credit. If you set up a fraud alert at one of the three credit bureaus, it will contact the other two so they can set one up as well. The fraud alert lasts a year, after which you can renew it. (If you’re a victim of identity theft, it will last seven years.)
- It’s a good idea to set up two-factor authentication on your online accounts, especially those involving money (like bank accounts or credit cards), using an authentication app.
Correction, August 21st: An earlier version of this article stated that a credit freeze will last one year. That actually applies to a fraud alert; a credit freeze will last indefinitely.
Update, August 21st, 2024: This article was originally published in September 2017 and has been updated to reflect considerable changes in credit freezes, reports, and the latest data breach.
