For anyone striving to safeguard their personal information, recent news reports offer a stark reminder of the risks involved. The most alarming revelation came last month with the disclosure of a massive breach at National Public Data, which reportedly involved 2.9 billion records being leaked onto the dark web. However, that wasn’t the sole major incident; in early September, Medicare warned nearly one million beneficiaries about compromised personal identifiable information due to a vulnerability in third-party software systems.
This means your social security number—vital for filing taxes, managing credit, and accessing certain government benefits—might already be in the hands of hackers or criminals. If it hasn’t been compromised yet, it’s only a matter of time until another breach occurs.
The good news is, you don’t have to sit idly by and wait for disaster to strike. There are proactive measures you can take to significantly reduce the chances of identity theft or fraud, especially considering that other personal details like your name, date of birth, and address may also be circulating without your knowledge. Here’s how you can protect yourself.
1. Investigate What Information Has Been Compromised
While assessing whether your details have been compromised isn’t strictly necessary, it can empower you or your loved ones to take action. Knowing exactly what has been leaked can be crucial.
As a rule of thumb, you should be cautious about providing personal information on websites that claim to check for breaches unless you are familiar with them. Fortunately, there are some reputable sites dedicated to the National Public Data incident that don’t ask for sensitive information to verify identity.
For an in-depth overview of these sites, my former colleague Michael Kan outlines their backgrounds—one is operated by a cybersecurity firm, and the other is a data removal service. The NPD Breach Check site provides a list based on the full name, state, and birth year you enter, while the National Public Data Breach Check & Search site provides more detailed results based on your name and zip code, social security number, or phone number.
If you still have reservations about these resources or seek broader, ongoing monitoring, options include Google’s Dark Web Report or certain paid antivirus subscriptions. Third-party services like Have I Been Pwned can also notify you of breaches, although they rely on your email being part of the compromised data.
2. Secure Your Credit Reports
Obtaining a credit freeze is free of charge and fundamentally prevents fraudsters from opening new credit accounts in your name. Given that your personal data may be floating online, this is an intelligent precaution to take.
You’ll need to initiate this freeze with each of the primary credit bureaus: Equifax, Experian, and TransUnion. Additionally, you may want to include Innovis, a lesser-known credit reporting agency, to ensure comprehensive protection.
With a credit freeze in place, your reports can only be accessed by you. If you decide to allow a credit check—such as when applying for a new apartment or loan—you can lift the freeze temporarily through the respective bureau’s website or hotline, using the PIN provided during the initial request.
3. Review Your Credit Reports
While addressing your credit reports, it’s also wise to thoroughly inspect them for any signs of fraudulent activity. You can access your reports weekly at AnnualCreditReport.com, or you can request paper copies annually via phone or mail.
Should you discover any discrepancies, you have the option to dispute them. If you suspect identity theft, you can report it and take immediate steps toward remediation.
4. Obtain an IRS Identity Protection PIN
Tax-related fraud can be a significant nuisance, but the IRS provides a mechanism to thwart anyone from filing a return in your name without permission. By requesting an Identity Protection PIN (IP PIN), each tax submission must include this six-digit code to be processed.
Generally, you’ll need to acquire a new PIN each year—unless you have already fallen victim to tax-related identity theft, in which case the IRS will automatically issue you a new IP PIN each year.
If you forget your IRS IP PIN, the IRS offers methods to retrieve it. Additionally, you can save this information in a reliable password manager; if you’re wary of cloud services, opt for a manager that stores data locally on your device.
5. Secure Your Banking Report
Similar to credit reports, a file exists that tracks your banking activity. If someone opens fraudulent accounts under your name, it can impact your future banking opportunities.
To guard against this, you can request a security freeze from ChexSystems, the primary reporting agency banks consult. Once the freeze is enacted, only you can access your report. Should you wish to lift the freeze temporarily (for example, to set up a new bank account), you can do so online using the PIN you received when establishing the freeze.
Seok Chen is a mass communication graduate from the City University of Hong Kong.