At NerdWallet, we strive to help you make financial decisions with confidence. To do this, many or all of the products featured here are from our partners. However, this doesn’t influence our evaluations. Our opinions are our own.
Equifax, Facebook, Capital One, Yahoo — every week seems to bring news of another data breach. Millions of consumers’ sensitive information, such as login credentials, bank account info and Social Security numbers, is floating around the internet just waiting to be exploited.
And 2019 is on track to be one of the worst years for data breaches yet. Nearly 4,000 data breaches were reported in the first half of this year, with over 4 billion records exposed, according to Risk Based Security, a research and security firm. That’s a 54% increase in breaches and a 52% increase in records exposed as compared to mid-year 2018.
At this point, it’s safe to assume that some of your information is out there. Now it’s a matter of doing what you can to protect yourself and deter malevolent actors from making you a victim of identity theft. Here’s what you can do.
Personal information includes your Social Security number, birthdate and mother’s maiden name. Among these, your Social Security number is the most sensitive, because you can’t change it and it’s often used to verify your identity.
“If you look at the companies that have been compromised, the chances are really good that your personal information is out there,” says Gary Davis, the “chief consumer security evangelist” at the cybersecurity company McAfee.
A key example is the 2017 Equifax hack
, in which more than 147 million U.S. consumers had their credit profiles and Social Security numbers exposed.
With access to your personal information, scammers could apply for new lines of credit in your name, potentially saddling you with debt, ruining your credit or both. With your Social Security number, a criminal could also steal your tax refund.
What you can do
Take three important steps to limit the exposure of your personal info and protect yourself if some data is already out there.
- Limit exposure: Avoid giving out your Social Security number whenever possible. Many services ask for it to verify your identity but may offer other ways to confirm who you are. Limit the number of databases and filing systems containing this identifier.
- Freeze your credit: Safeguarding your credit files is fairly easy — and free. The best approach is to freeze your credit with the three main credit bureaus: Equifax, Experian and TransUnion.
- Regularly check your credit reports: You’re entitled to a free copy of your credit report from the three major credit bureaus every 12 months. Review your reports and look for any lines of credit you don’t recognize because that can be a red flag for fraud.
For an added sense of security, you might want to consider credit monitoring and identity theft protection services, which can alert you to attempts to use your personal information. But they charge a fee and can’t prevent ID theft, just alert you after the fact.
This refers to things like your email, bank account or social media login credentials. Some of your digital information may have been exposed if you use Facebook, Yahoo or Capital One, to name just a few high-profile breaches. In addition, the information you share on social media can leave you vulnerable to identity theft.
Protecting your digital information helps thwart many forms of identity theft. If your Facebook account is accessed by hackers, for example, they could tap your network and create scams targeting your friends and family. Criminals with your bank login credentials could siphon money from your account or run up charges on a credit card.
What you can do
Some fairly simple measures can help protect your digital information.
- Protect your accounts: While it might sound like a no-brainer, make sure you’re using secure, unique passwords for each of your accounts. “Secure” means something that’s hard to guess; use capital and lowercase letters, and mix in numbers and special characters. “Unique” means not repeating a password, so someone who accesses one of your accounts can’t get into all of your accounts.
- Use technology to help you: Password manager apps and two-factor authentication services can make it more difficult for hackers to get into your accounts.
- Safeguard your smartphone: These devices can be one of our biggest vulnerabilities to identity theft. Use a passcode on your phone and consider adding a security code to your phone account. “Keep your software current and don’t delay updating it,” says Lisa Schifferle, ID theft program manager at the Federal Trade Commission. “Scammers know there’s a delay when people update, and they use that time to break into phones.”
In the long term, you can mitigate the future risk of privacy violations by being conservative with the services you use. If a company is a repeat offender, consider dropping the platform.
“Don’t reward companies for bad behavior,” says Davis. “If you hear about companies that aren’t treating our data and your privacy as strongly as they should, don’t use them anymore. Show them with your feet that you care about these things.”