You just received a breach disclosure letter. Their systems were "compromised". Now what? Do you call the police, close all your bank accounts and change your credit card numbers, file the letter and hope for the best?

The first thing is to take a deep breath. Breach disclosure letters can be intimidating but don’t panic. Take the time to figure out what, if anything, you should do. Read the disclosure letter itself very carefully. The disclosure letter should have some details about the breach. It may be enough to show that the breach didn’t apply to you. (I got a letter recently about my son’s medical information. Based on the dates in the letter, I knew that the breach couldn’t have affected him.) If you want more information, look on the internet. Check out the company’s website but also look for independent news reports. Be cautious about the blogs and other unverified sources, though. Look specifically to see what information is at risk. Also try to figure out whether the information was stolen or merely lost. If it was stolen, the odds are much higher that the information will be misused.

If you think it was stolen, start watching your accounts carefully, especially if the compromised information included bank or credit card numbers. Check those accounts online daily, looking for unauthorized transactions. If you see something suspicious, call your bank immediately.

If you haven’t done so recently, request a copy of your credit report. You should be in the habit of checking it regularly. Be extra vigilant for a cycle or two after receiving a breach disclosure letter. If the thief is going to abuse your account, it will probably only be for a few large transactions sometime within 3-6 months of the theft.

If your Social Security number has been compromised, strongly consider calling the three major credit bureaus to put a fraud alert on your records. When reviewing your credit report, look particularly for new accounts opened in your name. If you feel you’re at a particularly high risk, you can also implement security freeze, though the costs may outweigh the protections for most people.

If the breach disclosure letter says that you are eligible for credit monitoring, think about that. Personally, I don’t believe they will do anything for me that I’m not already doing for myself for free since I already monitor my credit report. I don’t want to put my personal information in the hands of yet another company just so they can do the same thing. Worse, some of these monitoring services put into the contract that they will automatically renew you (for fee) when the free period runs out. I don’t want to have to remember to turn off the monitoring in a year. But if monitoring will help you sleep better at night, consider it.

Finally, if you’re an actual victim of identity theft ( not just credit card fraud), you do want to call the police and file a police report according to Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse. Keep a copy of the police report for your records. You’ll need it to prove your innocence as you attempt to clean up your credit reports. Follow the instructions at the credit reporting agency’s website to dispute incorrect information.

Leave a Reply