How a Data Breach Could Affect Your Credit
occur more often than the public realizes. Not all data breaches are as highly publicized as the one that occurred with Target because the company suffering the data breach may not be as large, the number of affected customers may be smaller, and state law may not require the company to report its data breach.
It’s important to note that the data breach itself doesn’t directly affect your credit, but rather how the stolen information is used, if it’s used at all. There’s a chance that your credit may not suffer at all — especially if the information stolen isn’t enough to commit identity theft. The impact of the data breach depends on the type of information stolen, which can range from something benign like an email address or as serious as your social security number.
Stolen Personal Information
Name, address, and birthdates can be compromised in a data breach, but that information alone may not be enough for a thief to commit fraud or identity theft. However, a thief could try to use this information to launch a phishing attack and get you into giving up additional information, like a credit card number, other credit card or account information, or your social security number.
Stolen Email Addresses
Your email address also isn’t enough to directly commit credit card fraud or to steal your identity. If your email address is stolen in a data breach, the thief could attempt to phish information from you by sending emails to you that appear to be from a legitimate financial institution or other business.
If you click links in phishing emails, you’re typically taken to a phishing website that may look like a legitimate website. These websites are used to capture login information or other personal information. With that information, a thief could commit other types of fraud.
Don’t click on links in emails no matter how real the email seems or the sense of urgency the email may create. Contact your creditors, lenders, or other businesses directly via the business’ official website to be safe. Or, call the number on the back of your credit card or on your billing statement with any concerns you have about your account.
Usernames and Passwords, Security Answers
The harmfulness of a stolen username and password depends on the website for which they were stolen. Obviously, the username and password for your bank or credit card login are far more sensitive than that for a non-financial account. Login details for your email account are also risky since a thief can intercept emails from important businesses and use to gain access to information that would allow them to commit fraud or identity theft.
If you suspect that your login details may have been compromised in a data breach, change your password right away. It’s a good idea to change your passwords periodically anyway, especially for your more important accounts.
Stolen Credit and Debit Card Numbers
Credit and debit card numbers stolen in a data breach may not be enough for a thief to commit fraud. They’ll also need your name, the expiration date on the credit card, and the CVV number (three- or four-digit security code) from the back of the credit card. If all this information is stolen in the data breach, a thief could create fake credit cards and use them to make fraudulent purchases.
Encrypted PINs could be stolen in the data breach. These encrypted PINs may be useless to a thief because the PINs would have to be decrypted before they could be at an ATM. The difficulty in decrypting these PINs depends on the type of encryption that was used. However, if a thief does successfully decrypt the PINs (or if they weren't encrypted at all), your card information could be used to create a clone credit card that could be used to withdraw cash from an ATM.
If your credit or debit card numbers are stolen in a data breach continually monitor your account for suspicious activity. Report any unauthorized charges to your bank or credit card issuer immediately. Continue to make required minimum monthly payments on your credit card as normal, especially if a portion of your credit card balance was not affected by fraud. Otherwise, your credit card issuer may report missed payments to the credit bureaus.
The risk of credit card or checking account fraud is there even when you haven’t been a data breach victim. Get in the habit of looking for suspicious activity a minimum of once a month.
Stolen Social Security Numbers
Social security numbers are the most dangerous type of information stolen, especially if the thief also steals your name and date of birth. With your social security number, a thief can commit identity theft, opening up new accounts in your name, charging up the bills, and never making any payments. Identity theft — whether it results from a data breach or not — can be devastating for your credit. It can take months, sometimes even years, to clear up the impact of identity theft and you have to put in the time and effort to clean up the negative accounts.
If you receive notice that your social security number has been stolen in a data breach, strongly consider placing a fraud alert on your credit report. The fraud alert would signal businesses to further confirm your identity before opening any new accounts. The process is free and only has to be done with one credit bureau to protect your credit with all three credit bureaus.
Another option is to place a security freeze on your credit report. Most businesses cannot pull your credit report at all unless you’ve first lifted the freeze from your credit report. Businesses that you already have an account with, and some government agencies, can still access a credit report with a security freeze. Creditors who require a credit check to open an account would typically deny an application for a person whose credit can be accessed.
A Few Tips for Data Breach Victims
If you learn that your information has been, or may have been, stolen in a data breach, begin taking extra steps to protect your credit. If the company offers free credit monitoring, take it, but don't forget to monitor your credit at the other credit bureaus and to frequently check the transactions on your credit and debit card accounts.