The South Carolina Revenue Department announced a major cyber-attack at the end of October possibly affecting 3.6 million taxpayers dating back to 1998. The state says an international hacker took unencrypted social security numbers and 387,000 credit and debit card numbers. New information also shows the breach affected 657,000 businesses in the state. South Carolina is offering anyone affected by the cyber-attack free credit monitoring on protectmyid.com with a validation code, but this will only check your Experian report. Earlier in October, although on a much smaller scale Barnes & Noble also had a breach of some of their store's credit and debit card terminals. Security breaches like these two aren't going away and are only getting more sophisticated. Here are some steps that consumers can use to protect themselves.
Take Action Quickly
In both incidents it took time to notify those affected. The South Carolina government became aware of the data breaches on Oct. 10 and didn't inform taxpayers until Oct. 27. Barnes and Noble took more than a month to let their customers know. That means, for some people, their information could have already been used in a malicious way. Don't wait until you hear of a data breach, be proactive about protecting your identity.
Monitor Your Credit
A good first step is to monitor for new, fraudulent accounts and activity on your credit report, by signing up for a credit monitoring service like the free service offered by Credit Karma. It will monitor your TransUnion credit report daily and alert you to any important changes, such as a new account opened in your name. As security breaches become more frequent, monitoring your credit is a good action for all consumers to take.
Place a Fraud Alert on Your Credit Report
If you are notified you are part of data breach, placing an initial fraud alert on your reports is a good extra level of protection. The alert tells lenders and creditors that they must verify your identification by contacting you before opening credit or a loan in your name. The alert will last for 90 days and can be extended if you find you do become a victim of identity theft. To initiate a fraud alert, contact one of the three credit bureaus; that bureau will be required to notify the other two credit bureaus to place an alert on your file. You will not be charged for placing an initial fraud alert on your credit report.
Cancel Your Credit Card and Reset Your Passwords
A fraud alert won't protect accounts and credit cards already active. If account information is exposed in a data breach, cancel the card and change any passwords or pins that may be tied to it immediately. Alert all companies that have your card on file for automatic monthly billing because your now canceled card can't be charged. Not alerting those companies results in your bills going unpaid, causing even more problems like mounting debt and the potential for your credit score to suffer.
Remember: No one can completely protect themselves from identity theft, but taking these steps can help you catch red flags before there is major damage to your credit and finances.
Ken is the founder and CEO of CreditKarma.com, a free credit management website that helps more than 9 million people access their credit score for free.