The number of data breaches and reported incidents of identity theft continues to set records nearly every year. According to the Identity Theft Resource Center’s (ITRC) Annual Review, the number of U.S. Data breaches tracked in 2017 hit a new all-time high of 1,579, up 44.7 percent over last year’s record totals of 1,091 breaches. Additional findings include:
Stolen personal information is more likely to be used to commit identity theft. On average, there is one identity theft victim in the U.S. every two seconds. And for Michigan consumers, the Federal Trade Commission reports that three of the top 15 metropolitan areas (per capita) for identity theft reports in 2017 are in Michigan—including the number one city: Ann Arbor.
Thus, if your information is impacted, you need to take the threat seriously and take steps to prevent becoming an identity theft victim
This Alert identifies and explains steps you can take to protect yourself and your information following a data breach or security incident.
Experts suggest that the most likely thing that will happen to your information after the data breach is that it will be misused in some manner and you will have to resolve that.
Best case scenario, you will suffer only minor distress and inconvenience and you will resolve it within weeks to a couple months.
Worst case, you ignore the breach, take no action, and you end up the victim of multiple identity-theft incidents that will take you years to clean up.
Even worse: the negative impact hits you at the same time you are trying to secure financing to buy a home, get a car loan, or student loans for college.
Contact information - name, address, phone number, email address. Someone else having this information alone is generally not enough to put you at much risk.
However, thieves use basic contact information as a gateway to get more sensitive personal information, so you need to be on the lookout for phishing emails and calls.
Stolen credit card numbers may result in fraudulent charges. Federal law limits credit card holders’ fraud liability to $50 if a thief personally presents your card to make a purchase; and $0 liability if the thief uses your card by phone or the internet.
Stolen debit card numbers can result in overdrafts and bounced checks. Your liability will depend on how quickly you report the theft.
If you notify the card issuer immediately and before the card is used, your liability is $0; it is up $50 if you notify the card issuer within two business days (or 60 days for unauthorized withdraws appearing on your monthly statement); after that, if more than 60 days pass and you have not notified the card issuer, your liability could be unlimited.
Thus, if your credit or debit card numbers are stolen, immediately contact the card issuer.
Someone possessing your birth date information or maiden name, like contact information, is not in itself inherently risky; however, when it is combined with your name and other contact information, it is more valuable to thieves because it never changes and is often asked for to verify identity.
In Michigan, if your driver’s license is stolen, go to your local branch with proper ID and ask for a “stolen flash” to be put on your record.
A stolen social security number is a worse-case scenario. A valid SSN can be sold to undocumented workers or to people trying to hide their identities.
With your social security number and your name, almost anyone can pose as you; open new loans and credit accounts in your name; incur medical debts; create medical records; file fake tax returns; and generate criminal records.
Report the theft of your social security number to the local police; the Social Security Administration (SSA); the Internal Revenue Service; the Internet Crime Complaint Center; and if identity theft results, the Federal Trade Commission.
Immediately report the theft of your bank and financial account numbers.
Stolen account logins and passwords create multiple fraud opportunities for thieves to directly steal from you or search your email for more personal sensitive information.
The damage can multiply if you use the same login and password for other accounts. Change affected logins and passwords immediately; and use two-step authentication.
Michigan consumers have the right to order a free credit report from each of the three major credit reporting companies every year.
Consumers can order their free annual credit reports:
To maximize your protection against fraudulent activity, order one report from a different company every fourth month. When you order, request that no more than the last four digits of your social security number appear on copies of your credit report.
Review our Alert, Free Annual Credit Reports—What Consumers Should Know, to learn more about what is in your credit report; what you should look for on your credit report; and what to do about errors.
If you are a victim of identity theft, you are entitled to place a fraud alert on your file and to receive copies of your credit report from each credit reporting companies free of charge, regardless whether you have previously ordered your free annual reports.
Requesting a copy of your own credit report is known as a “soft inquiry” and will not affect your credit scores.
A fraud alert is a free alert, or flag, that is placed on your credit file when you notify a credit reporting agency that your information may have been compromised. This alert will make it more difficult for anyone to open an account in your name. The Federal Trade Commission provides a checklist for this.
When you place a fraud alert on your credit report with one agency, federal law requires that agency to notify other nationwide credit reporting agencies, who will then place alerts on your reports with them.
In addition, when you place a fraud alert or credit freeze on your credit report, it will freeze online access to your social security information with the Social Security Administration. Thus, if you have not created an account with social security, you will not be able to do so online unless or until you lift or remove the alert or freeze. To create an account without lifting or removing the alert or freeze, you must go to your local social security office in person with proper identification.
There are three types of fraud alerts:
If you are concerned about or you suspect identity theft, an initial fraud alert can make it harder for an identity thief to open accounts in your name. These alerts last for one year, and may be renewed.
Anyone requesting your credit file during this year-long window is alerted that you suspect you are a victim of fraud. When you or someone else attempts to open a credit account in your name, increase the credit limit on an existing account, or get a new card on an existing account, the creditor is required to take additional steps to try to verify that you have authorized the request.
If the creditor cannot verify your authorization, then the request should be denied.
These are for confirmed identity theft victims; last for seven years; and require a police report to verify your identity theft victim status.
In the case of an extended alert, federal law requires that a creditor must call the consumer using the phone number in the alert before authorizing any request to open or modify a credit line.
This free fraud alert lasts for one year and is available to active members of the military who want to protect their credit while deployed.
A security freeze or credit freeze is something you request from a credit reporting agency to restrict access to your credit report.
This makes it more difficult for identity thieves to open new accounts in your name because most creditors will demand to see your credit report before they approve new credit. If a creditor cannot see your file, then the creditor should not extend the credit.
A credit freeze does not prevent all third parties from seeing your report. Existing creditors, debt collectors acting on their behalf, and government agencies in limited circumstances will have access to your report. But placing a credit freeze on your account will not affect your credit score—nor will it keep you from getting your free annual credit report, or from buying your credit report or score.
Credit reporting agencies may not charge a fee to place or to temporarily or permanently lift a security freeze.
Credit monitoring is a service that tracks your credit report and alerts you whenever a change is made.
This gives you the opportunity to confirm the accuracy of the change and, if needed, contest any inaccuracy.
The specifics of any service will depend on the provider; however, most adverstise they will notify you within 24 hours of any change to your credit report.
The type of changes you can expect to receive alerts about include: hard inquiries, which are made when a credit card or loan application is submitted in your name; new accounts, which generate a note on your report whenever a new credit card or loan is opened in your name; changes to any existing accounts; and address changes.
Some companies extended their services to include non-credit red flags that monitor sex-offender registries, bank-account activity, or payday-loan applications.
Credit monitoring companies may offer “free” trial periods followed by an expensive automatic renewal that can be difficult to cancel.
Credit monitoring services are frequently offered free of charge for one year to individual’s whose information was breached.
Take advantage of any unconditional and free subscription to any credit monitoring, fraud resolution, or other service designed to protect and help you.
Before you accept a free subscription offered to you as a result of a security breach, carefully consider any conditions placed on your acceptance of this subscription.
For example, will you be charged after a short free period? Or will you only get the free subscription if you give up your right to additional legal redress?
For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token (a physical object in user’s possession).
This protects your account even if your password is compromised.
As an extra precaution, you may want to choose more than one type of second authentication (e.g., a PIN) in case your primary method (such as a phone) is unavailable.
To minimize your risk of identity theft related tax fraud, file your tax return early—and first. This assures that your return will be accepted by the IRS and the criminal’s fraudulent return in your name will be denied. To learn more, read the Attorney General Alert, Tax-Related Identity Theft.
Educate yourself about the different types of identity theft, including: financial identity theft; governmental identity theft; criminal identity theft; medical identity theft; and child identity theft.
For more information on how to place credit freezes and fraud alerts on your credit reports, please see the Attorney General’s Alert, Credit Freeze; Fraud Alert; & Credit Monitoring.
Michigan consumers may visit the Federal Trade Commission’s website devoted to identity theft or call the Federal Trade Commission’s ID Theft Hotline at 877-ID-THEFT (877-438-4338).
You may reach the Attorney General’s Consumer Protection Division at:Consumer Protection Division
The Attorney General provides Consumer Alerts to inform the public of unfair, misleading, or deceptive business practices, and to provide information and guidance on other issues of concern. Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.