The number of data breaches and reported incidents of identity theft continues to rise every year. Stolen personal information is most likely to be used to commit identity theft. On average, there is an identity theft victim in the U.S. every two seconds.
If your information is impacted following a breach, you need to take the threat seriously and take steps to prevent becoming an identity theft victim. This alert identifies and explains steps you can take to protect yourself and your information following a data breach or security incident.
Experts suggest the most likely thing that will happen to your information after the data breach is that it will be misused in some manner which will need to be resolved quickly.
Contact information - name, address, phone number, email address. Someone else having this information alone is generally not enough to put you at much risk. However, thieves use basic contact information as a gateway to more sensitive personal information, so you need to be on the lookout for phishing emails and calls.
Stolen credit card numbers may result in fraudulent charges. Federal law limits credit card holders' fraud liability to $50 if a thief personally presents your card to make a purchase; and $0 liability if the thief uses your card by phone or the internet.
Stolen debit card numbers can result in overdrafts and bounced checks. Your liability will depend on how quickly you report the theft.
If you notify the card issuer immediately and before the card is used, your liability is $0; it is up to $50 if you notify the card issuer within two business days (or 60 days for unauthorized withdrawals appearing on your monthly statement); after that, if more than 60 days pass and you have not notified the card issuer, your liability could be unlimited.
Thus, if your credit or debit card numbers are stolen, immediately contact the card issuer.
Someone possessing your birth date information or maiden name, like contact information, is not in itself inherently risky; however, when it is combined with your name and other contact information, it is more valuable to thieves because it never changes and is often asked for to verify identity.
In Michigan, if your driver's license is stolen, report it to local law enforcement then go to your local Secretary of State branch with "proof of identity" and ask that a "driver's license alert" be put on your record. As of August 2021, branches are still operating under appointment-only hours.
A stolen social security number (SSN) is a worse-case scenario. A valid SSN can be sold to undocumented workers or to people trying to hide their identities.
With your social security number and your name, almost anyone can pose as you; open new loans and credit accounts in your name, incur medical debts, create medical records, file fake tax returns, and generate criminal records.
Report the theft of your SSN to the local police, the Social Security Administration (SSA), the Internal Revenue Service, the Internet Crime Complaint Center, and, if identity theft results, the Federal Trade Commission.
Immediately report to your bank or financial institution the theft of your account numbers.
Stolen account logins and passwords create multiple fraud opportunities for thieves to directly steal from you or search your email for more personal sensitive information.
The damage can multiply if you use the same login and password for other accounts. Change affected logins and passwords immediately and use two-step authentication.
Consumers have the right to order a free credit report from each of the three major credit reporting companies every year. These national credit bureaus have a centralized website, toll-free telephone number, and mailing address so you can easily order your free annual reports in one place.
By mail - complete the Annual Credit Report Request Form and send to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281
By telephone - call 877-322-8228 (toll free); or
Online - (this is the only truly free credit report website).
Beware: Misspelling this site or using another site with similar words will take you to a site that will try to sell you something or collect your personal information.
However, during the pandemic, everyone in the U.S. can get a free credit report each week from all three national credit bureaus (Equifax, Experian, and Transunion). Additionally, everyone in the U.S. can get six free credit reports per year through 2026 by visiting the Equifax website or by calling 866-349-5191.
When you order, request that no more than the last four digits of your SSN appear on copies of your credit report.
Review the Michigan Attorney General Alert, Free Annual Credit Reports-What Consumers Should Know, to learn more about what is in your credit report, what you should look for on your credit report, and what to do about errors.
If you are a victim of identity theft, you are entitled to place a fraud alert on your file and to receive copies of your credit report from each credit reporting company free of charge, regardless of whether you have previously ordered your free annual reports.
Requesting a copy of your own credit report is known as a "soft inquiry" and will not affect your credit scores.
Put a fraud alert on your credit file
A fraud alert is a free alert, or flag, that is placed on your credit file when you notify a credit reporting agency that your information may have been compromised. This alert will make it more difficult for anyone to open an account in your name. The Federal Trade Commission provides helpful tips on its website.
When you place a fraud alert on your credit report with one agency, federal law requires that agency to notify other nationwide credit reporting agencies, which will then place alerts on your reports with them.
In addition, when you place a fraud alert or credit freeze on your credit report, it will freeze online access to your social security information with the Social Security Administration. Thus, if you have not created an account with the Social Security Administration, you will not be able to do so online unless or until you lift or remove the alert or freeze. To create an account without lifting or removing the alert or freeze, you must go to your local social security office in person with proper identification.
There are three types of fraud alerts:
Initial fraud alert:
If you are concerned about or suspect identity theft, an initial fraud alert can make it harder for an identity thief to open accounts in your name. These alerts last for one year, and may be renewed.
Anyone requesting your credit file during this year-long window is alerted that you suspect you are a victim of fraud. When you or someone else attempts to open a credit account in your name, increase the credit limit on an existing account, or get a new card on an existing account, the creditor is required to take additional steps to try to verify that you have authorized the request.
If the creditor cannot verify your authorization, then the request should be denied.
Extended fraud alert:
These are for confirmed identity theft victims, last for seven years, and require a police report to verify your identity theft victim status.
In the case of an extended alert, federal law requires that a creditor must call the consumer using the phone number in the alert before authorizing any request to open or modify a credit line.
Active duty military alert:
This free fraud alert lasts for one year and is available to active members of the military who want to protect their credit while deployed.
Consider a security freeze on your credit file
A security freeze or credit freeze is something you request from a credit reporting agency to restrict access to your credit report.
This makes it more difficult for identity thieves to open new accounts in your name because most creditors will demand to see your credit report before they approve new credit. If a creditor cannot see your file, then the creditor should not extend the credit.
A credit freeze does not prevent all third parties from seeing your report. Existing creditors, debt collectors acting on their behalf, and government agencies in limited circumstances will have access to your report. But placing a credit freeze on your account will not affect your credit score - nor will it keep you from getting your free annual credit report, or from getting your credit report or score.
Credit reporting agencies may not charge a fee to place or lift a security freeze either temporarily or even permanently.
Credit monitoring is a service that tracks your credit report and alerts you whenever a change is made.
This gives you the opportunity to confirm the accuracy of the change and, if needed, contest any inaccuracy.
The specifics of any service will depend on the provider; however, most advertise they will notify you within 24 hours of any change to your credit report.
The type of changes you can expect to receive alerts about include hard inquiries, which are made when a credit card or loan application is submitted in your name; new accounts, which generate a note on your report whenever a new credit card or loan is opened in your name; changes to any existing accounts; and, address changes.
Some companies extended their services to include non-credit red flags that monitor sex-offender registries, bank-account activity, or payday-loan applications.
Credit monitoring companies may offer "free" trial periods followed by an expensive automatic renewal that can be difficult to cancel.
Credit monitoring services are frequently offered free of charge for one year to individuals whose information was breached.
Take advantage of any free services being offered as a result of the breach
Take advantage of any unconditional and free subscription to any credit monitoring, fraud resolution, or other service designed to protect and help you.
Before you accept a free subscription offered to you as a result of a security breach, carefully consider any conditions placed on your acceptance of this subscription.
For example, will you be charged after a short free period or will you only get the free subscription if you give up your right to additional legal redress?
Use two-factor authentication
For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app, or a token (a physical object in user's possession).
This protects your account even if your password is compromised.
As an extra precaution, you may want to choose more than one type of second authentication (e.g., a PIN) in case your primary method (such as a phone) is unavailable.
File your taxes early
To minimize your risk of identity theft related tax fraud, file your tax return early-and first. This assures that your return will be accepted by the IRS and the criminal's fraudulent return in your name will be denied. To learn more, read the Attorney General Alert, Tax-Related Identity Theft.
Learn more about the different types of identity theft
Educate yourself about the different types of identity theft, including financial identity theft, governmental identity theft, criminal identity theft, medical identity theft, and child identity theft.
For more information on how to place credit freezes and fraud alerts on your credit reports, please see the Attorney General's Alert, Credit Freeze; Fraud Alert; & Credit Monitoring.
Michigan consumers may visit the Federal Trade Commission's website devoted to identity theft or call the Federal Trade Commission's ID Theft Hotline at 877-ID-THEFT (877-438-4338).
You may reach the Attorney General's Consumer Protection Team at:Consumer Protection
Your connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime online on a variety of topics. Nessel's Consumer Alerts, which cover a wide range of topics, can also be reviewed on the Department's website.