AARP Eye Center
After a just-revealed hacking hit about 106 million customers of credit-card giant Capital One, experts are urging consumers to take six steps to protect themselves from identity thieves.
“The No. 1 thing consumers should do to protect their identities is to freeze their credit” by contacting each of the three major credit bureaus: Equifax, Experian and TransUnion, says Ted Rossman, an industry analyst for CreditCards.com.
AARP Membership — $12 for your first year when you sign up for Automatic Renewal
Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP The Magazine.
His firm, based in Austin, Texas, is an online marketplace that lets consumers compare credit cards and get news and advice about them.
Freezing your credit is “free, quick and easy,” Rossman says. “You can do it online or over the phone. This is the best way to prevent a criminal from opening an unauthorized account in your name.”
According to Rossman, only about 1 in 4 adults in the U.S. have frozen their credit.
More tips from him and others:
- Change your passwords regularly.
- Consider using a password aggregator such as LastPass to ensure strong, unique passwords for all your logins. Its basic service is free; its premium service costs $3 per month. According to Rossman, more than 8 in 10 adults in the U.S. reuse the same password, which he calls a “major security vulnerability.”
- Obtain your credit reports from Equifax, Experian and TransUnion, and monitor them for suspicious activity.
- Regularly scrutinize statements for your credit cards and other accounts for signs of unauthorized activity.
- Consider signing up for 24/7 credit monitoring so you can learn immediately if someone tries to open an account in your name.
Like others concerned about cyberfraud, Rossman says the frequency of gigantic data breaches — affecting firms such as Equifax, Marriott International, Target and Home Depot — means people need to assume their personal data already has been compromised. “This [breach] surely won’t be the last, so take defensive actions now,” he urges.
At WalletHub, a free credit-score website, CEO Odysseas Papadimitriou agrees that most consumers’ personal information probably already has been stolen — at least once.
Capital One says so far it has found:
- Approximately 100 million people in the U.S. and 6 million in Canada had their data compromised.
- The largest category of stolen data involved information supplied by consumers and small businesses when they applied for credit cards from 2005 to early 2019.
- That information includes names, addresses, phone numbers, email addresses, dates of birth and self-reported income.
- About 140,000 U.S. Social Security numbers were hacked, along with about 1 million of the Canadian equivalent, known as Social Insurance Numbers.
- About 80,000 linked bank accounts belonging to credit card customers also were accessed.
- Beyond the credit card application data, information such as credit scores and limits, balances, payment history and contact information also was seized, as well as fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
Consider the findings of the Privacy Rights Clearinghouse, a San Diego-based consumer protection group, which says that 9,002 data breaches have been reported in the U.S. since 2005 and that altogether nearly 11.6 billion records have been breached. One of the major breaches was at Equifax, which last week reached an agreement with the Federal Trade Commission to pay as much as $700 million after a 2017 cyberattack compromised the data of 147 million people in the U.S.