After the Breach: Protecting Your Identity
by AnnaMaria Andriotis, Wall Street Journal
Target’s massive data breach has had many consequences for consumers. Among them: more ads from services that claim to prevent identity theft.
For a monthly fee of $10 to $30, these services—offered by the three major credit bureaus, Equifax, Experian, and TransUnion, and companies like LifeLock—alert subscribers to possible illicit use of their personal information, such as unauthorized users trying to open fraudulent accounts in a consumer’s name.
But experts say the services might not offer much in the way of protection that consumers can’t already get for free or at a lower cost.
LifeLock and the three big credit bureaus spent nearly $14 million on advertisements for credit-monitoring services in the four weeks since the breach was announced through Jan. 19, up 68% from the previous four weeks, according to Competitrack, a research firm in Long Island City, N.Y. (The firms say they also ramp up advertising after the holiday shopping rush.)
The number of data breaches is on the rise. At least 619 breaches occurred in the U.S. in 2013, which compromised more than 57.8 million consumer records, exposing personal identifying information such as names, credit-card numbers and card security codes, according to data recorded by the Identity Theft Resource Center, a nonprofit organization in San Diego.
Retailers Hit Hard
Retailers in particular have been hit hard. Hackers gained access to some 40 million debit-card and credit-card accounts in Target’s breach, which took place in November and December. This month, the company said that the names, phone numbers and addresses of up to 70 million customers had been stolen.
This past week, Neiman Marcus Group said that about 1.1 million credit and debit cards belonging to its in-store shoppers could have been affected by a data breach that occurred last year. And Easton-Bell Sports, a maker of sports equipment and clothing, said hackers gained access to roughly 6,000 online shoppers’ information in December.
To help address consumers’ concerns, Target is offering one year of free credit monitoring and identity-theft insurance from Experian to in-store shoppers. (The insurance covers some identity-theft-related costs.) Neiman Marcus is giving the same services to all its shoppers, and Easton-Bell is using another provider for shoppers whose information was stolen.
But affected consumers still might get tripped up, says John Ulzheimer, a consumer credit expert at CreditSesame.com, a credit-management website.
The reason: Credit monitoring doesn’t alert consumers when someone uses their credit card to make fraudulent charges.
Instead, it focuses on other activities, such as applications for new lines of credit that may be fraudulent. To do this, identity thieves would need to find the affected customers’ Social Security numbers, which weren’t taken in the breaches.
In addition, experts say one year of monitoring may not be enough. Hackers tend to lay low when data breaches are exposed, Mr. Ulzheimer says. They often wait until consumers are less likely to be on the lookout for fraudulent activities.
Still, Target customers who incur fraudulent charges in the future resulting from the breach won’t be liable for them, says a spokesman. Neiman Marcus and Easton-Bell declined to respond to criticisms about the services’ limitations.
Credit bureaus sell their own protection services, though the services vary based on the package that customers choose.
The bureaus say they are trying to help consumers protect their credit. They also can make consumers aware that they have become identity-theft victims early on, says Trey Loughran, president of Equifax’s personal-solutions division, which sells consumers credit monitoring and identity-theft protection.
LifeLock says it tries to prevent fraudulent cases. It has joined with 250 vendors, including lenders and wireless service providers, and alerts subscribers when an application for an account in their name is submitted.
Consumers can protect themselves from fraudulent activity for free. To keep tabs on existing accounts, ask credit-card issuers to alert you by phone about charges beyond a certain dollar amount. You also should review your deposit accounts daily to confirm that your debit cards aren’t being fraudulently used.
To make sure new credit cards or loans aren’t opened in your name, check your credit reports from each of the three credit bureaus for free every 12 months at AnnualCreditReport.com. You also can place a “fraud alert” on your credit report with one of the credit bureaus without charge. That will notify lenders to take extra steps to confirm the identity of the person applying for credit in your name.
You also can freeze your credit report with each of the three bureaus—a surefire way to keep fraudulent accounts from being opened. Identity-theft victims can usually do this for free, while others will have to pay $3 to $10 per credit bureau.
When a freeze is in effect, lenders can’t pull your credit report, so a new account can’t be opened. The downside: You will have to undo a freeze before applying for credit, which you also will have to pay for.