Once you've given your personal information to anyone, you no longer have control of it, and are left trusting that whoever you gave it to – creditors, employers, banks, government agencies, etc. – will protect it.
Last week the U.S. Office of Professional Management, effectively the federal government's Human Resources department, announced that the social security numbers and other personal information of over 21 million Americans were stolen by hackers.
On Thursday OPM director Katherine Archuleta refused to resign, saying she had no intention of leaving and that her agency was doing everything it could to address concerns about protecting personal data of federal employees, their spouses, and job applicants.
Twenty-four hours later, she resigned, effective immediately.
Some of your information is required to be given out; it's how we do business. Social security numbers, for example, are required by banks, credit card companies, and governments, and the and those numbers are stored in their computers. We transact business using credit and debit cards. That info is stored in computers, too.
But how can you protect your information from data thieves?
1. Keep your data secure.
Don't give it out to every business that asks. Limit the number of credit cards you use. Don't carry your Social Security card in your wallet, or keep it stored in your phone or computer.
Shred documents you don't absolutely need. Change your passwords and PINs regularly, and don't write them down. Add security features, such as a passcode, to your smartphone.
Don't give out personal information to callers you don't know. Don't respond to phishing scams, emails pretending to be from your bank or the IRS.
2. Pay attention to your accounts.
Most banks and credit card companies allow you to set up alerts to notify you of charges to your credit card or withdrawals from your bank accounts. Set up your accounts to receive these notifiations, and report transactions you did not authorize immediately.
You also should monitor your credit reports as often as possible. You can get a free copy of your credit report once a year from each of the three major credit bureaus. It's recommended you get a copy of a report every four months; for example, request your report from Experian in January, from Equifax in May, and from TransUnion in September, then repeat the next year. Or you can get your reports more often, for a small fee. Use the website AnnualCreditReport.com, the only official site run by all three credit reporting agencies.
3. Invest in identity theft protection service.
Identity theft protection services monitor your bank accounts, credit cards, and credit reports, and notify you via text message or email if potential fraud is seen. There are now many companies now offering this service, including LifeLock and LegalShield's IDShield. [Full disclosure: I am an independent associate LegalShield and IDShield.] These companies' services usually cost between $10 and $40 per month, depending on whether an individual or a family is being protected. Some companies, such as IDShield, monitors other information as well, including email addresses, online passwords and screen names.
LifeLock and IDShield not only monitor and notify you; both companies will help you restore your identity in the advent a data thief succeed in stealing your identity. IDShield has contracted with Kroll, Inc., one of the world's largest data security firms, to do whatever it takes to restore your identity to its pre-breached state.
Banks and even the credit bureaus are now offering similar services.
And, unfortunately, the bad guys themselves have gotten into the ID theft protection business. Just last week two companies – Intersections, Inc., and Affinion Group Holdings – were busted by the federal Consumer Financial Protection Bureau, and together must pay nearly $10 million in customer refunds and penalties for failing to actually provide the services they were offering.
Following these three suggestions will go a long way to keeping your data secure and your identity safe, but nothing is foolproof. Diligence is required. Keep a close eye on everything, and be ready to respond quickly if you discover any of your personal data has been compromised.