Even with my personal radar on high alert for data breach news, my own response to articles about the massive social security number breach this week was a bit like molasses.

We haven’t even seen the worst of it and I’m already tired of data breaches…

A future dominated by AI means a future of endless data security issues. First, because AI makes it easier to dupe individuals and gain access to systems, and second, because AI requires massive amounts of data making our information even more valuable to data brokers and criminals.

My Breach Surprise

I’m exhausted by the steady stream of notifications I’ve received of late ranging from AT&T to Ticketmaster and even related to the kids and school (the number of those affected by the NYC Illuminate breach now tallies more than one million).

In the back of my mind too has been the fact that I was out of the US for so long (more than 13 years) that surely my footprint would be smaller in the US?

Welp, I checked two recommended sites to see if I was affected: NPD.pentester.com and NPDBreach.com (which look sketchy but are legit, more on that below) and boy did I get a sucker punch on the data privacy front. Every address of mine from the past 30 years was listed… with my social security number and date-of-birth as part of the stash too.

What I Did (And What You Should do Too)

Please don’t procrastinate and flag this email to read later. Chances are good that your SSN was part of this breach, and there are some really simple things you can do to protect yourself right now.

“Freeze” Your Credit

What used to be a laborious process is now a one-click option available across the three credit reporting agencies: Equifax, Transunion, and Experian. It is super easy to do and, personally, I’ll never leave my accounts unfrozen again. Why? Well, first, you should always know who is checking your credit and why. And, second, to keep your credit healthy, it shouldn’t be pinged all the time anyway. So, why not just “unfreeze” your credit (also a one-click) when you need it?

Check if You Were Affected

Note that I suggest “freezing” your accounts before checking to see if any given breach relates to you. Again, with the constant and relentless onslaught of cyber crime events, I think “frozen” should be the default (I’d love any of my expert readers to tell me if they think otherwise). Then, of course, check to see if you were affected. Specific to the NPD breach, I noted two sites above that make it really easy to check — you just add your first and last names as well as your year of birth. Never use your SSN to see if you were part of a breach. A site asking for it may be a scam, but even if it’s legit, you are better off avoiding entering those details anywhere except where it is required (e.g., banks, the government).

Work with the IRS

Freezing your credit is a great first step. But there is more you can do (and a plus of our digital age is that it’s all so much easier now). First, set up a social security online account to keep an eye on any possible social security fraud (aka, anything that doesn’t look familiar to you). If you think someone is actively using your information (e.g., not just that you were a part of a breach) you can notify the IRS using Form 14039 (Identity Theft Affidavit). You can also set up an extra PIN to accompany your SSN that the IRS will reset each year. This will then flag to the IRS if someone using your number is not, in fact, you.

Use a Password Manager

Please set up a password manager… you will not be sorry. I use 1 Password, but there are many to chose from (I love that a Reddit user created this comparison table). Change your passwords often and, if given the option, choose 2-factor authorization too (it can be as simple as a code sent to your phone that provides an extra layer of protection). It’s really one of the easiest and most empowering ways to protect yourself from cyber crime.

Would you even know if your email has been breached? Check site like Have I Been Pwned to see where your email and related information may have been compromised. If you find your email listed it does not mean that criminals have your password, but it also doesn’t mean that they do not. So change it.

You know this by now but it’s important to repeat it — watch carefully for increasingly sophisticated scam emails and, in general, never click on a link unless you are more than 1000% sure of its origin.

Consider Identity Theft Monitoring Services

Setting up a monitoring service can provide you with peace of mind by alerting to you future breaches, as well as if someone tries to use your information to, say, finance a car or buy a property. Here are a couple of reviews to find the right monitoring service for you.

Nerd Wallet Review

US News & World Report

USA Today

Bigger Picture…

This is our future now. We can’t procrastinate or feel intimidated by the process of protecting our data. While this list is a start, it’s not exhaustive. But the good news is that you are in control of how you protect your data and how you address current and future breaches.

It’s also critical to protecting our kids’ futures. Children are some of the best “identities” to steal as they are without a “past” making them a blank slate for fraud. As you can see from this graphic below found on the Federal Trade Commission’s website, around 3% of identify fraud cases right now are for those under the age of 19. That should worry all of us.

Getting smart about personal data is a good family activity. Why not have a data clean up day? Or task each family member to research a service and way to protect information.

Want more ideas? Please get in touch.

As mentioned last week, my new back-to-school guide will be live soon, so please consider upgrading to receive access.