Illustration by Samar Haddad / The Verge
Back in 2017, Equifax announced that hackers stole half of the US population’s Social Security numbers in what, we said, “will likely end up being one of the worst data breaches to ever affect the country.” Perhaps — until this year, when about 2.9 billion rows of data were collected through a breach at National Public Data (NPD), a company that resells collected personal data for background checks. This data included names, Social Security numbers, and other personal information.
As usual, when this sort of thing hits the news, our immediate reaction is to wonder what we can do to prevent ourselves from falling prey to identity theft, unauthorized withdrawals, false credit applications, and other nasty consequences. And, also, as…
Illustration by Samar Haddad / The Verge
Back in 2017, Equifax announced that hackers stole half of the US population’s Social Security numbers in what, we said, “will likely end up being one of the worst data breaches to ever affect the country.” Perhaps — until this year, when about 2.9 billion rows of data were collected through a breach at National Public Data (NPD), a company that resells collected personal data for background checks. This data included names, Social Security numbers, and other personal information.
As usual, when this sort of thing hits the news, our immediate reaction is to wonder what we can do to prevent ourselves from falling prey to identity theft, unauthorized withdrawals, false credit applications, and other nasty consequences. And, also, as…
Continue reading…
There are several ways you can protect yourself if you suspect your personal info has been compromised.
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.
Back in 2017, Equifax announced that hackers stole half of the US population’s Social Security numbers in what, we said, “will likely end up being one of the worst data breaches to ever affect the country.” Perhaps — until this year, when about 2.9 billion rows of data were collected through a breach at National Public Data (NPD), a company that resells collected personal data for background checks. This data included names, Social Security numbers, and other personal information.
As usual, when this sort of thing hits the news, our immediate reaction is to wonder what we can do to prevent ourselves from falling prey to identity theft, unauthorized withdrawals, false credit applications, and other nasty consequences. And, also, as usual, the information from the breached organization — and from most news organizations — is often vague and unsatisfactory.
How do I know if my data was stolen from National Public Data?
Unfortunately, at the time this story was written, National Public Data was not providing a lot of information about whose data was stolen. There are a couple of websites out there (specifically, npdbreach.com, from Atlas Privacy, and npd.pentester.com) that say they can tell you, but since they ask you to enter data such as your birth year, it’s up to you whether you want to trust them or not.
Many companies that have suffered a breach eventually offer the services of a security firm that will monitor your account for a period of time; but so far, the only thing NPD is doing is recommending that you monitor your accounts, get a free credit report, and initiate a credit freeze.
What’s a credit freeze?
A credit freeze prevents creditors from viewing your credit file. Whenever you apply for a credit card, loan, mortgage, or even just to rent an apartment, the bank or landlord evaluates your credit and the risk of approving you. A freeze blocks them from retrieving your credit information, thereby preventing an attacker from taking out new credit in your name.
How do I place a freeze?
The good news is that placing a credit freeze is free. It will last one year, and after that, you can renew it. The bad news is that you’ll have to reach out to each credit reporting company independently. There are three main companies in the US: Equifax, Experian, and TransUnion.
Here are the contact numbers for each company, as well as links to their freeze landing pages.
Does this mean I won’t be able to rent an apartment, take out a new credit card, or get a loan?
No, you’ll just have to temporarily lift your freeze, and the approval process might be slightly delayed. If you can find out which credit reporting company your potential landlord or bank uses, you can lift it only for that company. This won’t affect your credit score, and it won’t prevent you from receiving a credit report. You can also keep using your same credit cards, although if you think they might have been compromised, you should get new ones.
Couldn’t an attacker lift my freeze and open a new line of credit?
In order to lift a freeze, you need either an account with the credit bureau, a password, or a PIN (depending on the credit bureau). Each bureau puts in several safeguards to make sure only the owner of the account can change it.
When should I put this freeze on my account?
You’re probably here because you’re worried your data has been compromised. You should try to do this as soon as possible. Even if you’ve happened here by accident, you might consider putting this freeze on your accounts as a safety precaution because there’s no telling whether your data is out there. And once you request a freeze online, it is required to take effect within one business day.
When should I unfreeze my credit?
It’s fairly easy to lift your freeze in the event that you want to open a new credit card or rent a new apartment (or do anything else involving your credit). And every company must lift your freeze within one hour of it being requested online. Still, it won’t hurt to give your creditor a heads-up, just in case.
Is there anything else I can do?
There are several other steps you can take:
Update, August 21st, 2024: This article was originally published in September 2017 and has been updated to reflect considerable changes in credit freezes, reports, and the latest data breach.
The Verge – All Posts