You receive a notice in the mail saying that your personal information was exposed in a data breach. You are not alone. You may remember the Equifax breach in 2017 where hackers got into their computer systems and stole personal information belonging to millions of consumers.

This has happened in large companies including Twitter and T-Mobile, but smaller businesses, banks and health care providers have also reported breaches where their customers’ personal and account information was stolen. More than 4,000 data breaches were reported in Massachusetts last year. I have some tips about what to do if you receive such a notice.

In Massachusetts, companies are required to report data breaches involving consumers’ personal data to the Office of Consumer Affairs and Business Regulation. If the breach involves your social security number, the organization or company is required to contact you and offer credit monitoring services at no cost for at least 18 months. To sign up, contact the credit monitoring company using the information provided in the letter.

The next step is to order your free credit reports from annualcreditreport.com or by calling 877-322-8228. You should request a credit report from each of the three credit reporting agencies — Experian, Equifax and TransUnion. Once you receive the credit reports, check them carefully for any charges or accounts that you don’t recognize. Report any discrepancies to the credit reporting agency and the bank or financial company involved.

Regulations implemented during the pandemic mean you can check your reports every week for free through December 2023. Even if there are no problems with your credit report now, consider ordering and checking them again in a few weeks or few months to check for any accounts or charges that you didn’t make.

Consider placing a free credit freeze on your credit reports to make it harder for someone who has your personal information such as your name and social security number to open credit accounts using that information.

The freeze restricts access to your credit report so no one will be able to use it to apply for credit. To place a freeze, contact each of the three credit bureaus. The freeze lasts until you remove it and can be temporarily lifted if you need to apply for credit. It does not affect your ability to use your current credit accounts.

Another option is to place a fraud alert with the three credit bureaus. A fraud alert on your credit reports requires a business to verify your identity before issuing new credit in your name. There is no cost and you can activate a fraud alert by contacting one of the three credit bureaus. It lasts for one year but can be renewed.

An extended fraud alert is for consumers who have had their identity stolen and who have completed an identity theft report with the Federal Trade Commission at IdentityTheft.gov or by calling 877-438-4338. An extended fraud alert lasts seven years. The difference between the fraud alert and credit freeze is that the credit freeze stays in place until you lift it. You should still check your credit reports annually even with a freeze or fraud alert in place.

If the breach involves an account where a login or password is used, change your password. If you are unable to log in, contact the company to help you recover or shut down the account. If you use the same password for other sites, go to those sites and change the password.

It is recommended that you do not use the same password for more than one account. If you believe that hackers may have gotten your credit card or debit card information, check your statements for charges you didn’t make and alert your bank or credit card company.

You will want to keep a close eye on bank and credit cards accounts, health insurance or Medicare statements, and report any problems or errors. Look for signs of identity theft such as calls about debts that don’t belong to you or bills for accounts you never opened.

Beware of scammers

Remember that scammers often follow the headlines and will try to cash in on a data breach. Disregard phone calls, emails, or text messages from companies offering services to help you protect your identity.

Scammers may pretend to be from the company involved in the breach saying that they need the customer to set up a new account or verify personal information. They may use personal information obtained in the data breach to target the consumers involved and to make themselves sound more credible.

Don’t click on any link in an email or text message, no matter how real it looks. Refer to the original notification letter and call the company directly to verify whether they called or sent an email or text message.

If you would like more information about data breaches and identity theft, you may contact the Consumer Protection Unit in Greenfield at 413-774-3186 or in Northampton at 413-586-9225 or go to our website, NorthwesternDA.org/consumer-protection-unit and check our consumer resources.

Anita Wilson is director of the Northwestern District Attorney’s Office Consumer Protection Unit, which is a Local Consumer Program working in cooperation with the Office of the Massachusetts Attorney General.

]]>