The Identity Theft Resource Center (ITRC) helps families and organizations minimize risk and mitigate the impact of identity compromise. One way we do this is by keeping an eye on recent events and trends related to data security and privacy.
According to trends in our recently released H1 2022 Data Breach Report, data compromises (when a person’s personally identifiable information (PII) has been exposed in a data breach, a cybersecurity failure, or because of a scam) are down 4% in the first half of 2022 compared to the same period last year. The number of victims impacted is also down 45% for the same period.
Those numbers could be misleading, however, because 40% of the data breach notices issued in the year's first half did not include basic information like how an attack occurred or how many people were victims. These trends could quickly be reversed simply by a few large breaches or a handful of smaller compromises.
What Do Data Breach Trends Mean for Your Family?
Data compromises and identity crimes don’t just happen to adults. Children can be victims, too. If a child's PII gets into the hands of an identity criminal, the child could be affected for years to come. Many teenage victims report they cannot obtain financial aid, enroll in college, or pass an employment background check because a criminal has used their PII to create a work and income history, sometimes for as long as a decade or more. Many parents won’t know their children’s identities have been stolen until the child applies for a job or college later in life. By then, there could be a decade or more of damage.
What can parents do to help protect their kid's PII from being stolen in a data compromise? There are several avenues a parent may consider to reduce their child’s likelihood of falling victim to an identity crime. One of the first things is a credit freeze.
Credit Freezes
Credit freezes restrict access to a credit report and help prevent new lines of credit from being opened in your child’s name. Since most children won’t need credit access for years, it’s a smart way to discourage identity criminals.
The ITRC and DIG.Works conducted a survey that found a disconnect between awareness of credit freezes and how often consumers use them to protect their own or their family’s identities.
- More than three-fourths of consumers responding to the survey said they were familiar with the credit freeze process.
- Fewer than one-third of survey respondents had frozen their credit once for any reason; only 3% of consumers froze their credit after receiving a data breach notice.
- Confusion and incorrect information about the process, cost and impact on credit scores caused many consumers to avoid freezing their credit. Eleven percent (11%) of respondents have never placed a credit freeze because they incorrectly believe it would impact their credit score or require payment to freeze or unfreeze. However, most respondents did not freeze their credit because they didn’t think they needed to do so.
- One-third of respondents said they did not believe it was necessary to freeze their children’s credit to prevent identity misuse. A slightly larger number reported freezing their children’s credit.
It can be devastating to find out that you, or someone you love, had personal information fall into the hands of a criminal. Perhaps even more so when a data compromise occurs, and you’re not immediately notified.
What Families Can Do
If your information has been compromised in a data breach, there are initial steps you should take:
- Freeze your credit. Cybercriminals open new accounts in your name using stolen information. The best way to block the creation of an account that involves your credit report is to freeze your credit. You can use Frozenpii.com to help you.
- If you use the same or similar password on every account, change all the passwords to ensure every account has a different strong, unique password. If you have too many passwords to remember, use a password manager app or the password feature of a recognized web browser – Safari (Apple). Firefox (Mozilla), DuckDuckGo, Chrome (Google), or Edge (Microsoft).
- If you already have different passwords for each account, change the password for the compromised account. Create a strong, unique 12+ character passphrase that will not be used elsewhere.
- If you receive a data breach notice, follow the advice offered by the impacted company and take advantage of any free service offered by the organization sending the notice.
- Check your credit reports for any fraudulent accounts that may have been opened in your name.
- Monitor your current and past account statements for fraudulent activity.
- Use multi-factor authentication with an authenticator app (not SMS/text – they can be spoofed) to add an extra layer of security to your accounts.
- If allowed, or if it makes sense, consider changing or removing any personal information you have affiliated with the breached account (name, address, phone number, email, etc.)
Sontiq, a TransUnion company, is a proud supporter of the Identity Theft Resource Center nonprofit.