Hey Fortuna: I was just contacted by my bank/school/doctor’s office/grandma. They told me that they were hacked, and my name and SSN were compromised. What should I do? I should be worried, right?
So, you should take action, but don’t be too stressed. Literally everyone is getting hacked – it’s not an “if,” but a “when and how bad will it be” at this point.
First things first: place a fraud alert on your credit profile. This is free, and tells lenders to do a little extra investigation before granting a credit request. The credit bureau you notify may notify the others, but it doesn’t hurt anything to get the alert on all 3 ASAP – fraudsters move fast.
There are two other types of free alerts. If you have filed an identity theft report with the FTC or law enforcement, you can file a seven-year extended fraud alert. If you’re on active military duty, you can also file an active duty alert, which helps protect your identity as well. Both the extended fraud alert and the active duty alert remove you from credit card and insurance offers (for five and two years, respectively.)
Next, I recommend freezing your credit report. This is another free way to safeguard yourself against having new accounts opened using your identity. Mr. Fortuna and I have both done this preventatively for years. The only downside here is that if someone needs to check your credit in the future, you’ll have to remember to unfreeze your file at the relevant bureau(s). Ultimately, it’s a minor hassle with major payoff — it’s a lot faster to unfreeze your credit than it is to dispute a fraudulent account.
To save you some Googling, here are the relevant links for both steps:
You can also pay a small monthly fee for varying levels of identity theft protection or credit monitoring services, which may be offered by your bank or credit card provider, an ID theft protection service (the most affordable I’ve seen lately is Zander, but there are a lot of options) or even one of the credit bureaus I mention above.
How do I know if a credit card was already taken out?
Run your credit report here with at least one, ideally all 3, of the credit bureaus – you can still do that after you freeze it. Normally you can only get one from each bureau each year.
Because of the COVID-19 pandemic, at the time of this writing (June 2021) the bureaus continue offering free weekly credit reports to consumers.
I just used this site myself and it took less than fifteen minutes to get and review two of them. (The Equifax report gave me a hard time and said I needed to request a copy by mail.)
When you run your report, you should immediately see if there are any accounts you don’t recognize. (Also: make sure you save a copy as a PDF or print the report out!) If you see any items that you don’t recognize, you can file a dispute then and there on the credit report site to say “that’s not mine.”
This triggers a fraud report with the financial institution that holds the disputed account. You may also want to contact the financial institution directly — search for “report fraud <relevant bank name>” and you will probably find the right place to start.
The financial institution will then investigate your claim. They may contact you to request some additional information. Ultimately, they will close the account and remove it from your credit report, including any derogatory information associated with it.
Does it hurt my credit to run my credit report with all three? Or because it isn’t a “hard check” it’s okay?
It will not hurt your credit score to check your own credit — checking your own credit is considered a “soft” inquiry because it’s not related to you trying to get a new credit product. Soft inquiries happen pretty often, probably without you even noticing (like when you get prescreened credit card offers in the mail). A “hard” inquiry is the type that affects your credit, and happens when you actually apply for a loan or credit card. You can see both soft and hard inquiries when you check your credit report.