Why does this page look this way?

It appears that your Web browser can not find this page's style and presentation information. You are welcome to use the page as is or, for the best experience, upgrade your browser to its latest version by visiting your browser's Web site or NYTimes.com's download page.

The New York Times Technology
Next Article in Technology (2 of 9) >
The New York Times - Travel - Best of Europe
Skip to article
NYTimes.com Welcome, vsauter2 - Member Center - Log Out - Help
Technology Home Circuits Product Reviews How To's Deals
Basic Instincts

What to Do After Your Data Is Stolen

Published: July 16, 2005

IT'S been a month since someone swiped my debit card account data and went on a two-day, $1,772.26 shopping spree. While the bank reimbursed the money, and the nightmare seems to have passed - thus far no one has bought a small island in my name - I'm still slogging through an endless maze of questions and misinformation.

Another kind of headache started with some of the advice given to me as an identity theft victim - advice that sounds solid and sensible, but does nothing or may even make matters worse.

Someone should really test-drive this stuff, so allow me:

FRAUD ALERTS "Place a fraud alert on your credit reports and review your credit reports," is the first tip in the Federal Trade Commission's brochure "Take Charge: Fighting Back Against Identity Theft" (downloadable from www.ftc.gov).

This is one of the most-recommended identity theft remedies, but what exactly does a fraud alert do?

"Not enough," said Kerry Smith, a consumer lawyer for the National Association of State Public Interest Groups. Mainly it means that for 90 days any potential creditor has to take precautions to verify your identity before opening new accounts in your name. Not only is 90 days a short time, the standards for verifying a consumer's identity are not clearly defined.

An "extended fraud alert," on the other hand, remains on your credit report for seven years. The extended alert requires creditors to contact you if anyone wants to open an account in your name.

That's better - and it won't derail your credit - but it's tough to procure. Consumers need to provide "a copy of an official, valid report filed by the consumer with a federal, state or local law enforcement agency," according to the F.T.C.

So when reporting data theft, don't just call your bank; contact your local police precinct and file a copy with the F.T.C. (877-438-4338 ).

REVIEW YOUR REPORT Considering that data theft victims deserve a free weekend at a spa, you'd think someone could take the trouble to send you a copy of your credit report. But no. After a data theft incident, you're entitled to a free copy of your credit report from each of the three agencies (all consumers will be permitted free copies once a year as of September; www.annualcredit report.com). But as I learned, you still have to request each copy yourself.

Once you get those precious reports, bear in mind that possessing these copies will only shore up your security to the extent that you can spot suspicious information and report it. Given that one in four credit reports contain major errors - not fraud, just mistakes - it's worth the vigilance, Ms. Smith said.

FREEZE YOUR REPORT You may have heard that you can freeze your credit report, but what does that get you? While this step offers the most data protection, so-called security freeze laws are in effect in only 10 states, with a handful more pending this year (like New Jersey and New York). The beauty of freezing your reports is that only you have the ability to thaw them - and while your access to credit can be delayed for a few days, it's not impaired in any other way.

The trouble with this kind of cryogenics is that some states charge a fee each time you freeze or unfreeze your credit report. Depending on the state, consumers would have to pay those fees (up to $20 in some cases) to each credit bureau.

PAPER OR ELECTRONIC? Then there's the mistake I made in my haste to super-secure my data. I assumed that paper transactions must be safer than electronic ones, so I canceled my online bill-pay service. This not only made my husband grouchy, it may have been a waste of time.

"Online bill payments are probably more secure than sending paper bills with a stamp," said Linda Foley, co-executive director of the Identity Theft Resource Center (www.idtheftcenter.org).

As long as your computer is protected with a firewall and virus software, online banking and bill paying may reduce the risk of data theft by reducing the number of people who handle your transactions. "It's not computers that steal information, it's human beings," Ms. Foley said.

If your identity has been stolen, you also might be tempted to consider starting fresh with a new Social Security number. Fuggedaboutit, as we say in Brooklyn. It's not only difficult to obtain, but your new number would be forever linked to the old one, Ms. Foley said, creating even more confusion when employers or banks need to verify your personal data. Better to be aggressive about guarding your current number.

M. P. Dunleavey writes about personal finance for MSN Money.