Everywhere you turn these days, it seems as though there is another news story about another data breach. The stories help educate the public about how vulnerable their personal information is and how to protect themselves, but they also cause confusion.
Each week, the Identity Theft Resource Center publishes a Data Breach Report, sponsored by CyberScout, that lists the latest data breaches, the type of personal information involved, and the number of records exposed. This report has become a resource for reporters covering issues such as privacy and identity theft. This identity theft part is where we run into trouble.
We have found that it is not uncommon for reporters, and others, to use the terms “data breach victims” and “identity theft victims” interchangeably. This is incorrect and something we have been doing our best to correct. For example, as of Sept. 23, the ITRC reported more than 18.9 million records exposed in data breaches. That doesn’t mean there are 18.9 million victims of identity theft.
Studies show that data breach victims are more likely to become victims of identity theft. But if your information is exposed in a data breach, that doesn’t mean you will experience identity theft. Also, the industry in which your information is breached has not been shown to predict which type of identity theft, if any, data breach victims will experience.
Does this mean that if your information is exposed in a data breach that you don’t have worry about identity theft? Unfortunately, this is not the case. Again, studies have shown that your risk of identity theft increases when you become a victim of a data breach. You should not ignore a data breach notification should you receive one. However, you don’t need to panic either.
Another point that should be made is that not all data breaches are created equal. Some data breaches put you at more risk than others. That's whyit's important to understand what information was compromised in the breach. For example, if your credit card information was exposed, you would need to cancel that credit card, get a new one, and keep an eye out for fraudulent charges on your statement. However, if your Social Security number was exposed, you will need to take many more precautionary steps such as placing a fraud alert on your credit files.
If you are a victim of a data breach, there are resources available to you. For more information on how to handle a data breach notification, you can check out the ITRC Fact Sheet 129 I Received a Breach Notification Letter: What Do I Do Now?, which will walk you through the appropriate steps to protect yourself.
Eva Velasquez is president and CEO of the Identity Theft Resource Center.