It’s never fun to receive a breach letter in the mail. Out of nowhere, you’re informed that through no fault or ill-advised action of your own, your personally identifying information (PII) has been compromised and may have been exposed for all the world to see.  This can cause panic on the part of the consumer. As we at the ITRC often see firsthand, in addition to being scary, it can confound and confuse.  What information was exposed? What does this mean? Am I a victim of identity theft? What should I do now?

Identity TheftThe first thing you need to know is that a breach letter is never in and of itself, a declaration that you are now a victim of identity theft. If you’ve received a letter of this type, it’s because according to the law of the state, an entity that’s had an exposure where consumer information was improperly exposed is required to notify you.  Read the letter carefully, as they must disclose exactly what type of information was exposed and when.  They’re also required to inform you in a timely manner. The only permissible reason for a delay in notification is if it would compromise an ongoing criminal investigation into the perpetrator of the exposure (if there was specific criminal intent in the case of this particular breach).

So, really all the letter is informing you of is that some portion of your PII was improperly exposed. The letter will detail exactly how and where the information was compromised.  What it means in simple English is that your information was exposed and as a result you may be at greater risk for identity theft or fraud than the average consumer.  Sometimes credit monitoring or other aid services are offered as part of the company’s attempt to make amends for the breach (or to offset the tarnishing of their public image).  If such services are offered free of charge it is always advisable to take advantage of them. The letter will usually have numbers to call for the service in addition to the numbers for the credit reporting agencies or information services to help walk you through the process.  Be sure to use them all.

Check your credit reports and issue fraud alerts through the credit reporting agencies. Remember, the more information you have about exactly what happened and when, the better position you’ll be in to mitigate any added risk or resulting damage to your identity. If you have additional questions or want to be talked through exactly what you should be doing, it never hurts to call the ITRC toll free at (888) 400-5530.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.