So you've been a victim of identity theft? Now what?

By Keith B. Daniels, Jr., J.D.

Data breaches have become a regular part of the news. Yahoo advises that 3 billion email accounts have been breached. Anthem announces that more 75 million accounts including private health information have been breached. Equifax, one of the big 3 credit reporting agencies, advises that more than 143 million accounts have been breached. That is on top of Target, TJ Maxx, Home Depot and numerous others in the past few years. Those are the ones that have made the news. Data breach is not only a large company worry. Individuals can also be a victim of a data breach. If you, as an individual or company, find your data breached, here are some steps you should take:

1. If you learn that your financial institution or any company you do business with has been breached, contact the "breach" company as soon as possible. That means contact the company whose data was breached. Try to determine what is the damage and what are they going to do. Do they have any directions or instructions of what to do next? Find out what information was stolen. Was it your name, your account number, social security number, password or what? You may feel calmed to find out that your stolen information was encrypted. Don't be! The thieves probably have your information already, so move on.

2. Change all of your passwords and do so regularly. Don't make it easy. Don't use common names like your name, kids, pets, schools, or anything that your friends or strangers can deduce from your social media accounts, etc. Add symbols, asterisks and make it hard to guess. Don't keep a copy on a sticky note on or by your computer. Keep a list of your passwords in a safe place. Use different passwords for different accounts! I know this is not easy as we are overwhelmed by passwords in the modern world. But, our looking for an easy solution is just opening a door for hackers to go through.

3. Call the credit bureaus right away (TransUnion, Experian and, yes, Equifax). Advise them you have been a victim of identity theft and they will place a fraud alert on your file.

4. Call your banks (or credit unions) and credit cards companies: Doing so will lock your accounts and prevent further transactions. Notifying them immediately will normally release you from any liability for the charges. Do so immediately. Waiting even a few days, or even minutes can result in you incurring large amounts of damages.

5. You may be urged to contact the police and get a police report. However, you may want to wait until you are confident that it is not just a single discrete event. You want to get the full amount of your damages in the police report.

6. You should also file a report with the Federal Trade Commission (FTC). However, like with the police, you may want to wait until you have a complete picture of what has happened.

7. Document everything you do and everyone you talk to.

8. Get a copy of your credit report to see if something unusual is on your credit. If there is something unusual, include that in your police report and with your report to the FTC.

9. Consider subscribing to an ID Theft Recovery program sooner rather than later. There are several you might wish to consider. Just run a google search on ID Theft Recovery and you will find several to choose from.

Unfortunately, you cannot prevent identity theft. The breached companies may have sophisticated IT people and employ breach response services, but you may be in for some surprises with the terms and conditions language with many of the big companies. They have experience alerting you, but rarely will they do anything to actually help you protect or recover control of your identity. For example, what has Equifax or Home Depot or any of the dozens of others who have been breached done for you? Future credit monitoring for a year or two is nice but not going to do much once your information has escaped to somewhere in the clouds.

It would be nice if everyone would get proper identity theft coverage. Hopefully, with some research, you can find a plan for the right price that gives you exactly the recovery protection you need at a price you can afford. In any case, even if you were to buy identity theft coverage, the best protection is being aware of what is going on in your accounts and being alert to irregularities that may occur.

In my own opinion, given the many breaches that have occurred, believing we can create walls around our private data to keep it protected is not going to work. The gates have been opened too many times and too much has escaped already. However, it is possible to mitigate the damage and the best guard is ourselves with some help from law enforcement, the FTC and if you buy it, from an identity theft program.

I would like to thank Eran Sinai, CEO of ID Theft Recovery from whom I have borrowed some of his teachings for this article.