If you’re thinking about paying for identity theft protection in the aftermath of the Oregon DMV data breach, it’s worth checking to see if you already have access to free or deeply discounted monitoring services or recovery help.
Your chances of being affected by a data breach are about 1 in 15 in any single year — and it’s virtually guaranteed that your identity will be compromised sometime in your lifetime, says James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit that assists identity theft victims.
While there’s no way to eliminate the risk completely, you can minimize it.
Where to find free protection
You can purchase ID theft protection services, which can cost $200 or more per year. But you may also have access to free or low-cost services you can activate. Sources could include:
- Your bank or credit union.
- Your credit card issuers.
- Your employee benefits plan.
- Your homeowners or renters insurance.
- Organizations you belong to, such as AAA Oregon or AARP.
Also, if you’re affected by a data breach, you’ll likely be offered free credit or identity theft monitoring for a time. For example, consumers affected by the Equifax data breach in 2017 were offered several years of credit monitoring. Even those who didn’t file a claim under the Equifax settlement are eligible for free identity restoration services for the next seven years.
Lee suggests checking your choices, picking the protection you like best and activating it.
On the other end of the spectrum, cybersecurity and ID theft expert Robert Siciliano, head of training at Protect Now, signs up for all the free protection he can get.
“I am of the notion that the more awareness you have, the better,” he says. “I get alerts all the time, and I love that.”
But know yourself: If you would ignore frequent alerts, or if you have misgivings about giving your private data to multiple companies, choose one.
Different levels of coverage
There are two main types of identity theft protection. The first is monitoring. At its simplest, it notifies you when your credit is checked, which is a clue that someone may be trying to open credit in your name. It generally goes beyond just credit monitoring and adds things like fraud resolution services or lost wallet protection, which allows you to get credit, insurance and other cards replaced with one phone call. Some services layer on other kinds of monitoring, such as flagging use of your Social Security number, bank account credentials or health insurance.
The second type, identity theft recovery assistance and insurance, is designed to help you clean up the effects of identity theft.
Insurance generally helps victims recover financial losses and money spent as a result of identity theft. Plans can be as different as health insurance policies, Siciliano warns. The types and amounts of coverage vary, and so can the documentation required to access them. Read the terms and conditions or terms of service, and know what receipts or records you might need to provide.
How to reduce your risk
The best way to reduce risk is to make yourself less of a target.
A credit freeze is the closest you can come to a rock-solid guarantee that scammers cannot access your personal credit data. Both Lee and Siciliano recommend it as the first line of defense.
“Not having a credit freeze is like not drinking fluids and sleeping and eating food,” Siciliano says. “It should be fundamental to living, especially in our credit-driven, data breach culture.”
The best approach is to freeze your credit with the three main credit bureaus: Equifax, Experian and TransUnion. Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111; Experian: experian.com/help or 1-888-397-3742; TransUnion: transunion.com/credit-help or 1-888-909-8872.
Other strategies include:
- Choose long passwords. Lee suggests creating something you’ll remember, working from a family story or a line from a poem. Lee said you no longer need to change passwords every 90 days. And there’s no need to make it complex, he says, but you do need to make it memorable.
- Don’t recycle. More than 65% of 3,000 consumers in a Google-Harris Poll survey said they reuse passwords across multiple accounts. Don’t let one password — or the same phrase embedded within passwords with an added character or two — be the master key to your personal information. You can use a password manager service like LastPass, Bitwarden or 1Password to keep track.
- Favor safety over convenience. Use two-factor authentication when it’s offered. Consider an authenticator app such as Authy, Google Authenticator or Duo Security; they’re even more secure than being texted a code.
With a credit freeze, credit monitoring and identity theft protection services, Siciliano says you have “protection times three. If you don’t have any of that, you are what bad guys consider the low-hanging fruit.”
Bev O’Shea is a writer at NerdWallet. Email: boshea@nerdwallet.com. Twitter: @BeverlyOShea.