Let’s say your Social Security number and other personal data were exposed in a data breach. What do you do? Act quickly is good first step—to do what you can to help protect yourself from identity theft.
Place a fraud alert on your credit reports with the three major credit reporting agencies (CRAs) to thwart would-be identity thieves who may have your personal information. Such fraud alerts won’t address all of your identity theft risks, but they may prevent fraudsters from opening more credit accounts in your name.
Step 1: Contact the credit bureaus
One thing identity thieves are known for is using stolen Social Security numbers and other personal information to open credit accounts and bank loans in other people’s names. Typically, before giving you a new account, a lender will check with at least one of the CRAs to determine if you’re a good credit risk based on your credit history.
Each credit reporting agency collects information about how you use credit, including whether a business has turned your debt over to a collections agency and if you’ve filed for bankruptcy. These agencies are essentially the gatekeepers for your credit activity, so it’s important to notify them if you suspect your identity has been stolen. Whichever one you reach out to must alert the other two, but it doesn’t hurt to contact all three companies immediately to ensure the most immediate protection.
Major U.S. Credit Reporting Agencies
Equifax Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
|Experian Fraud Center
P.O. Box 9554
Allen, TX 75013
|TransUnion Fraud Alert
TransUnion Fraud Victim Assistance Dept.
P.O. Box 2000
Chester, PA 19016
When you reach out to the credit bureaus, you’ll want to place a fraud alert on your credit report to let creditors and lenders know your personal information may have been compromised. There are three different types of fraud alerts, depending on your situation and the type of information that has been lost or stolen.
Step 2: Place one of three fraud alerts on your credit report
These are the three types of fraud alerts that you can implement on your credit reports:
- Initial (90-day) fraud alert
- Active duty alert
- Extended fraud alert
Initial fraud alert
If you suspect your wallet, financial information or credit card number has been lost or stolen, you can ask for an initial fraud alert to be placed on your credit file.
An initial fraud alert lasts 90 days. During that time, it should be more difficult for an identity thief to open accounts in your name because the alert requires a business to verify your identity before a new line of credit is approved.
You can apply for an initial fraud alert by phone, mail, or online, using the contact information above.
Calling? The fraud alert hotline for each CRA is automated, so you won’t speak to a person. You’ll be asked to provide your Social Security number, the numbers in your mailing address, and your birth date.
The CRA websites noted above will take you to where you can submit your request online or mail a written fraud alert letter.
Remember, initial fraud alerts last only 90 days, but they can be renewed. You’ll have to remind yourself to do so. Otherwise, they’ll expire. Also, requesting such an alert also entitles you to order one free credit report from each credit reporting agency.
Active duty alert
If you’re a service member and about to be deployed, you can place an active duty alert on your credit report that lasts for one year and can be renewed for the length of your deployment.
This can be very helpful in protecting your identity while deployed, because a business will have to take extra steps before giving credit in your name.
To be granted this protection, you’ll need to provide proof of your identity with a government-issued ID card, driver’s license, birth certificate, or passport.
The credit reporting agencies also will take your name off of their marketing list for prescreened credit cards for two years, which can provide an additional layer of protection.
Extended fraud alert
Is that it? Not so fast. If your Social Security number has been exposed, you’ll likely need longer protection. This is because your Social Security number might not be used right away. Thieves may wait, using it to commit identity theft months or even years later. In that case, the initial 90-day alert likely wouldn’t help or offer enough protection. And you can't replace your Social Security number as easily as you can obtain a new credit card number.
A safer option in this case is to place an extended fraud alert, which is free to place and remove—and lasts for seven years.
An extended fraud alert lets you access your credit report only when companies take steps to verify your identity. It’s available only by mail and only for identity theft victims who show their identity has in fact been stolen.
What this means is you must provide an identity theft report in the form of a police report and your personal statement about the ID theft. Or you can create an identity theft report with the Federal Trade Commission by filling out an online form or calling 1-877-438-4338.
An extended fraud alert requires more information, so each bureau has paperwork for you to fill out:
- Experian provides a letter—for initial alerts, extended alerts, and fraud alert removals—that you can mail to the address above along with a copy of a government-issued ID card and one copy of a utility bill, bank statement, etc.
- TransUnion provides an extended alert form that you must print and mail to the address above.
- Equifax also provides an extended alert form that you must fax or mail along with appropriate documents.
Step 3: Remove the fraud alert from your credit report
Once you place any of these three fraud alerts on your credit file, you can simply allow them to expire or remove them. If you choose to remove a fraud alert before its expiration, you’ll need to submit a request to the appropriate credit reporting agency.
The Experian letter referenced above can also be used to remove a fraud alert. You can remove a fraud alert with Equifax’s fraud center by written request with certain forms of documentation sent to the address in the table above. However, if you’ve activated the credit bureau’s automatic fraud alert as part of an Equifax product subscription and wish to deactivate earlier, you’ll have to contact Equifax in writing.
For TransUnion, you can remove a fraud alert at any time online.
The real key when dealing with the exposure of your personal information or theft of your identity is to act quickly. If you can react before the identity thieves do, it’ll help you stay a step ahead of “the bad guys.”