What is a Data Breach?

Each year, millions of Americans are exposed to security breaches in personal data. According to the Identity Theft Resource Center® (ITRC),  2009 saw more than 498 data breaches, with more than 233 million personal records compromised.

So how do data breaches occur? Typically, they happen when records with sensitive personal information are compromised, through things like the loss of a laptop, someone hacking into the database of a retailer or payment processor, or an employer selling sensitive information to a third party.

According to the ITRC’s report on data breaches in 2009:

• Paper breaches account for nearly 26% of known breaches
• The business sector climbed from 21% to 41% between 2006 to 2009, the worst sector performance by far
• Malicious attacks have surpassed human error for the first time in three years
• Out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data

If your records have been part of a data breach, the company or organization is required by law to notify you that your personal information may have been compromised.

According to a recent article in Smart Money magazine, the good news about data breaches is that “the statistical impact of a data breach on your chances of becoming an identity theft victim is close to zero.”

Just in case, Smart Money offers these tips if you’ve recently received a breach notification letter.

1. Find out more information: Call the information hotline to find out exactly what information has been compromised, how long ago, and what steps the company has taken so far.

2. If your credit-card number has been exposed: If the compromised information includes just a credit-card number and expiration date, close the account and have a new one issued, says Paul Stephens, the director of policy and advocacy at the Privacy Rights Clearinghouse, a nonprofit organization in San Diego.

3. If your Social Security number has been exposed: You may place a fraud alert on your credit reports with each of the three credit bureaus (Experian, Equifax and TransUnion). Every three months, pull one free credit report from www.annualcreditreport.com from each of the credit bureaus to make sure no fraudulent accounts are open in your name. Typically, the company that notified you of the breach will offer a year or two of free credit monitoring: Take advantage of it, but don’t feel like you have to renew it.

4. If your SSN has already been used: You’re officially a victim of identity theft (though proving that it was a direct result of the security breach will be difficult). You may place a security freeze on your credit reports, which will prevent any creditor from being able to view your credit file unless you call each credit bureau requesting an “unfreeze” in advance.