You can't run and you can't hide. Data breaches are the new normal and the problem is likely to get worse as hackers get even better at breaking and entering.
"Every company, no matter how good their security team and no matter how strong their security technology, has something valuable these thieves want — and they will get it," said Theresa Payton, CEO of Fortalice, a digital security company. "It's not a matter of will they get in; it's what happens to your data once they get in."
It's estimated that nearly a billion records have been compromised in the last 10 years.
"That means everyone in this country should assume that their personal information has already been compromised," said Robert Sicilano, identify theft expert at BestIDTheftCompanys.com.
Approximately 16.6 million people became the victims of identity theft in 2012, according to a report from the Justice Department. The most common types of misused information: credit card (40 percent) and bank accounts (37 percent) information. The Justice Department estimates the cost of this crime was $24.7 billion in direct and indirect losses.
Most people find out they've been victimized when they are contacted by their financial institution. Fraud experts say we can't rely on someone else to catch the problem — we must take steps to protect ourselves.
"The longer ID theft goes on, the more damage is done and the longer it takes the victim to recover from it," said Eva Velasquez, president and CEO of the non-profit Identity Theft Resource Center.
That's why it's so important to be constantly on the lookout for any warning signs that your personal information has been stolen and is being used.
"Surveys show nine out of 10 people don't check their financial statements," Siciliano said. "That's irresponsible. You shouldn't be waiting for a retailer to tell you there's been a breach. You should be checking your financial statements more than you check your Facebook page, but people's priorities are skewed."
Here are seven of the key warning signs that you're the victim of identity theft:
- Bills for goods or services you didn't purchase appear on your credit/debit card statements: Don't ignore small charges. Crooks who buy stolen account numbers sometimes do a test with a small purchase. If it's unauthorized, check it out.
- Statements show up for an unknown credit card account: Armed with the right information, a thief can apply for credit cards in your name. They hope to go on a shopping spree — in your name, of course, before they get caught and the account is closed.
- A new credit card or store charge card that you didn't apply for shows up in the mail: An ID thief pretending to be you may have applied for that card. Don't assume it's a mistake. Contact the company right away.
- Collection notices or calls for a debt you don't owe: It could be an honest mistake. It could be that an ID thief is using your personal information to buy things and not pay the bill. You'd better find out.
- Errors (misinformation) on credit report: You have the right to a free report every 12 months from the big three credit bureaus (Experian, Equifax and TransUnion). Get a report from one of the bureaus every four months and look for anything suspicious, such as an account you didn't open or credit inquiries when you didn't apply for credit. Use this site: annualcreditreport.com.
- You have good credit, but an application for credit is denied: Don't get upset, find out what's going on. An identity thief could have mucked-up your credit file and ruined your credit score.
- Missing mail or email: There could be a problem if the monthly statement from your bank or credit card company suddenly stops. A thief may have filed a change of address form to get that statement and keep you from spotting his dirty work for as long as possible.
"If you take five minutes to follow-up on something that's out-of-the-ordinary, weird or just doesn't make sense, you could save yourself a lot of headaches later on," Velasquez said. The Identity Theft Resource Center has a full list of ID Theft Red Flags.
Go on the offensive
Take steps now to reduce your risk of harm when your personal information gets stolen in a data breach.
That means using secure passwords and having different ones for different accounts. If the password for your online gaming service is the same as your bank account, that's a real problem.
In her new book, Privacy in the Age of Big Data, Theresa Payton has another recommendation: Have a unique email address that you only use for your financial accounts. Why? Because an email address stolen from a department store or social media site can be the key to more fraud.
"If you use the same email address for everything and they steal that in a breach, the first thing they do is go to your financial accounts, ask for a password reset, and bingo — they are now able to access your financial life," Payton said. "People need to take matters into their own hands, and a separate email for financial services is a good place to start."