Take these steps to protect your online data

In September 2017, a data breach at Equifax exposed the personal information of thousands of customers.
In September 2017, a data breach at Equifax exposed the personal information of thousands of customers.
(Smith Collection / Gado/Getty Images)

Equifax, Facebook, Capital One, Yahoo — every week seems to bring news of another data breach. Millions of consumers’ sensitive information, such as login credentials, bank account info and Social Security numbers, is floating around the internet just waiting to be exploited.

And 2019 is on track to be one of the worst years for data breaches yet. Nearly 4,000 data breaches were reported in the first half of this year, with over 4 billion records exposed, according to Risk Based Security, a research and security firm. That’s a 54% increase in breaches and a 52% increase in records exposed compared with midyear 2018.

It’s safe to assume that some of your information is out there. Now it’s a matter of doing what you can to protect yourself and deter malevolent actors from making you a victim of identity theft.


Personal information includes your Social Security number, birthdate and mother’s maiden name. Among these, your Social Security number is the most sensitive, because you can’t change it and it’s often used to verify your identity.

“If you look at the companies that have been compromised, the chances are really good that your personal information is out there,” said Gary Davis, the chief consumer security “evangelist” at the cybersecurity company McAfee.

Take three important steps to limit the exposure of your personal information and protect yourself if some data are already out there, Davis said.

Limit exposure: Avoid giving out your Social Security number whenever possible. Many services ask for it to verify your identity but may offer other ways to confirm who you are.

Freeze your credit: Safeguarding your credit files is fairly easy — and free. The best approach is to freeze your credit with all three main credit bureaus: Equifax, Experian and TransUnion.

Regularly check your credit reports: You’re entitled to a free copy of your credit report from the three major credit bureaus every 12 months. Review your reports and look for any lines of credit you don’t recognize because that can be a red flag for fraud.

For an added sense of security, you might want to consider credit monitoring and identity theft protection services, which can alert you to attempts to use your personal information. But they charge a fee and can’t prevent ID theft, just alert you after the fact.

Digital information refers to things like your email, bank account or social media login credentials. In addition, the information you share on social media can leave you vulnerable to identity theft.

If your Facebook account is accessed by hackers, for example, they could tap your network and create scams targeting your friends and family. Criminals with your bank login credentials could siphon money from your account or run up charges on a credit card.

Some fairly simple measures can help protect your digital information.

Protect your accounts: Make sure you’re using secure, unique passwords for each of your accounts. “Secure” means something that’s hard to guess; use capital and lowercase letters, and mix in numbers and special characters. “Unique” means not repeating a password, so someone who accesses one of your accounts can’t get into all of your accounts.

Use technology to help you: Password manager apps and two-factor authentication services can make it more difficult for hackers to get into your accounts.

Safeguard your smartphone: These devices can be one of our biggest vulnerabilities to identity theft. Use a passcode on your phone and consider adding a security code to your phone account. “Keep your software current and don’t delay updating it,” says Lisa Schifferle, ID theft program manager at the Federal Trade Commission. “Scammers know there’s a delay when people update, and they use that time to break into phones.”

If a company is a repeat offender, consider dropping the platform.

“Don’t reward companies for bad behavior,” Davis said. “If you hear about companies that aren’t treating our data and your privacy as strongly as they should, don’t use them anymore.”

Sean Pyles is a writer at personal finance website NerdWallet.