Data Breaches Soar to New Record in 2021, Here’s How to Protect Yourself
Last updated March 10, 2022
Click below to listen to our Consumerpedia podcast episode on protecting yourself from identity theft.
Cyber criminals compromised 1,862 databases in the U.S. last year, according to the annual data breach report from the non-profit Identity Theft Resource Center (ITRC). That’s a 68 percent jump from 2020, and a 23 percent increase from the previous record of 1,506, set in 2017.
Other key findings:
- Most breaches (83 percent) might have accessed sensitive personal information, such as Social Security numbers.
- The number of victims in these data breaches was down five percent compared to 2020, as identity criminals focused on specific types of data, rather than mass data collection.
- The number of people who had their data compromised multiple times during the year remains “alarmingly high.”
“Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them,” said Eva Velasquez, president and CEO of ITRC.
And there’s no reason to believe the volume of data compromises will decline in 2022, Velasquez told Checkbook. So, it’s essential for everyone to protect themselves from crimes related to identity theft. Unfortunately, most people leave themselves vulnerable, IRTC’s research shows.
How a Credit Freeze Works as a Crime-Fighting Tool
A credit freeze is one of the best ways to fight identity fraud because no one can access that frozen file—even you—without the PIN code you created when you froze the account.
This prevents identity thieves from using your information to do anything that requires a credit check. They won’t be able to apply for credit cards or loans, sign up for cable or other TV services, get phone or other utility services, or rent an apartment in your name.
An ITRC survey of 1,050 adults conducted late last year shows most people know about credit freezes, but rarely use them.
While more than three-fourths of those responding said they were familiar with the credit freeze process, fewer than one-third had ever frozen their files. Most of those who did not take advantage of freezes said they didn’t think they needed to do so.
Misinformation about the process caused a significant number of people to avoid freezing their files, the survey found. Here are the key areas of confusion:
- A freeze will hurt my credit score. It will not. A credit freeze does not impact your credit score in any way. And it will not affect your relationship with your current creditors.
- There’s a charge to do this. Not anymore. At one time, it did cost up to $10 to freeze or unfreeze (“thaw”) an account. Now, this fraud-fighting tool is free. If you need to apply for credit, you can temporarily thaw your accounts—to allow creditors to access your files—and they will automatically refreeze at the end of the specified time.
Other Concerning Findings
Only three percent of survey respondents said they froze their credit after receiving a data breach notice. While it’s a good idea to take advantage of the free credit monitoring offered by a company following a breach, that does not take the place of a freeze.
Credit monitoring looks for problems after they happen, such as someone using your credit card number. It cannot stop them from using any of your stolen information. While a freeze can’t prevent all identity theft crimes, it can stop new account fraud.
Most parents have not frozen their children’s accounts. About a third said they didn’t know they needed to do that. Fraud experts say it’s critically important.
It’s estimated that more than 1.25 million American children, mostly ages nine and younger, became ID theft victims last year, according to the “2021 Child Identity Fraud Study” by Javelin Strategy & Research.
“Child identity fraud costs U.S. families nearly $1 billion annually,” the study concluded. “It affects one out of every 50 children and takes parents and guardians a tremendous amount of time to resolve.”
Other Things You Can Do
With billions of records stolen in the past few years, you should assume your personal information has been compromised—possibly more than once, so act accordingly. Here are a few ways to do that:
Update Old Passwords
Most people use the same password on all their accounts. Bad idea. Doing this increases your vulnerability. If a criminal gets ahold of that password, they can use it to hack into your other accounts.
“It's like having the same key to start your car, unlock your house, open your safe deposit box, and lock your desk at work, said cyber security expert Adam Levin, author of the book Swiped. “It doesn't make a lot of sense.”
At the very least create unique passwords for your most sensitive accounts, such as bank, credit cards, investment, government benefits, and social media. They need to be long (at least 10 to 12 characters—longer is better) and strong (random numbers, uppercase and lowercase letters, and special symbols). Avoid common phrases, such as LetMeIn, ILoveYou, or LukeIAmYourFather. Don’t use song lyrics, or names of pets or sports teams. Here’s a list of the most commonly used passwords. Don’t use any of those.
Use a Password Manager
Password management tools make it easy to create and use strong and unique passwords. Everything is stored in an encrypted digital vault that can only be accessed with the master password you created. Free versions are widely available. You’ll need to buy a subscription to use the password manager across multiple platforms. PC Magazine and CNET regularly rate password managers.
You probably have password managers on your devices. Apple's embedded password manager is called “FileVault.” Most internet browsers also have them, with options to sync those passwords across multiple devices. While browser “save passwords” features are convenient, they're not as robust as what you'd get from a dedicated password management program.
Turn on Multi-Factor Authentication:
Because even the best passwords can be compromised, opt for multi-factor authentication (MFA), when available. MFA requires a password and at least one other identifying factor—that only you should have—to log in, such as a fingerprint, token, or code from a text, email, or authentication app. It's not foolproof, but MFA can stop most hackers from using stolen passwords. Cyber Fraud experts told Checkbook MFA provides much stronger protection than even the best passwords alone.
Regularly Check Your Financial Accounts
Review activity on your monthly statements or—better yet—monitor transactions online or by phone at least every few weeks. Look for anything suspicious. Even a small charge that you didn’t make could be a criminal testing your credit card or debit card account with a stolen number. The sooner you spot identity fraud, the easier it is to undo the damage, and prevent future problems.
Set up Alerts on Your Bank and Credit Card Accounts
These alerts will notify you of transactions in real time, making it easier to spot fraudulent activity. I get alerts anytime there’s an ATM transaction, my credit card is used for a phone or online transaction, or money is withdrawn from my checking account. I’ll also be notified if there’s a foreign transaction or a wire transfer—something I don’t do, so it’s a sure sign of fraud. Go to the security section on your account to set up those alerts.
Check Your Credit Reports
Get your report from each of the big three credit bureaus at least once a year, and look for anything suspicious, such as accounts you didn’t open or a history of late payments you didn’t make. These are warning signs that an identity thief is pretending to be you.
Federal law entitles you to one free credit report every 12 months, but because of the pandemic, Equifax, Experian, and TransUnion are providing a free online copy once a week until the end of the year. Use this link, AnnualCreditReport.com, to request your report. (Note: There are other sites that offer free credit reports, but this is the only one you should use.)
Watch Your Credit Scores
Credit scores are generated from the information in your credit files. While keeping track of your credit score is important financially, it can also be used to watch for possible identity theft. For instance, if you have good credit, and your score suddenly drops for no obvious reason—you didn't max out your credit cards or make late payments—that could signal that an identity thief has opened credit card accounts in your name and is not paying the bills.
Help Is Available
The Identity Theft Resource Center provides free support and guidance to victims of identity theft, or those who want to learn about protecting themselves. You can speak to a live advisor by calling 888-400-5530, or visit the ITRC website to live-chat.
- From Checkbook: Identity and Cyber Theft: How to Protect Yourself
- From ITRC: Cyber-Hygiene Tips to Keep Consumers Safe
Contributing editor Herb Weisbaum (“The ConsumerMan”) is an Emmy award-winning broadcaster and one of America's top consumer experts. He is also the consumer reporter for NW Newsradio in Seattle. You can also find him on Facebook, Twitter, and at ConsumerMan.com.