A few months ago, news broke about the latest massive data breach, this time from a company called National Public Data, a company that collects vast amounts of personal data about individuals from public data sources, including addresses, employment history, criminal records, and Social Security numbers. NPD then sells access to that data to employers conducting background checks, landlords screening potential tenants, banks verifying loan information, and more.

Unfortunately, NPD’s data security was lax, with the company publishing its own passwords in a file that was freely available from its homepage. How many people are affected remains unclear, though it seems likely to be hundreds of millions, if not the three billion reported by some outlets. Precisely what is included in the breach varies by person, but it includes names, physical addresses, phone numbers, dates of birth, and Social Security numbers for many. Email addresses may be included as well.

Put bluntly, this is terrible. It’s bad enough when a firm to which you’ve entrusted your data suffers a breach, but no one affected by the NPD breach had a relationship with the company. NPD was just hoovering up everything it could find and reselling it. NPD is far from alone in this field—numerous other companies do the same thing, and some of them have also suffered data breaches.

What can you do? Honestly, not much. Your data appeared in the breach through no fault of your own, so apart from generally trying to keep the amount of your personal data available online to a minimum (watch social media in particular), nothing you do will make a big difference. That said, I recommend that you do three tasks which I describe below:

1. Place a freeze on your credit report
2. Make sure you have an account with the Social Security Administration to prevent the bad guys from accessing your account or your benefits.
3. Make sure you have an account with the IRS to prevent the bad guys from claiming your IRS account and then filing a fake tax return using your Social Security Number.

You might be tempted by services that promise to “scrub the Internet!” of your data at people-search sites, but a Consumer Reports study found that they were largely ineffective, working for only about a third of the profiles tested. (The study was admittedly fairly small.) The best of the services was effective less than 70% of the time, and manually opting out at each site was slightly more effective. Plus, the study only looked at sites that offer opt-out options—with companies like NPD, there’s no way to know if they have your data or will remove it if asked.

However, several sites will now tell you if your data was included in the NPD breach, including npdbreach.com and npd.pentester.com. Keep in mind that both come from companies that also offer data removal services, although neither were included in the Consumer Reports study.

Take Action

Freeze Your Credit Report

Breached companies will often offer free credit monitoring services to affected customers. That’s highly unlikely to happen with NPD because it has no business relationship with the people whose data it lost. But there’s a better approach anyway: placing a freeze on your credit reports. Doing so is free and prevents an identity thief from opening new financial accounts in your name by blocking access to your credit file from prospective creditors. Freezing your credit report has no impact on your credit score.

However, before you freeze your credit reports, check them to ensure they’re accurate. You can get free weekly credit reports from all three credit bureaus at AnnualCreditReport.com, authorized by the federal government, which also offers other useful information about protecting yourself from identity theft. If you discover any mistakes, work with the credit bureau to resolve them.

Once you’ve checked your credit reports, you can freeze them, which you need to do with each of the three credit bureaus:

• Experian: Freeze your Experian credit report online, call 1-888-397-3742, or submit a paper form.
• Equifax: Freeze your Equifax credit report online, call 1-888-378-4329, or submit a paper form.
• Transunion: Freeze your Transunion credit report online, call 1-800-916-8800, or submit a written request.

Security freezes remain in place indefinitely, and many people can leave them that way. However, you’ll need to remove the freeze temporarily if you plan to rent a new apartment or house, take out a loan, apply for a credit card, set up a new mobile phone plan or utility account, apply for a new job, or undergo a background check. All three services provide such a capability online, or you can contact them via phone or postal mail, as mentioned above. It can be hard to think about removing a freeze proactively, so if something that might involve checking your credit score fails unexpectedly, remember the freezes. You might even make an annual reminder in your calendar so you don’t go too long without remembering.

Set Up SSA and IRS Accounts

Set up accounts with both the SSA and IRS if you don’t already have them. Creating accounts is outside the scope of this article, but take your time to setup these accounts. In each case, it’s a complex process since you’ll need to setup either a Login.gov or an ID.me account, or maybe both. I created a Login.gov account a number of years ago to access a couple of government services. However the Social Security Administration web site doesn’t appear to support the Login.gov system so I had to create an ID.me account. The IRS web site supports logging in using an ID.me account so you could use this type of account to access both the IRS and SSA.

It’s a shame that data breaches have become a fact of life, but that’s unavoidable without significantly stronger privacy regulations that prevent large companies from unnecessarily storing personal data and punishing them when they don’t protect it effectively.

(Featured image by iStock.com/BackyardProduction)