Most Americans have had sensitive data exposed in recent years.
Some 500 million people may have been affected by the data breach Marriott MAR, +1.28% announced Friday, but regardless of whether you’re one of them, you should probably freeze your credit now, experts say.
“This is a perfect example of how a credit freeze can protect you and why everyone should do it today if they haven’t already,” CreditCards.com industry analyst Ted Rossman said. “It’s free, easy and effective.”
Freezing credit — or limiting outside access to your credit report — is free as of September of this year. Previously, freezing credit cost about $10 but through the Economic Growth, Regulatory Relief, and Consumer Protection Act, all three major credit bureaus — Equifax EFX, -0.13% Experian EXPN, +1.75% and TransUnion TRU, +1.16% now offer the service for free.
After the large-scale breaches at Experian, Yahoo AABA, +1.82% and others, most American adults have had their personal data leaked online, according to an analysis from chief of security strategy at the cybersecurity firm SentinelOne.
Victims typically get free ID theft protection after such breaches and Marriott is no exception: it will provide a free subscription to credit monitoring service WebWatcher for those affected. But freezing credit is a more advisable and comprehensive response, Rossman said. (Marriott did not immediately respond to request for comment).
“A credit freeze is much better than this sort of credit monitoring,” he said. “All credit monitoring does is tell you after the fact that something bad happened. A credit freeze is free and proactive. It’s going to prevent a criminal from opening an unauthorized account in your name.”
Some 8 in 10 adults in the U.S. are concerned about the ability of businesses to safeguard their information, according to a report from The Harris Poll for the American Institute of CPAs (AICPA) and cybercrime cost U.S. consumers $19.4 billion of their own money in 2017. Still, just 3 in 5 Americans report ever having looked at their credit score.
Many consumers become overwhelmed by the onslaught of hacks or worse, complacent, Travis Jarae, chief executive officer of data privacy advisory firm OWI said.
“Monitoring services such as WebWatcher may do more harm than good by offering consumers a false sense of security,” he said. “No monitoring service, no matter how robust, can offer consumers complete protection from the consequences of a data breach.”
In addition to putting a credit freeze on their accounts, customers should immediately change any compromised passwords, always avoid using the same passwords for different accounts, and proactively monitor their financial accounts for any unusual activity. In addition to credit and bank accounts, customers should monitor their frequent flyer and other rewards accounts, Ben Johnson, CTO of Obsidian Security said.
“While the recognition of the breach and an apology are important steps forward, Marriott must upgrade its ability to detect compromises like this much faster, and should move swiftly to protect the rewards accounts and personal information of its loyal members,” Johnson said.