If your personal data is breached, here's what to do

In the past three months, tens of thousands of Tarrant County residents have received letters saying their personal information may have been compromised.

In June, AMR Corp. reported the theft of a hard drive containing names, Social Security numbers and bank accounts for about 79,000 retirees and current and former employees. Also that month, four computers containing Social Security numbers, birth dates and addresses of 25,000 patients were stolen from a Fort Worth allergy clinic.

In July, a computer server was left unsecure four times at the University of Texas at Arlington's Student Health Center, exposing 27,000 prescription records of students and faculty and staff members.

And just this month, Texas Power, a retail electric provider, sent letters to thousands of customers saying that papers with their addresses, Social Security numbers, and banking and credit information intended for the shredder instead went to a recycling center.

By law, letters are now required to go to those who may have had their personal information made accessible to thieves. By practice, most who receive the letters don't do anything about it.

"Ninety-five to 97 percent of our customers have thrown the letter away," said David Chase, general manager of Texas Power. He said only a few dozen called to accept the company's offer to pay for credit monitoring.

That experience matches the national trend, said Jay Foley, co-founder of the Identity Theft Resource Center in San Diego.

"Between 4 and 7 percent of people who get these letters are going to get on the phone and raise Cain with the responsible party," he said. Of that group, fewer than 20 percent will take advantage of the offer most companies make for credit monitoring, he said.

In other words, only a tiny fraction of the 13.14 million people exposed in 341 data breaches so far this year will do so, according to data from the center.

Data breaches are up this year, Foley says, likely because the Health and Human Services Department in January started publicizing breaches in the healthcare industry. The Health Insurance Portability and Accountability Act requires that a breach involving the health information of more than 500 people must be reported to the federal government.

In Texas, a breach of information of any kind requires notification, said Paula Pierce, managing attorney of the Victims Initiative for Counseling, Advocacy and Restoration of the Southwest, the identity theft arm of the Austin-based Texas Legal Services Center.

Take action

Instead of just tossing such a letter, consumer protection advocates recommend a simple strategy involving a phone call and filling out a few forms online, action that could potentially save your identity now or down the road.

"In the case of a stolen computer or laptop, certainly anyone needs to treat themselves as a victim and be proactive," Pierce said.

While victims should accept a company's offer to pay for credit monitoring, they can also do their own monitoring for free, Pierce said.

Each of the three big credit bureaus must give consumers one credit report a year for free, "so order from one credit bureau every four months to continuing monitoring your credit," she said. "Or, if you don't want the hassle of monitoring yourself, pay someone else to do it."

Be sure to look for new accounts you don't recognize -- some may have a different address -- and contact the creditor immediately, Pierce said.

Fraud alerts can be obtained by calling any of the credit bureaus. The alert is placed at all three bureaus, lasts up to 90 days and can help stop new fraud, Foley says. He recommends renewing it every 90 days for up to three years.

"Don't trust the bad guys," he said. "They know how long fraud alerts last and will be there when they're off. Identity theft has started to have more refined attacks, and they will wait."

Fraud alerts aren't foolproof. You might not be available when a company calls to check a request for a new account, meaning it could go ahead without your approval, Pierce said. Also, some companies advertise that they open accounts without a credit check, she said.

Credit report freezes, which cost around $10 in Texas, are a stronger option.

"They seem to be very effective," Pierce said. "Nobody can get credit in your name with a freeze -- not even you."

Texans can allow access to their credit reports to obtain a credit card, mortgage, student loan or other account by paying another $10 to temporarily lift the freeze, Pierce said.

Overall, Texas has some of the best identity theft laws in the country, mostly written by Rep. Helen Giddings of DeSoto, herself a victim of identity theft, Pierce said. Giddings is the author of five bills focusing on identity theft prevention, punishment and help for victims.

So do yourself a favor and pay attention if you get a data breach letter. Your identity will be glad you did.

Teresa McUsic's column appears Fridays.