Tips for Consumers: What to do Post-Breach

Data breaches pose a potential risk to consumers in the form of identity theft, account takeover and fraud when personal and sensitive information is compromised. The following are tips for consumers to consider in reducing the risk or impact of data breaches.

Place a Security Freeze on Credit Reports

A security freeze protects against identity theft and the opening of fraudulent accounts with a consumer’s personal information. It will block an institution or lender from accessing a report, unless a pre-set PIN is provided to “thaw” the report; a credit report may be thawed at a particular bureau for a period of time or for a specific lender. Consumers must contact each of the bureaus listed below to place a security freeze.

• Go to the Equifax security freeze site and follow the instructions; record the PIN you are given.
• Go to the Experian security freeze site and follow the instructions; record your PIN carefully.
• Go to the Innovis security freeze site and follow the instructions; record your PIN carefully.
• Go to the TransUnion security freeze site and follow the instructions; record your PIN carefully.

Some states charge fees to place a freeze on, thaw or unfreeze a credit report; see the sites above for specific state details.

Place a Fraud Alert on Credit Reports

A fraud alert on credit reports requires potential creditors to contact the consumer and obtain permission to open new accounts or lines of credit. Consumers are allowed by law to report they are an identity theft victim and file a fraud alert (aka a “security alert”) every 90 days; with proper documentation such as a police report, the fraud alert period may be extended to seven years. If consumers contact one of the first three listed below, that bureau is required to contact the other two; consumers must contact the fourth bureau directly to place an alert.

• Place a fraud alert with Equifax: call 800.525.6285 or go to the fraud alert site
• Place a fraud alert with Experian: call 888.397.3742 or go to the fraud alert site
• Place a fraud alert with TransUnion: call 800.680.7289 or go to the fraud alert site
• Place a fraud alert with Innovis: call 800.540.2505 or go to fraud alert site.

Unless there is an extended fraud alert in place, make a reminder to renew the fraud alerts after 90 days.

Check Credit Report Annually

Consumers are entitled by law to a free credit report from each of the credit reporting bureaus once a year. Go to https://www.annualcreditreport.com or call 877.322.8228 and follow instructions to access the free credit reports.

The free credit report will show all lines of credit and other obligations, along with other public data. It will not show the FICO score; It usually costs a fee to retrieve a FICO score, however many card issuer’s websites offer your FICO score as an additional benefit to you at no additional cost.

It is recommended consumers check their report three times a year by pulling the report for one bureau every four months. Items to watch for are “new” or “re-opened” accounts and other suspicious activity.

Note: Consumers need to beware of other sites that try to sell a credit report or offer a “free” report if you agree to sign up for a subscription service – usually credit monitoring. Also, watch out for look-alike sites that are not real, like “freecreditreport”.

Easy Website Reference
Equifax Freeze: https://www.equifax.com/personal/credit-report-services/credit-freeze/ Experian Freeze: https://www.experian.com/freeze/center.html Innovis Freeze: https://www.innovis.com/personal/securityFreeze TransUnion Freeze: https://www.transunion.com/credit-freeze/place-credit-freeze	Equifax Fraud Alerts: https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/ Experian Fraud Alerts: https://www.experian.com/fraud/center.html Innovis Fraud Alerts: https://www.innovis.com/fraudActiveDutyAlerts/index TransUnion Fraud Alerts: https://www.transunion.com/fraud-victim-resource/place-fraud-alert

Leverage Citizens Bank Safeguards

Sign up for these additional account protections:

• Set up Notify-Me alerts through online banking to receive external email or SMS text notifications based on specificevents that allow users to monitor the state of their accounts and transactions as well as ensure you are alerted to anyunusual activity;
• Account notes for active duty military on assignment overseas, that they are not stateside;
• Let us know to place a note on your account to place travel protections if going on vacation, especially out of thecountry;
• Destroy sensitive documents via a cross-cut shredder;
• Sign up for secure online banking to monitor your account and activity;

Protect Against Fraud Scams

• Practice email safety: don’t click on links in emails or open attachments unless the email was expected and verified;confirm a message is legitimate by contacting the sender directly via pre-determined contact information;
• Be suspicious of email or phone requests to update or verify personal information;
• Be wary of offers that are too good to be true, require fast action or instill a sense of fear;
• Be on guard against fraudulent checks, cashier’s checks, money orders or electronic fund transfers with a request toreturn part of the funds via wire transfer;
• Use security and privacy settings on social network sites and beware of random contacts from strangers;
• Research “apps” before downloading, only download from an “app” store (iTunes, Play Store, Windows Store), anddon’t assume an “app” is okay because the icon resembles that of a bank;
• Beware of disaster-related scams where scammers claim to be from legitimate charitable organizations.

Protect Personal and Financial Information

• Safeguard credit cards, social security numbers and other personal information:
  • Only provide sensitive information over secure websites or secure emails;
  • Do not provide personal information or log onto critically sensitive accounts (email, online banking, etc.) viapublic computers, like a hotel or library kiosk, or while using public Wi-Fi.
  • Monitor credit and account statements often and notify your bank of any unfamiliar transactions.
• Use password protections:
  • Create strong passwords with at least 10 characters and using a mix of alpha-numeric characters (A, b, 1, 99)and symbols (@, $, %, *);
  • Use a password checker to verify the strength of the selected password; do NOT put a valid password intoan online password checker; instead, use a variation that is similar but not the same;
  • Do not use the same password for two critical websites or online accounts;
  • Wherever possible, utilize two-factor authentication to provide an additional layer of account logon protections;two-factor authentication requires two pieces of information to login to an account, usually the password anda code from an SMS text message or approving the login via phone call;
  • Do not share passwords with others and do not use the “Remember My Password” feature in web browsers;
  • Change passwords often; and
  • Use a secure password vault to enable longer passwords without having to write them down.
• Protect postal mail by locking the mailbox, if possible.
• Monitor postal mail closely and act quickly if bills don’t arrive when expected or if a “new” credit card or accountstatement arrives; ask the post office to hold mail if traveling for a long period of time.
• Shred bills, bank statements, pre-approved financial solicitations and other confidential information before discardingthem; check for local free “shred events” to securely dispose of documents.
• File your taxes early. Because this particular breach includes social security numbers, criminals can use the personalinformation stolen to file taxes under your name early in January with fake W-2 information and take your refund.

If you have been a victim of identity theft there are tools and resources available at http://www.ftc.gov.