As a resource for my site visitors, I thought I’d mention an article by Josephine Cicchetti and Laura Wall on the relative merits of a credit freeze as opposed to credit monitoring if you are notified that your data has been caught up in a data breach. For a number of years now, both Brian Krebs and I have been recommending that people use security freezes instead of relying on credit monitoring services.
Their article begins:
On May 24-25, the NAIC Cybersecurity (EX) Task Force held an interim meeting to hear comments from various industry trade organizations and other interested parties on the proposed Insurance Data Security Model Law [1] exposed for comment on March 2. While the comments’ themes largely echoed the written comments previously submitted by the interested parties, there was also a lengthy discussion on appropriate consumer protection measures to potentially implement following a data security breach. The March 2 draft of the Model Law provides for up to one year of free identity theft coverage, but the possibility that a credit freeze could be a superior measure was discussed at length.
From the section on benefits of credit freezes:
In the event of a data breach, a credit freeze is considered a more effective remedy than credit monitoring in terms of prevention. Credit monitoring will only alert a consumer to fraud after the activity has occurred, while a credit freeze could prevent the fraud from happening altogether. The freeze can completely shield a consumer’s credit from inquiries (See Should you Freeze your Credit After a Data Breach? [6]). While the credit freeze is in place, consumers can continue to use their existing accounts and will still be able to access free annual credit reports. Existing creditors, or collection agencies working on their behalf, will also have continued access throughout the freeze.
From the section on drawbacks:
Despite its benefits, freezing credit has some drawbacks. While a credit freeze can specifically prevent credit fraud, consumers are still vulnerable to other types of identity theft and abuse of their personal information. Some consumers may also be deterred by the cost and high-maintenance strategy of having to unfreeze and reinitiate the freeze every time they need access to their credit. For consumers who do not typically need access, such as senior citizens, a freeze may not cause any inconvenience. [7] However, for those who must access their credit history often, the freeze is much more burdensome.
Read the whole article on Lexology.