Did you just learn you were involved in a security breach? You’re not alone. In fact, according to a study by Javelin Strategy & Research, nearly one in three consumers (30 percent) were involved in a known data breach in the one year period ending February 2006.

If you are alerted that your personal information was involved in a data security breach, consider the following tips to give you peace of mind:

1. DON’T PANIC.

• Data security breaches almost never result in identity theft. Receiving a letter that your information was part of a data security breach would likely cause a good deal of angst for those who mistakenly believe that this is likely to lead to identity theft. In fact, this is highly unusual. According to a January 2006 study by ID Analytics, in the worst security breach studied, only an estimated 0.09 percent had their identities misused as a result of the breach. Additionally, in a report to Congress, the U.S. Government Accountability Office also found no evidence of links between security breaches and identity theft.

• Data is often unusable due to encryption. Today, particularly among financial services companies and retailers where information is the lifeblood of a competitive industry, data security has never been better. Encryption and other technology are highly effective in rendering any lost information unusable by would-be criminals. According to the U.S. Government Accountability Office, government agencies on the federal side are beginning to improve in their security measures, as well, and should continue to improve in the coming years.

• Consumers are not liable for fraudulent charges. If, by chance, your identity is financially misused as a result of a breach, remember it is the financial services company – not you – who is ultimately liable for any fraudulent activity on your accounts. You cannot be held liable for debts that you did not incur and nearly all financial services companies have a zero liability policy, for peace of mind.

2. DETERMINE THE GENERAL NATURE OF THE BREACH – IDENTITY-LEVEL OR ACCOUNT-LEVEL?

Understanding what kind of information was breached will help you determine the best course of action. Taking unnecessary steps out of fear will cause you a lot of wasted time, headaches, expense, and frustration down the road when you need to secure credit. Again – don’t panic, but rather go about this wisely:

• The “Don’t Lose Sleep Over It” Breach
  
  There is no need for concern if the nature of the breach is information that anyone could find in another location, such as a phone book or on the Internet (phone number, address, etc.). Chances are you wouldn’t even receive a notification for something like this.

• The “Account-Level Breach"
  
  This is when the information that was breached includes bank account numbers, credit or debit card numbers, stocks, mutual funds, or other information where a criminal could attempt to use the financial accounts directly. In this case, a would-be cyber thief would only have access to that single account. There is no evidence, according to the ID Analytics study, that this type of breach ever crosses over into an “identity-level” breach.

If you are involved in an account-level breach:

1. If someone other than your financial services provider contacted you regarding the breach, call the affected company to alert them to the breach. Typically, the company holding the affected account number will be the one to alert you, and in most cases will automatically issue you a new credit card and/or account number.

2. If you get a new account number, remember you’ll need to identify recurring charges and alert them to the new account number.

3. In cases where risk of credit fraud is low, it may make more sense to monitor your statements rather than getting a new account number. After all, you are not liable for fraudulent charges.

4. Keep in mind that your financial services company will want to make the best decision, for the financial burden falls on them – not you – if credit fraud occurs.

• The “Identity-Level Breach”
  
  This occurs when the information breached includes a combination of your name and social security number and other personally identifiable information. With this information, in theory, a criminal could commit credit fraud or other illegal activities, although it is still not easy, hence the rarity of the crime. Government and university breaches are frequently this type of breach. If you are alerted to this, follow these steps:

  1. Contact each of the three major credit bureaus: TransUnion (www.transunion.com); Experian (www.experian.com); and Equifax (www.equifax.com) to alert them that your information has been part of a security breach.

  2. Request that a 90-day “fraud alert” be attached to your credit file at all three bureaus. This costs you nothing, and will let creditors know to contact you in advance of issuing any new credit.
  

  3. Request copies of your credit report and watch for suspicious activity. You are entitled to a free credit report annually from each of the three bureaus. You can easily request them at www.annualcreditreport.com, a site set up by the three credit reporting agencies, as required by federal law.

  4. Consider a credit monitoring product, sold by private companies or your financial service provider. In fact, this is often provided to you at no charge if you are part of a security breach. If so, take it – these products are valuable in that they alert you automatically to any suspicious credit activity.

  5. If you identify criminal activity, contact the police immediately for assistance.

  6. If you become a victim of identity theft, visit the Federal Trade Commission’s Web site for valuable information (www.ftc.gov/idtheft).

• Other Sensitive Breaches
  
  In cases where information on things like insurance, cell phones, or other types of services were subject of a breach without corresponding social security number information, look into options to password protect those accounts.