Earlier this year, more than 25 million Americans began receiving letters from a company most of them had never heard of. The sender was Conduent Business Services, a contractor that processes benefits records and human resources data for state Medicaid programs, employer health plans and government agencies. Between October 2024 and January 2025, ransomware operators pulled names, Social Security numbers, dates of birth, home addresses, medical diagnosis codes and health insurance claim numbers out of Conduent’s systems. In February 2026, Texas Attorney General Ken Paxton called it the largest data breach in U.S. history.
The letters ended the way most of these letters end, with an apology, a phone number and an offer of one year of free credit monitoring. Once your data is already out, can you realistically protect your identity on your own, or has it become something most people are better off outsourcing?
Sign up for my FREE CyberGuy Report
FAKE SSA EMAIL ALERT: SPOT THIS SCAM FAST
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Federal law and tools from the Federal Trade Commission cover more ground than many people realize. None of these cost anything. When used together, they close the most common entry points fraudsters target.
Start by freezing your credit at all three bureaus. A freeze blocks new accounts from being opened in your name. It has been free at Equifax, Experian and TransUnion since 2018. You can lift it temporarily when you need to apply for credit.
Next, get an Identity Protection PIN from the IRS at irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin. This six-digit code blocks fraudulent tax returns filed using your Social Security number. The IRS issues a new one each year.
You should also check your credit reports regularly. Equifax, Experian and TransUnion now offer free weekly access through AnnualCreditReport.com. Checking once every few months can help you catch suspicious activity early.
It also helps to bookmark IdentityTheft.gov. The site creates a personalized recovery plan, generates the affidavit creditors require and provides prefilled dispute letters.
Another simple step is opting out of prescreened credit offers. This removes you from mailing lists lenders use for unsolicited credit and insurance offers. You can do this online at OptOutPrescreen at optoutprescreen.com, which is run by the major credit bureaus. The process takes just a few minutes. Choose a five-year opt-out for a quick fix, or print and mail the form for a permanent opt-out. Once processed, you should see fewer “pre-approved” offers in your mailbox.
Finally, turn on two-factor authentication (2FA) for every financial, government and benefits account. Even if someone steals your password, they cannot access your account without the second factor.
For many people, these steps create a strong baseline.
The do-it-yourself approach works until something goes wrong. That is where the gap becomes clear.
According to the Identity Theft Resource Center’s 2025 Consumer Impact Report, the average victim spent more than 200 hours and $1,343 out of pocket recovering from identity theft. About one in five reported losses above $100,000. Many also reported significant emotional stress.
The financial impact adds up quickly at a national level. A February 2026 report from the U.S. Senate Joint Economic Committee estimates identity theft tied to major data broker breaches has cost Americans more than $20 billion over the past decade. That estimate includes incidents like Equifax, Exactis, National Public Data and TransUnion.
Free tools also have clear limits. They will not monitor the dark web for your data or remove your personal details from data broker sites. They also cannot contact creditors or dispute fraudulent accounts on your behalf.
Instead, you handle every step yourself. IdentityTheft.gov gives you a roadmap, but you still have to make the calls, file the paperwork and follow up repeatedly.
SSA IMPERSONATION SCAMS ARE GETTING MORE PERSONAL
For anyone whose data was exposed in a breach like Conduent or National Public Data, free tools alone leave real gaps. That is where paid identity protection services come in.
These services run continuous scans for your name, Social Security number, email and bank accounts on the dark web, as well as across data broker and people search sites that resell your home address and family ties. They submit opt-out requests on your behalf and repeat the process when your information shows up again. When fraud happens, many services assign a case manager who works with credit bureaus, banks and creditors to help resolve the issue.
Some plans also include identity theft insurance and dedicated fraud resolution support, which can help cover certain losses and reduce the time it takes to recover.
Paid services have limits. No service can prevent every breach, and even the best monitoring only helps shorten recovery time. The do-it-yourself approach can still work if you are comfortable managing your own checklist. However, for families, for anyone already exposed in past breaches and for those who want less hands-on involvement, adding a paid service on top of free protections can make the process easier to manage.
See my tips and best picks on Best Identity Theft Protection at CyberGuy.com
Most people can handle the basics of identity protection on their own, at least at first. Free tools cover the biggest risks and help block common types of fraud. However, the situation changes once your data is exposed in a major breach. At that point, monitoring, cleanup and follow-up can turn into a long and frustrating process. That is where paid services can make a real difference. They reduce the workload, track exposure across more sources and step in when fraud happens. Still, no service eliminates risk completely. The decision comes down to how much time you want to invest and how much support you would need if something goes wrong. For many households, a layered approach works best. Start with the free protections, then decide if adding a paid service fits your situation.
If your identity were stolen tomorrow, would you have the time and patience to fix it yourself? Let us know by writing to us at CyberGuy.com
Sign up for my FREE CyberGuy Report
Copyright 2026 CyberGuy.com. All rights reserved.
