Where does this information come from?
All of this information comes from personal data that’s been accessed by unknown individuals that was gathered from the internet, and then accessed without authorization and made public. We created one easily searchable place that will tell you if your information was part of a data breach.
Why is my information associated with a website or service I’ve never been to?
When you search for an email address, you may notice that your information is associated with a website or service that you don’t recall visiting or signing up for. There are many possible reasons for this:
- Other people can sign you up: People often “fat finger” (i.e., mistype) their email address when signing up for an online service. It’s possible that your email address was entered by mistake.
- You forgot you signed up: Most of us leave a large trail of accounts that we’ve signed up for over the years. It’s possible that you may have signed up for a service and forgotten about it as time goes by.
- Websites often rename/re-brand or merge with other websites: While it’s pretty rare that this would lead to the exposure of your personal information, it is a possibility. Companies are constantly adjusting their branding strategies, and companies buy or merge with other companies all the time. Long story short, when a company changes names or is acquired by another company, they may still retain all the same information they collected beforehand.
What can I do?
The next step depends on what kind of information was exposed online. For example, you’re going to want to make a different decision if your email address and password were exposed versus your Social Security number or driver's license. We provide information on our site about what to do next for most scenarios.
My information wasn’t found. Is my personal information safe?
We strive like to keep all of Identity Monitoring information up to date, but it is possible that we missed something or we don’t yet know about the breach. We’re expanding and improving this service all the time, so if you don’t see any information now, check back soon to see if there have been any updates.
What does this mean for the security of my Credit Karma account?
An Identity Monitoring result showing that your information has been exposed online does not necessarily mean that the information from your Credit Karma account has been exposed. Keep in mind, though, that reusing your password once you’ve confirmed your information has been exposed does make it easier for unauthorized users to access your account. If we identify suspicious activity on your Credit Karma account, we will notify you by e-mail. We take your security and privacy very seriously, which is why we use 128-bit encryption methods and firewalls to protect your personal information. Our data centers are monitored around the clock, and we enlist third-party experts in the field of application security to assess our site for vulnerabilities. They also confirm and validate the security of our site. We go the extra mile to make sure your personal information is safe and secure.
Why is Credit Karma doing this?
Credit Karma is all about helping you make real, meaningful financial progress, and helping you with your personal/financial information security is a big part of that. We do what we can to help out.