OGDEN -- You are one of 280,000 Medicaid or CHIP clients of the Utah Department of Health whose Social Security number was hacked in a security breach March 30.
Or, you are one of 500,000 whose less-sensitive information -- age, address, sex and other information -- was hacked.
Act fast. Theft of a Social Security number, especially, is a serious problem.
The Social Security Administration says a stolen number can be used to obtain credit cards in the victim's name that are then used to run up large charges and not paid.
People who had their names and addresses stolen could start getting calls from scammers trying to get more personal information from them.
Even people who are poor need to act. Their credit information can be abused, causing them severe financial harm.
The Department of Health's website (www.health.utah.gov/databreach/) has complete information on how the problem occurred and what to do.
Here are the basics.
* Watch the mail.
The Department of Health is sending letters to everyone whose information was compromised. The letters explain what sort of information was taken.
* If your Social Security number was stolen, sign up for free credit monitoring offered by the Utah Department of Health.
The letters from the department have the numbers to call.
Richard Hamp, who handles ID theft in the attorney general's office, said all victims should also freeze their accounts with the three major credit reporting agencies.
Under Utah law, freezing credit rating accounts is free for all victims of ID theft, he said, and is something he would recommend for everyone, victim or not. This will prevent someone from opening a new account in your name.
The Department of Health breach included children who have their own Social Security numbers.
Hamp said if victims go to the Utah ID theft website, http://idtheft.utah.gov, and click on "Child Identity Protection," they can quickly enter their children's information, and they are protected.
He said anyone can sign their children up. Protecting them is free for everyone, victim or not.
Adults have to go through a more involved process, and must have a Utah driver's license or state ID card. Hamp said the website shows how to enter all the needed data, generate a crime report and submit it to all three credit rating agencies.
Hamp said he recommends that everyone freeze their accounts rather than just have them monitored, because monitoring lets a person know if someone is trying to use their credit information, while freezing the account prevents it. It's also cheaper.
"So credit freeze, in my mind, is the way to go," Hamp said, "and if you are a victim, by statute in Utah, you get it for free."
In 2008, the Legislature passed a law that allows Utah residents to freeze or thaw their accounts in 15 minutes, and requires the three major credit reporting agencies to freeze accounts of victims for free.
Freezing the account doesn't stop victims from using their credit cards. It does stop anyone else from using the victim's credit information to apply for any type of credit, including car loans and mortgages.
* Ignore any phone calls claiming to be from the state or any agency investigating the data breach.
Victims of this breach can be victimized again. Scammers call or email, offering to help. They ask for personal information -- Social Security numbers, bank information and so on.
The Department of Health says on its website that "possible victims should be aware that nobody from the Utah Department of Technical Services or the Utah Department of Health will be contacting them and asking for personal information over the phone or via email regarding this incident."
The Social Security Administration does not, ordinarily, give a new number to someone whose number has been compromised.
On the Social Security website (www.ssa.gov) it says that only after all efforts to stop the fraud have failed can a new Social Security number be issued.
In that case, however, the Social Security Administration warns that a new number may not protect a victim from further fraud and could even cause more problems, because the old number is still floating around on bank and business records, and the new number won't have any credit history connected to it.