How to spot fake data breach letters before you reply

written by Kurt Knutsson
Kurt reporting on how to spot fake data breach letters before you reply
At a glance
  • Real data breaches often trigger legitimate letters, but scammers copy the same language to steal sensitive information.
  • A request to re-enter your full Social Security number is a major red flag and a reason to stop.
  • Never click links in breach letters and always verify claims using official contact information you find yourself.
  • Freezing credit, monitoring accounts and limiting data sharing can reduce damage even if a breach is real.

 

You open your mail and see the words data breach and personal information. Then you see a deadline. That is when most people panic and make mistakes. That is exactly what Frank from Rockford, Illinois, wanted to avoid.

Here is the email he sent us, word for word:

“My wife and I both received letters from a company called Conduent regarding a breach of personal info from Blue Cross and Blue Shield. It gives us a website to log into called Kroll Monitoring with an activation code and a verification ID. However, it asks for name, address, e-mail, phone number and SS Number. Is this legit or a phishing expedition? I would think that they would already have this information. We must enroll by March 31, 2026. Please advise.”

Frank’s question is a smart one. We hear from readers about letters like this all the time, especially after large health care breaches. Some are legitimate. Others are carefully designed scams. So how do you tell the difference before typing in your Social Security number?

 

 

A man typing on his laptop

 

Why breach letters feel urgent and official

Data breach letters are meant to get your attention. Real ones often include known company names, formal language and enrollment deadlines. In Frank’s case, the names Conduent and Kroll are real companies. Conduent provides data services for health insurers. Kroll is frequently hired to offer identity and credit monitoring after confirmed breaches.

That is the problem. Scammers know this. They copy the wording, copy the tone and even copy real company names to make fake letters look convincing. Because of that, you should never assume a letter is safe just because it sounds professional.

 

Is the Conduent and Kroll letter real?

It can be. Still, real does not always mean safe. Even when a breach actually occurred, scammers often piggyback on the news and send fake letters at the same time. That is why verification matters more than appearances.

The question is not whether Conduent or Kroll is a legitimate company. The question is whether the specific website and request in your letter are legitimate.

 

The biggest red flag to watch for

A breach response company should not need your full Social Security number again to enroll you. If your Social Security number was involved in a breach, the company already has it. Asking you to re-enter it creates unnecessary risk. It also creates an opportunity for identity theft if the site is fake or compromised. That request alone is enough reason to stop and verify before doing anything else.

A person is typing on a laptop

 

What to do instead of clicking the link

Never click links directly from a breach letter. Never rush because of a deadline. Here is a safer approach.

Verify independently

Open a new browser window and manually search for the company named in the letter. Use the official website you find, not the printed link. Look for a general customer support phone number. Call and ask if your activation code and verification ID are valid.

Confirm with your insurer

Next, contact Blue Cross and Blue Shield using the phone number on your insurance card. Ask if Conduent handled any breach notifications related to your plan. If either company cannot clearly confirm it, assume the letter is unsafe.

Do not provide your SSN

Do not type your Social Security number into any breach portal unless you have verified the program through trusted channels. Even then, consider whether the risk is worth it.

 

Signs a data breach letter may be fake

No single clue proves a scam. Patterns do. Watch closely if you notice any of these:

  • The website address looks unusual or slightly misspelled
  • The letter pressures you to act quickly
  • The portal asks for your full Social Security number
  • The contact phone number only appears in the letter
  • The site asks for information that feels excessive

If more than one applies, stop and verify.

A person working on their laptop

 

How to protect yourself after a data breach letter

If you received a letter like Frank’s, take these steps right away.

 

1) Freeze your credit

A credit freeze blocks new accounts from being opened in your name. It is one of the strongest protections after a possible breach.

 

2) Place a fraud alert

A fraud alert tells lenders to take extra steps to verify your identity before approving new credit. It adds another layer of protection alongside a credit freeze.

 

3) Turn on account alerts

Enable alerts for logins, purchases and profile changes on your financial accounts. Early warnings can help you stop fraud before it spreads.

 

4) Use strong and unique passwords

If email addresses were exposed, attackers often try password resets elsewhere. Unique passwords help break that chain. Consider using a password manager like  NordPass, which securely stores and generates complex passwords and reduces the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

One of the best password managers out there is NordPass. It is secure, user-friendly, and uses zero-knowledge architecture with military-grade XChaCha20 encryption to protect your data. NordPass works across Windows, macOS, Linux, Android, iOS, and major browsers and includes features like:
  • Unlimited password storage
  • Secure sharing
  • Password health reports
  • Auto-fill and emergency access
  • Data breach monitoring to alert you if your credentials have been exposed
  • A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
Use NordPass to check if your email or passwords have shown up in known data breaches, and take immediate action if they have.
 
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!

 

5) Monitor mail and email closely

Scammers often follow breach letters with phone calls or emails pretending to help you enroll. Legitimate companies rarely chase you or pressure you to act.

 

6) Review your credit reports

Check all three credit bureaus for unfamiliar accounts, addresses or inquiries. This helps you spot damage that may already have occurred.

 

7) File taxes early and request an IRS IP PIN

When Social Security numbers are at risk, early tax filing can reduce fraud exposure. An IRS Identity Protection PIN adds another safeguard by blocking unauthorized tax filings in your name.

 

8) Use a data removal service

Personal data brokers collect and sell information like your address, phone number and relatives. Removing that data reduces how easily scammers can target you after a breach.

Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.

Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.

  • Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
  • Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
  • The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.

CyberGuy Exclusive: 60% off

CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.

The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.

Get Incogni and remove your info
Get Incogni’s Family Plan

   

 

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

9) Install strong antivirus software and avoid clicking links

Do not click links in breach letters or follow-up emails. Always type website addresses manually or use official apps to access accounts safely. Strong antivirus software can block malicious websites, fake enrollment portals and phishing attempts before they load.

My top pick is TotalAV.

TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.

GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:


Please note:
1) If you're having difficulty seeing either of the above deals, do this:

- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.

- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.

2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.

3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.


 

10) Choose protection that limits data sharing

Breach response portals are not your only option. Look for identity monitoring tools that protect you without forcing you to re-enter sensitive information on unfamiliar sites. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of my top pick, Aura: Identity Theft Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.

Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.

 

 

Related Links: 

 

 

Kurt’s key takeaways

Frank’s instincts were right. A Conduent and Kroll letter can be legitimate. Still, any request for your Social Security number is a valid reason to pause. Verify first. Use official phone numbers you find yourself. Never rush because of a deadline like March 31. When it comes to data breaches, slowing down is often the safest move.

Should companies be required to do more to protect you before sending breach letters like these? Let us know your thoughts in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2026 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.