At the same time, they may impose costs on lenders, credit bureaus, and, in some instances, consumers. We analyze a unique data set of anonymized credit bureau files to understand how consumers use these alerts. We document the frequency and persistence of fraud alerts and credit freezes. Using the experience of the data breach at the South Carolina Department of Revenue, we show that consumers who file initial fraud alerts or credit freezes likely do so out of precaution. Consumers who file extended alerts are more likely to be actual victims of identity theft. We find that consumers are heterogeneous in their choice of alerts and that their choices are correlated with important characteristics found in their credit bureau files. These facts are useful for interpreting consumer responses to data breaches and for policymakers.