Is Kroll Monitoring Legitimate? What You Need to Know

Is Kroll a Valid Identity Theft Monitoring Option?

If you’ve received a data breach notice offering free monitoring from Kroll, you may be wondering what it is and if it’s legitimate. 

Kroll is a corporate risk management and cybersecurity company that is hired by companies who have suffered large-scale data breaches to help protect their customers. 

For example, in 2023 when Michigan-based Flagstar Bank leaked the data of more than 800,000 customers, the bank offered two years of complimentary Kroll monitoring to all impacted customers as part of its response plan [*].

But just because Kroll is a free option, doesn’t mean it’s always right for you. 

By partnering with companies after they suffer data breaches, Kroll may offer fewer protective features than many other identity theft protection providers.

In this guide, we’ll explain what’s included in most Kroll monitoring plans, the potential risks of accepting free Kroll monitoring, and why you may want to consider a different identity theft protection option. 

{{show-toc}}

What’s Included With Kroll Monitoring? 

Kroll doesn’t offer a single identity monitoring plan. Instead, every company that hires Kroll can pick and choose between multiple levels of service depending on their budget and needs. 

That means different Kroll users may have completely different levels of protection. For example, some customers may receive one-bureau credit monitoring while others get three-bureau [*].

If you’re already signed up for a Kroll monitoring plan, you may need to contact the company and supply your membership number to determine exactly what level of protection you have.

At a high level, most Kroll monitoring plans include some form of:

• Identity monitoring
• Credit monitoring
• Fraud consultations and identity restoration

Here’s a deeper look at each category of protection and what’s included:

Identity monitoring

Kroll states that it monitors the internet for personally identifiable information (PII) associated with its users, including: 

• Social Security Numbers (SSNs)
• Bank account numbers and routing information
• Credit card and debit card numbers
• Medical ID numbers
• Contact information including email addresses and phone numbers
• Birthdates

This is not a comprehensive list of data points for identity theft monitoring, but it’s better than no monitoring at all. 

However, Kroll doesn’t provide many details about where it monitors for this information other than “public records” and “sites known for illegal sales of PII.” This makes it unclear as to whether or not Kroll provides in-depth Dark Web monitoring. 

Credit monitoring

Credit monitoring is an important part of any identity theft protection service, as it can warn you if criminals have used your stolen identity to open accounts, take out loans in your name, or update (and damage) your credit file. 

While Kroll claims to offer a “continuous credit monitoring service,” it’s unclear what this means in practice. 

There are three major credit reporting bureaus — Experian, Equifax, and TransUnion — and not all lenders report to all three. This means that without three-bureau credit monitoring, you could miss early warning signs of fraud. 

Pro tip: You can proactively protect your credit with a credit freeze. This will prevent anyone from accessing your credit file until you “thaw” it. To freeze your credit, you’ll need to contact each of the three major credit bureaus individually. 

Fraud consultation and identity restoration

In case you become the victim of identity theft, Kroll’s website advertises access to fraud consultants and licensed identity theft investigators to help you recover [*].

Identity theft restoration services are especially important if you become a victim of identity theft — however, it’s unclear how Kroll can scale this type of one-on-one help to its hundreds of thousands (or even millions) of customers. 

Here are a few examples of the support you can receive from Kroll’s fraud consultation team:

• Explaining your rights and protections under the law. This is a very basic service that almost every identity theft protection service offers. In fact, the Federal Trade Commission (FTC) provides this service for free through its ReportFraud.ftc.gov website.
• Assistance with fraud alerts. While fraud is often complex and elaborate, good fraud alerts are self-explanatory. Assisting users with fraud alerts may simply mean performing standard customer support tasks like every other identity theft protection company does.
• Interpreting how personal information is accessed and used. This could be useful, depending on the amount of additional context Kroll can provide into user activities. It’s not clear, though, how much data Kroll’s fraud consultation team has access to, and how much additional information they can provide at this level.
• Investigating suspicious activity that could be tied to an identity theft event. This may be the most valuable service included in the fraud consultation package. Comprehensive investigations help identify the depth and severity of fraud attempts, and allow users to plan the recovery process accordingly.

The bottom line: While Kroll offers a decent level of identity monitoring services, it can’t offer the same level of support as dedicated service providers like Aura or LifeLock. If you’re concerned about your identity or accounts, it might be worth considering a different identity theft protection service.

What Are the Risks of Signing Up for Kroll Monitoring?

Kroll itself is a well-established company that has been around for nearly a century and supports businesses with corporate security, risk consulting, and financial advisory. However, it isn’t free from security issues and risks that could leave you vulnerable. 

Before signing up for Kroll ID monitoring, make sure you understand the risks, including:

• Past security issues. Kroll has been the target of cyberattacks, including a 2023 data security incident that occurred after an employee fell victim to a SIM-swapping attack, giving hackers access to the employee’s phone number and company documents [*]. 
• Inconsistent access to customer support. Reviews of Kroll on the Better Business Bureau (BBB) website are mixed, with some praising the support they received — while others complain that it can take several days to receive a response from customer support [*].
• Varying degrees of protection. Kroll’s business model allows the companies that engage their services to “mix and match” different features. Unfortunately, this means that some customers may be left with limited protection — especially when it comes to credit monitoring. 
• Lack of digital security tools. Unlike modern identity theft protection services that include tools to proactively protect you and your family against hackers and scammers, Kroll is purely focused on ID monitoring and support. This means they can only help after your identity has already been stolen. 

💡 Learn more: Is Identity Theft Protection Really Worth It? →

Kroll Monitoring Isn’t Your Only Option for Identity Protection

Kroll is an attractive option for people who have had their data leaked by a third-party organization, as it’s free and provided by the impacted company. 

However, the lack of publicly available details about Kroll’s services, as well as the inconsistent levels of protection and support, mean it might be providing a false sense of security — while leaving you vulnerable to fraud. 

To protect your identity after a data breach, it may be worth paying for a dedicated service like Aura. 

The main difference between Kroll and Aura is whom they work for: Kroll supports companies that have been impacted by data breaches, while Aura protects individuals and families who are worried about identity theft and online threats. 

Here’s a detailed breakdown of the differences between Aura and Kroll monitoring:

If you received a breach notification with a prompt to sign up for Kroll, it could be a good option — but only if you already use another service that protects your data and devices and provides three-bureau credit monitoring. 

For all-in-one protection, sign up for Aura. Aura’s award-winning solution provides more comprehensive monitoring, powerful online security tools, support that’s available when you need it, and a generous insurance policy to help cover eligible losses and costs associated with identity theft. 

Award-winning identity protection for you and your family — Try Aura for free!