Identity Theft Category
You might think breaking into a corporate database would be hard. Not so. A recent report from the Verizon RISK Team found the vast majority of incidents required minimal skills and took place in a few hours. Unfortunately, those breaches often weren’t discovered for months or even years–and it typically wasn’t the company but rather a third party that discovered a breach.
From a Credit.com post on the study:
While one in 10 were so easy the average Internet user could have caused them, another 68 percent were the result of hacking attacks using the most basic methods, requiring relatively few resources to complete. Only one breach suffered in all of 2012 required “advanced skills, significant customizations, and/or extensive resources” to complete.
That is likewise reflected in the amount of time it took to cause most data breaches, the report said. Altogether, 84 percent took hours or even minutes to perpetrate, while these incidents typically took months or even years to discover. Nearly two-thirds of all breaches took at least that long, up from just 56 percent the year before, proving that it’s actually becoming more difficult to spot breaches, as well as contain them. While most were remediated in hours or days, nearly a quarter took months.
The take-away from this is that companies aren’t doing nearly enough to protect the information they collect about you. And the sad truth is that you have little control over what goes into these databases. You can do your best to protect your identity, and still have your information breached.
You should still take steps to reduce your exposure, steps like not giving your Social Security number to companies that don’t need it and refusing to give businesses permission to share your information. You should use tough-to-hack passwords and stop sharing secrets on social media. You also should monitor your credit reports and financial accounts.
Until companies get serious about protecting your data, though, you’re still a target for identity theft.
Do you have questions about money? Here’s a secret: we all do, and sometimes finding the right answers can be tough. My new book, “There Are No Dumb Questions About Money,” can make it easier for you to figure out your financial world.
I’ve taken your toughest questions about money and answered them in a clear, easy-to-read format. This book can help you manage your spending, improve your credit and find the best way to pay off debt. It can help you make the right choices when you’re investing, paying for your children’s education and prioritizing your financial goals. I’ve also tackled the difficult, emotional side of money: how to get on the same page with your partner, cope with spendthrift children (or parents!) and talk about end-of-life issues that can be so difficult to discuss. (And if you think your family is dysfunctional about money, read Chapter 5…you’ll either find answers to your problems, or be grateful that your situation isn’t as bad as some of the ones described there!)
Interested? You can buy this ebook on iTunes or on Amazon.
Dear Liz: My cousin had his house broken into a little over a year ago. A lot of things were taken, but insurance replaced most of what he thought was missing. This year after he filed his return he was contacted by the IRS, which told him that a return using his information had already been filed and the refund check cashed. The IRS is investigating the situation now, but I really worry about what is going to happen to his Social Security in the future if someone else is using his numbers or those of his children. Do you have any information on what steps he should take?
Answer: Theft of tax refunds is a growing problem. In fact, tax identity theft is the No. 1 fraud on the IRS’ list of Dirty Dozen Tax Scams of 2012.
The fraud is often perpetrated by organized criminal gangs that con, steal or buy people’s personal information to create bogus returns. Some people fall right into the bad guys’ hands by responding to emails that purport to be from the IRS. (The IRS doesn’t email people to request personal or financial information.)
If the problem isn’t resolved within a few months, your cousin should contact the agency’s Identity Protection Specialized Unit at (800) 908-4490.
Since the criminals already have his Social Security number and other important financial information, he also should put security freezes on his credit reports at all three bureaus. Links to the bureaus and other information for identity theft victims can be found on the IRS’ site at http://www.irs.gov.
Dear Liz: Your recent column about disclosing Social Security numbers raises an important question. Federal tax law requires millions of Americans to disclose their Social Security numbers to those who pay a recipient at least $600 in a year. In practice, many payers request this information when paying much less than that. Millions of people have their Social Security numbers floating around on millions of computers, many of which are not secure. Why doesn’t anyone write about this or discuss the consequences of being required by law to disclose your Social Security number all over the place? This requirement is a recipe for identity theft.
Answer: You’ve pointed out another problem with using Social Security numbers as an all-purpose identifier. Federal and state laws require businesses that collect Social Security numbers to protect that information. But the fact remains that the more entities that have your number, the more vulnerable you may be to identity theft.
As an individual, you’re unlikely to change the IRS’ mind about the necessity of collecting this information. But when you’re asked for your Social Security or tax ID number, it’s fair to ask the requester how your information will be protected. That at least puts the requester on notice that you expect the laws regarding the safeguarding of personal information to be followed.
Dear Liz: Is there an alternative to having my Social Security number as my Medicare number? This seems to fly in the face of all we have been taught as to keeping our financial identifiers secret.
Answer: More than half the states have banned the use of Social Security numbers on health insurance cards, but those laws don’t apply to the federal Medicare program. Unless Congress acts to change the federal law, you’re stuck with having your Social Security number as your Medicare identifier.
The Privacy Rights Clearinghouse recommends you protect yourself from identity theft by making a copy of your Medicare card and using a black marker to cross out the last four digits of your Social Security number, or cutting out the last digits with scissors. Then you could carry that version of your card, so that if your wallet is stolen the thief doesn’t have access to your full number. You would still need to bring your original card the first time you visit any new healthcare provider, but you wouldn’t have to carry it with you all the time.
Dear Liz: A large safe containing our passports, Social Security cards, birth certificates, checks and credit cards was stolen from our home several days ago. We notified our bank and credit card companies. Is there an advantage to requesting new Social Security numbers? If we do this, would it affect our credit in any way?
Answer: New Social Security numbers wouldn’t necessarily protect you from identity theft and could create additional complications.
Thieves might still be able to use your old numbers to establish new accounts, and those fraudulent accounts could show up in your credit reports. If for some reason the credit bureaus didn’t combine the records for your old and new numbers, then you could be left without any credit history at all, which could make getting future credit difficult.
The Identity Theft Resource Center, which advises victims and has a fact sheet on this issue (No. 113, available on its website at http://www.idtheftcenter.org), typically doesn’t recommend applying for new numbers. Instead, it suggests credit freezes, which prevent most lenders from viewing your credit reports or establishing new accounts without your consent.
Credit freezes aren’t foolproof, since some lenders don’t check with credit bureaus before opening accounts. Credit freezes also won’t prevent a thief from using your Social Security numbers to commit healthcare fraud or criminal identity theft (which is when a thief pretends to be you when he or she is arrested). Also, there may be fees involved with freezing and unfreezing your credit reports.
But credit freezes are probably your best defense at this point, before you’ve been victimized. You can learn more about credit freezes at the Consumers Union site, DefendYourDollars.org.
Dear Liz: A copy of my wife’s Social Security card and driver’s license were stolen recently. I immediately contacted the credit bureaus. The first one tried to sell me a protection product. When I tried another number for that bureau, I got the automated runaround. The second bureau agreed to put a fraud alert on my account, then they too tried to sell me a product! Please tell everyone what will happen when they report issues like this, as you and so many others recommend. I still don’t know if I have done everything I can do.
Answer: If she hasn’t done so already, your wife should call the police to report the crime and get a copy of the report in case she needs it later to prove she’s a victim of identity theft.
Your wife is the one who needs to have fraud alerts placed on her credit reports at all three of the major credit bureaus: Equifax at (800) 525-6285, Experian at (888) 397-3742 and Trans Union at (800) 680-7289. These alerts are good for 90 days and can be renewed. It’s unfortunate the bureaus are using these help lines to pitch products, but you don’t need to buy anything to get a fraud alert placed on your files. In two or three months, she should use http://www.annualcreditreport.com to get a free look at her credit reports to make sure no one has opened accounts in her name.
Your wife also may want to consider a credit freeze, which locks up her credit reports to make it much harder for someone to apply for credit in her name. Get more information about these freezes, which typically involve fees, at http://www.financialprivacynow.org.
In addition, she needs to call your state’s department of motor vehicles to report the stolen license. If she discovers later that someone is using it, she can request a number change.
For more on coping with stolen information and dealing with identity theft, visit the Identity Theft Resource Center at http://www.idtheftcenter.org.
Dear Liz: In a recent column, you discussed two instances in which the tax preparer screwed up, and yet you concluded the problem was with the post office. I’m not a fan of the post office, but your logic escapes me.
Answer: In both instances, sensitive financial documents were entrusted to the U.S. mail system. Although this is common, it’s certainly not secure, since such mailings aren’t tracked and they certainly aren’t encrypted. The two taxpayers didn’t think to question the way their papers had been handled until those papers went missing, but both taxpayers and tax preparers would be wise to use more secure methods to transmit sensitive data.
Dear Liz: I sent my tax preparer everything he needed for my return, including the originals of my W2 forms, bank 1099s, property tax bills (including a copy of the check showing the payment) and a year-end mortgage statement. A week later he said it was done and that he had mailed the return and paperwork back to me. It’s been three weeks and I still haven’t received the paperwork. What I did get was a direct deposit of my refund, so apparently he filed the return without telling me. I am sick to death that all my private financial information is floating around in the mail system somewhere and that it could get into the hands of a dishonest person.
Answer: You’ve learned a couple lessons, foremost among them that you need a new tax pro. Filing your return without letting you see it was a definite no-no.
Another lesson is that your private financial data probably shouldn’t be entrusted to the U.S. mail system. It’s more secure to drop your documents off with your tax preparer and pick them up yourself, along with a copy of your return, when he or she is done. The original return can be electronically filed using the IRS’ secure, encrypted system, eliminating the need to use the mail.
You can put 90-day fraud alerts on your credit reports at the three major bureaus (Experian, Equifax and TransUnion). Fraud alerts notify lenders that they should take extra steps to verify identity before opening accounts in your name. For more protection, you may want to consider a credit freeze, which doesn’t rely on lenders’ sometimes-wavering vigilance but that allows you to shut off access to your credit reports, preventing thieves from opening new credit accounts. For more information, visit the Consumers Union site www.financialprivacynow.org.
Dear Liz: I want to get satellite television, but the company wants my Social Security number to check my creditworthiness. I dislike giving out my Social Security number to anyone in this climate of identity theft. Are there any laws that can help me?
Answer: You’re smart to be careful with your Social Security number, but if you want this company’s service, you’ll probably have to cough up the number.
Lenders are not the only businesses that want to check your creditworthiness before they’ll do business with you. Cellphone carriers, landlords, utilities and employers often want a look at your credit reports or credit scores as well. Some states have passed laws restricting how credit information is used in certain circumstances, but in many cases, individuals have just two choices: comply with the request for Social Security numbers or don’t do business with these companies.
That’s not to say you should hand out your number to any business that asks. If the business isn’t establishing a credit relationship with you, and isn’t in financial services — which are required to have your Social Security number to report tax information to the IRS — you should find out why they’re asking for the number and consider declining.
Do you have questions about money? Here’s a secret: we all do, and sometimes finding the right answers can be tough. My new book, “There Are No Dumb Questions About Money,” can make it easier for you to figure out your financial world.