Dear Liz: Last week I received my annual mortgage interest report. The envelope was not sealed and my full Social Security number was exposed. Two days later, I received an e-mail from PayPal for a purchase made online in my name with a different address. What do I need to do to protect myself from identity theft and are there any penalties my mortgage company could face?
Answer: The penalties for exposing your information depend on your state’s laws. You can contact your state attorney general’s office for more information.
At the very least, consider reporting the issue to the mortgage company and demanding that your Social Security number be redacted in future mailings. Better yet, see if you can go paperless and download your tax documents, a process that is typically more secure than having your private financial information sent through the mail.
It’s entirely possible the fraudulent purchase was unrelated to your mortgage company’s sloppy practices, but you should still take steps to reduce your odds of being victimized again. Obviously, you need to change your PayPal password but you should also make sure all your accounts — especially your financial and email accounts — have unique, complex passwords. A password manager such as LastPass or 1Password can help you keep track.
Good computer hygiene also can help reduce your risk. That means turning on your computer’s firewall, using a secure browser and keeping that browser up to date. Update and frequently run antivirus software as well.
Another important step in reducing identity theft risk is freezing your credit reports at all three major bureaus: Equifax, Experian and TransUnion. This should prevent someone from opening a new fraudulent credit account in your name but won’t prevent account takeovers, such as what may have happened with your PayPal account.
Detect account problems as quickly as possible by regularly reviewing bank, payment and credit card transactions. Consider putting alerts on your accounts for foreign transactions or transactions over a certain size or signing up with a credit- or identity-monitoring service.