Dear Mr. Miller:
I need your help. I just received notice that one of the websites with whom I do business was hacked. The bad guy got into everyone’s accounts and stole credit card information, personal IDs, everything. What do I do?
Social Security Numbers
E-services Block/Direct Deposit Fraud Prevention Block
Health Insurance & Medicare
Background Checks for Convictions and Arrest Warrants
ID Theft Insurance
Monitor the Dark Web
At this point in the internet age it seems to be a foregone conclusion that if a company with whom you have done business hasn’t been hacked, it is just a matter of time. For example, I tend to think that everyone should have a password vault (an app in which you store your passwords) and have recommended that on several occasions. But everything, and I mean everything, has its downsides.
My wife uses a different password vault than I do. In order to have access to the passwords on all of her devices (Ipad, Iphone, desktop) the passwords are stored in the cloud on the publisher’s server. The publisher’s server was hacked. Recently it has been revealed that a backup set of many customer’s vaults was copied by the hacker. Now to obtain access to the passwords one has to have the master password otherwise the passwords remain in an encrypted state. The company has said it would take 100 years to guess a decent master password. Various commentators have suggested otherwise and I’m not willing to take that risk. So I have recommended that she use a new password vault and change all of her passwords.
Unfortunately, as I was perusing her vault I realized that passwords are not the only data stored in password vaults. There are the IDs: Driver’s License numbers, Health Insurance/Medicare numbers, Social Security numbers, Credit Card numbers, etc.
So what do you do for those items. I’m an estate planning/elder law attorney so admittedly, this is out of my area of expertise. I’m just telling you what we have done, not giving you legal advice. And if it happens to you, you may want to do research beyond what I have done and presented below.
Social Security Numbers: The Social Security Administration will issue a new number to someone whose identity has been stolen. But in our case it was only a future possibility so it is doubtful that new numbers would be issued. And I really don’t want to change our numbers as that will undoubtedly require changes to a number of other records. So what to do.
Credit Feeze: First, freeze your credit on all three of the major credit reporting bureaus: TransUnion, Equifax, and Experian. There are a few other smaller bureaus but if you just deal with the three big ones you have taken giant steps in preventing future problems. By taking that action, any creditor to whom the ID thief has gone to obtain credit will be unable to run a credit report through these services and it will be difficult to impossible for a loan to be granted. When you need to legitimately have a creditor run your credit report (you want to obtain a loan to purchase a car or a house, etc), you unfreeze the credit and then, later, refreeze it. Often times the lender will tell you which credit bureau they use and you only need to unfreeze that one. Unfreezing your credit is relatively simple, typically you have a pin code and with that can freeze and unfreeze online. It has been a great relief to me for a few years now, that every time a company with which we do business has been hacked, to know that our credit is frozen.
E-services Block/Direct Deposit Fraud Prevention Block: These are security options that you can implement with your social security online account. If a thief has your number, the concern is that the person may change the mailing address of record or change the bank account for direct deposits. The former block prevents someone from changing your personal information on the internet and the latter prevents one from redirecting your direct deposit to a different bank account. With the blocks in effect, these items can only be changed in person. Going to the Social Security Administration office can be a pain so think through these options carefully before you activate these protections.
Health Insurance & Medicare: I would check the Explanation of Benefits (EOBs) that the insurance company sends you periodically. These EOBs indicate the service provider, date of service, and amount charged and approved. If you see a provider that you have not used that is a red flag to contact the Health Insurance company or Medicare and request a new number.
Driver’s License: A thief who has your drivers license number can obtain a fake license with your number and name on it. When pulled over by the police for a violation, the thief can give the fake license to the officer and the violation goes on your record. In California, and presumably in other states, one can request a copy of one’s official driving record. The fee is nominal. When you check your driving record, if you see something like this then that becomes a red flag to contact the DMV. Although I have not been able to find any specific authority for the California DMV to change the license number, they should be able to place a “Verify ID Flag” on the record to alert law enforcement that the license number has been stolen.
Background Checks for Convictions and Arrest Warrants: Periodically run, or hire a company to run, a search for Federal convictions and arrest warrants. Maybe once per year. It would also be useful to run a search for any state convictions and warrants. The problem with the latter is for what counties do you run this. There are 58 counties in California and if someone is using your Drivers License number as fake identification how would you ever know in what counties they were doing so, or what state. So the state approach seems to me to be not realistic.
Credit/Debit Cards: Simply contact the issuing bank and have them issue new cards with new numbers. Since numbers are stolen all the time, they generally have a specific selection on their voice mail for lost or stolen cards (yours was stolen for their purposes). Often times you don’t even have to talk to anyone, it is all automated.
ID Theft Insurance: This product can be purchased through your homeowners insurance carrier (if it is not included without extra charge) or purchased separately from a variety of companies. Identity theft insurance is designed to cover some of the costs related to identity theft. It reimburses victims for money spent on reclaiming their financial identities and repairing their credit reports.