Oops. I Gave My Social Security Number to a Stranger

Life can get hectic and, while media attention on big data breaches has certainly put folks on high alert, there are times when you slip and give some of your personal information away.

Lots of this info, like your credit card account and health insurance ID, can be changed with relative ease. There are nine little digits you’re stuck with, however, that can cause a whole lot of headaches when they fall into the wrong hands. Those digits, of course, are your Social Security number.

Am I Stuck With My Number?

If your Social Security number has been put to nefarious use, you can try to have it changed. SSA.gov lists an identity theft victim continuing to be disadvantaged by “the original number” as one of five cases in which they’ll consider assigning new digits. Per their site, you’ll need to do the following in order to qualify:

  • Apply in person at a Social Security office.
  • Provide a statement explaining the reasons for needing a new number.
  • Provide current, credible, third-party evidence documenting the reasons for needing a new number.
  • Provide original documents establishing U.S. citizenship or work-authorized immigration status; age; identity and evidence of a legal name change, if appropriate.

According to Adam Levin, co-founder of Credit.com and author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves,” it can be difficult, if not downright impossible, to get a new number. And even if you do qualify, you may want to consider the impact of making a switch. In many cases, employment information and medical records are associated with your former Social Security number.

What If a Stranger Has My SSN?

If you know your Social Security number has been compromised, you should do a credit freeze, Levin said. Credit freezes let consumers deny potential creditors access to their credit reports, and, as such, prevent new accounts from being taken out in their name, especially when their credit is frozen at each major credit reporting agency.

Of course, a credit freeze will also make it harder to take out new lines of credit. You would have to thaw your report and then refreeze it (often for a price) before applying for a loan. Levin said you can lessen the hassle by asking a prospective creditor what bureau they use to check credit. If there’s only one, you’ll just have to thaw your report with that bureau.

If you’re hesitant to freeze your reports, at the very least, you should keep a close eye on your credit. You can sign up for credit monitoring or fraud alerts with each bureau, and you can check your credit yourself. (You can pull your credit reports for free each year at AnnualCreditReport.com and view your credit score for free each month on Credit.com.) Signs your identity has been stolen include unfamiliar addresses and accounts, and a sudden drop in your credit score.

Dealing With Identity Theft

Keep in mind “just doing a credit freeze and just monitoring isn’t going to help you in certain situations,” Levin warned, especially when it comes to a compromised Social Security number. Keeping an eye on your credit, for instance, won’t alert you to medical identity theft, taxpayer fraud or, worse, any criminal activity linked to your name.

To minimize the damage any of these examples could cause, you’ll need to stay vigilant. Keep a close eye on statements, like any bills or explanation of benefits your insurer sends your way. You can file your taxes early to avoid a stolen refund, and contact the IRS to flag your account, Levin said (although this is not fail-safe).

If you do fall victim to identity theft, you’ll want to report the fraud to the proper authorities: File a police report and register a complaint with the Federal Trade Commission and the Federal Bureau of Investigation. Some states also give victims special documentation that identify them as an identity theft victim and can help reverse fraud stemming from it, Levin said. These ID cards can often be obtained by contacting the state attorney general’s office. You can learn more about dealing with identity theft here.

[Offer: If you’re a victim of identity theft, worried about errors on your credit reports and you don’t want to go it alone, you can hire companies – like our partner Lexington Law – to manage the credit repair process for you. Learn more about them here or call them at (844) 346-3296 for a free consultation.]

More on Identity Theft:

Image: idealistock

The post Oops. I Gave My Social Security Number to a Stranger appeared first on Credit.com.

2015: The Year in Data Breaches

crawl space

Every year at about this time, technology reporters typically recount the big computer crimes from the past 12 months and proclaim “The Year of the Hacker” or some such moniker. This year, it fits.

Two years ago, the Target hack ushered in a new era of credit card theft awareness and ultimately helped inspire a big change in the way Americans use plastic. But as we all know, theft of credit and debit card information has a limited impact on consumers (fraud liability generally falls to the merchant or financial institution, if reported in a timely fashion).

On the other hand, theft of Social Security numbers, health care data and even fingerprints, by the millions … well, that’s a much bigger big deal. And that’s what U.S. consumers faced in 2015.

Data theft has moved far beyond credit card fraud. Today, millions of Americans have to live with the fact that agents acting allegedly on behalf of a foreign government now hold their SSNs and fingerprints — identity markets that are difficult, if not impossible, to change. And loss of that data makes them vulnerable, potentially, forever. That’s the real story of 2015.

A More Personal Breach

“This year proved once again the breaches have become the third certainty in life because the bad guys have proven they are more persistent, creative and increasingly sophisticated than the good guys,” Adam Levin, co-founder of Credit.com and author of new book, Swiped, which chronicles the extent of the ID theft problem, said. “While consumers, government and business are more aware of the issues, there is still a lack of understanding as to what needs to be done, resistance to allocate the proper resources to do what needs to be done and countless legacy systems that impede our ability to do what needs to be done.”

The Identity Theft Resource Center says there were 750 announced data leaks in 2015, and all tallied, 178 million records were lost or stolen. Also a headline from 2015: hackers’ new focus on healthcare data. Nearly 122 million healthcare records were stolen during 264 reported breaches, the most of any industry, the ITRC says. Government records were the second most commonly stolen — 24 million in 59 leaks. Comparatively speaking, the 5 million records lost in 69 leaks by the financial industry seems small.

The year in hacking got off to a fast start, when health insurance provider Anthem Inc. revealed it had been hacked in early February. Ultimately, the firm said that up to 80 million consumers were impacted. There were plenty of reports blaming China for the attack. While hack “attribution” is often an inexact science and the FBI rarely makes its conclusions public, it wouldn’t be the final allegations against Chinese hackers.

Nor would it be the last major health data hack. A month after Anthem’s announcement, Primera Blue Cross revealed that hackers stole data on 11 million consumers. There were plenty of reports that the same hackers were involved in both incidents, meaning the Chinese government might have been involved, but again, the allegations were denied by China and clear evidence was never made public.

Then, the big one hit.

Hackers Hit Home

In June, the Office of Personnel Management — Uncle Sam’s Human Resources department — revealed it had been hacked and 4 million government employees were at risk. Later, the number was raised to 18 million. Then 21.5 million. And the at-risk pool was expanded to former government workers and potentially anyone who had been used as part of an federal employee background check. Stolen data ranged from Social Security numbers to security clearance information to, in 5.6 million cases, fingerprints. Once again, reports blamed Chinese hackers. Once again, the culprits remain at large.

The hacking incident dominated tech headlines for months, and the federal government is still notifying victims. Meanwhile, all these alleged China-led hacker attacks became a major topic of discussion when President Obama and Chinese President Xi Jinping met in September. The two world leaders announced the U.S. and China wouldn’t attack each other through the Internet, though many security firms are skeptical the announcement had any real impact.

It certainly had little impact on computer criminals trying to gain illegal access to large consumer databases. Only a few weeks later, in October, T-Mobile revealed that its credit check provider Experian had been hacked and 15 million consumers were put at risk.

Meanwhile, big numbers aren’t the only reason consumers should be concerned. Smaller hacks can have a bigger impact, depending on the data that’s been leaked. The IRS “Get Transcript” service was hacked this year, and eventually, the agency had to reveal in August that criminals accessed more than 300,000 taxpayers’ accounts. Given the focused nature of the attack and the precise data stolen – old tax returns – victims are at serious risk for full-blown identity attacks.

Also this summer, password-storing service LastPass announced that criminals had gained access to encrypted passwords belonging to potentially 7 million users. The thieves still faced the uphill battle of cracking the password file’s encryption, so the incident was not quite the disaster it sounded like at first. Still, consumers were told to change master passwords immediately, and were put on notice once again about the fragility of seemingly safe computer systems in the 21st century.

More Big Breaches Ahead?

No doubt, 2016 will bring even more cautionary tales.

“As breaches have become the third certainty in life and the identity theft that flows from them is the new norm, businesses and consumers need to follow the 3Ms: minimize the risk of exposure, monitor and manage the damage,” Levin said. “Business leaders need to shore up their cyber defenses by instituting data segmentation, encryption, employee training on security protocols and penetration testing. Consumers need to remain vigilant and adopt a culture of self-monitoring. They should check their accounts on a daily basis, sign up for transactional monitoring from their bank and use long and strong passwords that don’t repeat across accounts.”

Just about every consumer involved in all these hacks received some kind of free credit monitoring offer. They are always worth accepting, but it’s important to know that credit monitoring can offer only limited protection against identity theft. In the end, consumers are ultimately responsible for discovering ID theft themselves. The best way to do that is regular monitoring of credit reports through AnnualCreditReport.com and use of a free credit score tool like the one provided by Credit.com.

More Money-Saving Reads:

Image: iStock

The post 2015: The Year in Data Breaches appeared first on Credit.com.

2015: The Year in Data Breaches

crawl space

Every year at about this time, technology reporters typically recount the big computer crimes from the past 12 months and proclaim “The Year of the Hacker” or some such moniker. This year, it fits.

Two years ago, the Target hack ushered in a new era of credit card theft awareness and ultimately helped inspire a big change in the way Americans use plastic. But as we all know, theft of credit and debit card information has a limited impact on consumers (fraud liability generally falls to the merchant or financial institution, if reported in a timely fashion).

On the other hand, theft of Social Security numbers, health care data and even fingerprints, by the millions … well, that’s a much bigger big deal. And that’s what U.S. consumers faced in 2015.

Data theft has moved far beyond credit card fraud. Today, millions of Americans have to live with the fact that agents acting allegedly on behalf of a foreign government now hold their SSNs and fingerprints — identity markets that are difficult, if not impossible, to change. And loss of that data makes them vulnerable, potentially, forever. That’s the real story of 2015.

A More Personal Breach

“This year proved once again the breaches have become the third certainty in life because the bad guys have proven they are more persistent, creative and increasingly sophisticated than the good guys,” Adam Levin, co-founder of Credit.com and author of new book, Swiped, which chronicles the extent of the ID theft problem, said. “While consumers, government and business are more aware of the issues, there is still a lack of understanding as to what needs to be done, resistance to allocate the proper resources to do what needs to be done and countless legacy systems that impede our ability to do what needs to be done.”

The Identity Theft Resource Center says there were 750 announced data leaks in 2015, and all tallied, 178 million records were lost or stolen. Also a headline from 2015: hackers’ new focus on healthcare data. Nearly 122 million healthcare records were stolen during 264 reported breaches, the most of any industry, the ITRC says. Government records were the second most commonly stolen — 24 million in 59 leaks. Comparatively speaking, the 5 million records lost in 69 leaks by the financial industry seems small.

The year in hacking got off to a fast start, when health insurance provider Anthem Inc. revealed it had been hacked in early February. Ultimately, the firm said that up to 80 million consumers were impacted. There were plenty of reports blaming China for the attack. While hack “attribution” is often an inexact science and the FBI rarely makes its conclusions public, it wouldn’t be the final allegations against Chinese hackers.

Nor would it be the last major health data hack. A month after Anthem’s announcement, Primera Blue Cross revealed that hackers stole data on 11 million consumers. There were plenty of reports that the same hackers were involved in both incidents, meaning the Chinese government might have been involved, but again, the allegations were denied by China and clear evidence was never made public.

Then, the big one hit.

Hackers Hit Home

In June, the Office of Personnel Management — Uncle Sam’s Human Resources department — revealed it had been hacked and 4 million government employees were at risk. Later, the number was raised to 18 million. Then 21.5 million. And the at-risk pool was expanded to former government workers and potentially anyone who had been used as part of an federal employee background check. Stolen data ranged from Social Security numbers to security clearance information to, in 5.6 million cases, fingerprints. Once again, reports blamed Chinese hackers. Once again, the culprits remain at large.

The hacking incident dominated tech headlines for months, and the federal government is still notifying victims. Meanwhile, all these alleged China-led hacker attacks became a major topic of discussion when President Obama and Chinese President Xi Jinping met in September. The two world leaders announced the U.S. and China wouldn’t attack each other through the Internet, though many security firms are skeptical the announcement had any real impact.

It certainly had little impact on computer criminals trying to gain illegal access to large consumer databases. Only a few weeks later, in October, T-Mobile revealed that its credit check provider Experian had been hacked and 15 million consumers were put at risk.

Meanwhile, big numbers aren’t the only reason consumers should be concerned. Smaller hacks can have a bigger impact, depending on the data that’s been leaked. The IRS “Get Transcript” service was hacked this year, and eventually, the agency had to reveal in August that criminals accessed more than 300,000 taxpayers’ accounts. Given the focused nature of the attack and the precise data stolen – old tax returns – victims are at serious risk for full-blown identity attacks.

Also this summer, password-storing service LastPass announced that criminals had gained access to encrypted passwords belonging to potentially 7 million users. The thieves still faced the uphill battle of cracking the password file’s encryption, so the incident was not quite the disaster it sounded like at first. Still, consumers were told to change master passwords immediately, and were put on notice once again about the fragility of seemingly safe computer systems in the 21st century.

More Big Breaches Ahead?

No doubt, 2016 will bring even more cautionary tales.

“As breaches have become the third certainty in life and the identity theft that flows from them is the new norm, businesses and consumers need to follow the 3Ms: minimize the risk of exposure, monitor and manage the damage,” Levin said. “Business leaders need to shore up their cyber defenses by instituting data segmentation, encryption, employee training on security protocols and penetration testing. Consumers need to remain vigilant and adopt a culture of self-monitoring. They should check their accounts on a daily basis, sign up for transactional monitoring from their bank and use long and strong passwords that don’t repeat across accounts.”

Just about every consumer involved in all these hacks received some kind of free credit monitoring offer. They are always worth accepting, but it’s important to know that credit monitoring can offer only limited protection against identity theft. In the end, consumers are ultimately responsible for discovering ID theft themselves. The best way to do that is regular monitoring of credit reports through AnnualCreditReport.com and use of a free credit score tool like the one provided by Credit.com.

More Money-Saving Reads:

Image: iStock

The post 2015: The Year in Data Breaches appeared first on Credit.com.