Guide to Protecting Yourself from 5 Types of Identity Theft
Data breaches are now as inevitable as death and taxes, and they can wreak havoc on your finances.
Identity theft is growing, and it’s not just your credit and debit card numbers you have to worry about. Hackers hit the jackpot when they cracked the network at the U.S. government’s Office of Personnel Management and accessed Social Security numbers, dates of birth and other personal information on more than 4 million federal workers. A second OPM breach, announced in June, involved applicants for security clearances who had revealed intimate details about their lives. That incident brings the total number of people affected to about 22 million.
How to Combat: Stolen Social Security Number | Medical ID Theft | Tax Identity Fraud | Lost/Stolen Electronics | Hacked Credit/Debit Account
In January, health insurers Anthem and Premera Blue Cross discovered that Social Security numbers, dates of birth and insurance ID numbers of tens of millions of customers might have been stolen. Not long after tax-filing season came to a close, the IRS announced that thieves had used stolen data to log in to IRS.gov and access more than 100,000 taxpayer accounts to generate bogus refunds.
All of those breaches came to light in just the first six months of 2015. In 2014, the Identity Theft Resource Center tallied a record-breaking 783 breaches that exposed more than 85 million records. Among them were debit and credit card numbers of customers of Home Depot, Neiman Marcus and Dairy Queen, as well as the names, mailing addresses, e-mail addresses and phone numbers of JPMorgan Chase clients. All told, 76 million households were affected.
To add insult to injury, you may not even know your data has been hacked. In most cases, the gap between a breach and the attacked organization’s discovery of it is months or even years. Still more time passes before the victims are notified, as the company launches an investigation and braces for bad publicity.
Watch Your Back
The widespread potential for identity theft means that we’ll have to remain vigilant—probably indefinitely. Along with death and taxes, breaches have become “the third certainty of life,” says Adam Levin, chairman and cofounder of Identity Theft 911 and Credit.com. You can blame the tidal wave of data thefts on the Internet revolution and the transition from paper to digital records. Hacking into a server from a remote location is a snap.
As attacks become more sophisticated, even companies that attempt to stay on top of cybersecurity are being breached. Thieves can make off with valuable data they can use for their own benefit or post for sale on Internet black markets and evade consequences. “Technology creates opportunities for identity thieves,” says Becky Frost, senior manager of consumer education for Experian’s ProtectMyID monitoring service. “That doesn’t mean they’re giving up such things as Dumpster diving. They’re just adding to their arsenal.”
The perpetrators behind cyber theft range from everyday crooks trying to make a buck to foreign entities determined to spy on, bully or embarrass the government or companies in the U.S. Much theft involving credit and debit card data originates in Eastern Europe and Russia, where criminals target the U.S. because many of our payment transactions still involve outdated technology. Authorities have linked the OPM breach to China. U.S. officials attributed last year’s hack on Sony, which exposed financial information and employee e-mails, to North Korea—an act motivated in part by Sony’s film The Interview, a comedy whose plot revolved around an assassination attempt on North Korean leader Kim Jong-un.
How to Prevent Cyber Attacks
Staying ahead of increasingly sophisticated cyber attacks poses a challenge. According to a recent report from the Ponemon Institute, which researches privacy and security, the top reasons IT professionals gave for their companies' failure to prevent a breach were inadequate preventive security controls, insufficient funding and a lack of in-house expertise.
If laws more broadly restricted the collection and sharing of personal information—and imposed greater penalties on entities that lose such data—consumers’ personal information would be less vulnerable, and organizations might be more motivated to improve security, says Darren Hayes, director of cybersecurity and assistant professor at Pace University. Sometimes victims are compensated through lawsuits. Target has agreed to pay a $10 million settlement to those who can provide evidence that they were affected by the 2013 breach of its customers' credit and debit card numbers and other information. Two federal employees unions have filed lawsuits against the OPM. One claims that the OPM violated employees' constitutional right to privacy. The other accuses the OPM of breaking a federal law when the agency failed to fix cybersecurity weaknesses, despite warnings from the Office of Inspector General.
Some wide-reaching protections are on the way. In response to an October deadline set by payment networks including MasterCard and Visa, banks are issuing debit and credit cards that carry a microchip for more-secure transactions, and merchants are updating their payment terminals to accept them. Those that haven’t complied by October will face liability for fraud that could have been prevented by updating to the newer technology.
If your personal information has been exposed in a breach, you’ll likely receive a notice from the organization that was hacked. (Most states already require breached companies to notify customers. Proposed federal legislation would require companies to alert consumers within 30 days.) Keep in mind that if your personal information is exposed in a breach, it doesn’t necessarily mean it has been fraudulently used, or that it will be. But as the threats expand and cyber crooks find new ways to thwart new defenses, you have a big role to play.
In this guide to combating identity theft, we tell you how to prevent and address the major types. We also include a “scare factor” for each, rated on a scale of one star (mostly an annoyance) to four stars (a full-on threat to your finances). This rating indicates how much damage each form of ID theft could inflict and how difficult it is to remedy.