Identity theft is growing, and it’s not just your credit and debit card numbers you have to worry about. Hackers hit the jackpot when they cracked the network at the U.S. government’s Office of Personnel Management and accessed Social Security numbers, dates of birth and other personal information on more than 4 million federal workers. A second OPM breach, announced in June, involved applicants for security clearances who had revealed intimate details about their lives. That incident brings the total number of people affected to about 22 million.
How to Combat: Stolen Social Security Number | Medical ID Theft | Tax Identity Fraud | Lost/Stolen Electronics | Hacked Credit/Debit Account
In January, health insurers Anthem and Premera Blue Cross discovered that Social Security numbers, dates of birth and insurance ID numbers of tens of millions of customers might have been stolen. Not long after tax-filing season came to a close, the IRS announced that thieves had used stolen data to log in to IRS.gov and access more than 100,000 taxpayer accounts to generate bogus refunds.
All of those breaches came to light in just the first six months of 2015. In 2014, the Identity Theft Resource Center tallied a record-breaking 783 breaches that exposed more than 85 million records. Among them were debit and credit card numbers of customers of Home Depot, Neiman Marcus and Dairy Queen, as well as the names, mailing addresses, e-mail addresses and phone numbers of JPMorgan Chase clients. All told, 76 million households were affected.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
To add insult to injury, you may not even know your data has been hacked. In most cases, the gap between a breach and the attacked organization’s discovery of it is months or even years. Still more time passes before the victims are notified, as the company launches an investigation and braces for bad publicity.
Watch Your Back
The widespread potential for identity theft means that we’ll have to remain vigilant—probably indefinitely. Along with death and taxes, breaches have become “the third certainty of life,” says Adam Levin, chairman and cofounder of Identity Theft 911 and Credit.com. You can blame the tidal wave of data thefts on the Internet revolution and the transition from paper to digital records. Hacking into a server from a remote location is a snap.
As attacks become more sophisticated, even companies that attempt to stay on top of cybersecurity are being breached. Thieves can make off with valuable data they can use for their own benefit or post for sale on Internet black markets and evade consequences. “Technology creates opportunities for identity thieves,” says Becky Frost, senior manager of consumer education for Experian’s ProtectMyID monitoring service. “That doesn’t mean they’re giving up such things as Dumpster diving. They’re just adding to their arsenal.”
The perpetrators behind cyber theft range from everyday crooks trying to make a buck to foreign entities determined to spy on, bully or embarrass the government or companies in the U.S. Much theft involving credit and debit card data originates in Eastern Europe and Russia, where criminals target the U.S. because many of our payment transactions still involve outdated technology. Authorities have linked the OPM breach to China. U.S. officials attributed last year’s hack on Sony, which exposed financial information and employee e-mails, to North Korea—an act motivated in part by Sony’s film The Interview, a comedy whose plot revolved around an assassination attempt on North Korean leader Kim Jong-un.
How to Prevent Cyber Attacks
Staying ahead of increasingly sophisticated cyber attacks poses a challenge. According to a recent report from the Ponemon Institute, which researches privacy and security, the top reasons IT professionals gave for their companies' failure to prevent a breach were inadequate preventive security controls, insufficient funding and a lack of in-house expertise.
If laws more broadly restricted the collection and sharing of personal information—and imposed greater penalties on entities that lose such data—consumers’ personal information would be less vulnerable, and organizations might be more motivated to improve security, says Darren Hayes, director of cybersecurity and assistant professor at Pace University. Sometimes victims are compensated through lawsuits. Target has agreed to pay a $10 million settlement to those who can provide evidence that they were affected by the 2013 breach of its customers' credit and debit card numbers and other information. Two federal employees unions have filed lawsuits against the OPM. One claims that the OPM violated employees' constitutional right to privacy. The other accuses the OPM of breaking a federal law when the agency failed to fix cybersecurity weaknesses, despite warnings from the Office of Inspector General.
Some wide-reaching protections are on the way. In response to an October deadline set by payment networks including MasterCard and Visa, banks are issuing debit and credit cards that carry a microchip for more-secure transactions, and merchants are updating their payment terminals to accept them. Those that haven’t complied by October will face liability for fraud that could have been prevented by updating to the newer technology.
If your personal information has been exposed in a breach, you’ll likely receive a notice from the organization that was hacked. (Most states already require breached companies to notify customers. Proposed federal legislation would require companies to alert consumers within 30 days.) Keep in mind that if your personal information is exposed in a breach, it doesn’t necessarily mean it has been fraudulently used, or that it will be. But as the threats expand and cyber crooks find new ways to thwart new defenses, you have a big role to play.
In this guide to combating identity theft, we tell you how to prevent and address the major types. We also include a “scare factor” for each, rated on a scale of one star (mostly an annoyance) to four stars (a full-on threat to your finances). This rating indicates how much damage each form of ID theft could inflict and how difficult it is to remedy.
How to Combat: Stolen Social Security Number | Medical ID Theft | Tax Identity Fraud | Lost/Stolen Electronics | Hacked Credit/Debit Account
-
Stock Market Today: Nasdaq Spirals as Netflix NosedivesA big earnings boom for credit card giant American Express helped the Dow notch another win.
-
Get These 40 Earth Day Deals and DiscountsMonday, April 22, is Earth Day. Many of your favorite retailers are celebrating with deals on sustainable products, recycling services, and more
-
403(b) Contribution Limits for 2024retirement plans Teachers and nonprofit workers can contribute more to a 403(b) retirement plan in 2024 than they could in 2023.
-
Roth IRA Contribution Limits for 2024Roth IRAs Roth IRA contribution limits have gone up for 2024. Here's what you need to know.
-
Four Tips for Renting Out Your Home on Airbnbreal estate Here's what you should know before listing your home on Airbnb.
-
Five Ways to a Cheap Last-Minute VacationTravel It is possible to pull off a cheap last-minute vacation. Here are some tips to make it happen.
-
Social Media Scams Cost Consumers $2.7B, Study ShowsScams related to online shopping, investment schemes and romance top the FTC's social media list this year.
-
How Much Life Insurance Do You Need?insurance Instead of relying on rules of thumb, you’re better off taking a systematic approach to figuring your life-insurance needs.
-
When Is Amazon Prime Day?Amazon Prime In 2023 Amazon had two Prime Day events — one in July and another, called Big Deal Days, in October. We expect 2024 to follow the same schedule.
-
How to Shop for Life Insurance in 3 Easy Stepsinsurance Shopping for life insurance? You may be able to estimate how much you need online, but that's just the start of your search.
