Dealing with Another Data Breach…
Another massive data breach has occurred.
Well it looks like it has happened again. In August 2024, National Public Data, a background check service, confirmed a significant data breach that exposed sensitive personal information, including millions of Social Security numbers. This breach is believed to be linked to a hacking attempt from late 2023 and has led to the leak of 2.7 billion records, with some reports suggesting that 2.9 billion records were compromised.
The exposed data includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses. This massive leak puts affected individuals at risk of identity theft, fraud, and other malicious activities. Instances of breaches such as this have almost become commonplace. Most compromised companies are relatively quick to report breaches to the public. Unfortunately, it took a class action lawsuit to bring the breach to public attention.
What do we do now?
There is an old saying about closing the barn door after the cows have gotten out. While the implied wisdom is good for many situations, it doesn’t apply well to data breaches. We certainly want to take some positive actions once we know our “data” cows have gotten out of the “server” barn. Here are a couple important steps to take to protect yourselves post data breach.
Check your credit report and freeze your credit – First, check with Experian, Equifax, and Transunion to confirm whether you have a security freeze on your credit reports.
If you have a security freeze in place with each credit reporting company, great! You are a step ahead. There are a few more things to do, so keep reading.
If you do not currently have a freeze in place, go directly to annualcreditreport.com and pull your free credit report from all three credit reporting companies, Experian, Equifax and Transunion.
Before you do anything on the website verify that you are at the correct place. The URL in the browser window should read annualcreditreport.com. There are many sponsored sites that look very similar to annualcreditreport.com. These sites are not the site that allows you to get your credit report for free. If the site you landed on is asking for money, back up and check the URL.
Once you verify you are in the correct location, follow the steps to pull all three of your credit reports. If you need assistance, please do not hesitate to reach out to us at hello@myciwm.com. )
Review your credit reports to ensure you do not see any activity that is not yours. If you find any incorrect information on your credit report, reach out to our team and we will help you dispute incorrect information.
Once you either determine there is no incorrect information or you have disputed incorrect information, return to each of the three credit reporting companies and place a security freeze. You must place a freeze at each company separately.
Now that you have confirmed your security freeze or placed a security freeze, it is time for the next steps.
Update your passwords — everywhere. I know this is a big task. Think about how we access websites when we have lost our password. We verify things like our date of birth, social security number, address, other email addresses, and phone numbers. If you do not already use a password manager, we strongly recommend getting one. There are a number of options to choose from. Like everything else in tech, the password manager landscape continues to evolve.
Make sure your passwords are secure by following best practice recommendations.
Use 16 characters-longer is stronger
Make it random
A passphrase with substituted numbers or symbols can work too.
Each site should have a unique password.
Take advantage of multi-factor authentication whenever and wherever possible.
Proactively protect your driver’s license – Many states are behind the times when it comes to helping people who have been victims of identity theft, which is basically all of us at this point. What can we do? A few things are recommended to stay on top of potential identity theft and fraud.
Check your mail and open all of it. If you receive a traffic ticket or other notice that does not belong to you immediately follow up with the issuer and your DMV. File a fraud report with the DMV and your local law enforcement agency, as well as the agency that issued the ticket.
Some states allow you to add an indicator to your record which may prevent further fraud. However, often times this is only allowed after the fact.
Secure your SSA.gov account. Most of us don’t think of logging into SSA.gov until we get closer to reaching our minimum age for claiming Social Security. However, the sooner you access your record and set up your log in, the less chance someone else has to do the same. SSA.gov is moving their log in to Login.gov. You can learn more about Login.gov here.
File an Identity Theft Report with the Federal Trade Commission – If you have discovered that someone else is using your identity, it is important to file an Identity Theft Report with the FTC and local law enforcement. Filing with the FTC can be done online at https://www.identitytheft.gov/ . Keep a copy of your report in a secure location where you will be able to access it in the future if needed. Once you have filed the Identity Theft report with the FTC, follow the procedures for filing with your local law enforcement. Generally speaking you will need to share the FTC Identity Theft Report, provide a photo ID, provide proof of your address, and provide proof of identity theft.
Tax-related identity theft is a particularly stressful form of identity theft because it involves working with the IRS. First, if you have a relatively simple tax situation (one or two W-2 incomes for example), filing as early as possible in the tax season is one of the best defenses against tax-related identity theft. We all need to be alert for the following signs of tax-related identity theft:
Letters from the IRS noting a suspicious return you did not file
Having your e-filed return rejected because of duplicate Social Security number
Receiving a tax transcript by mail you did not request
Getting a notice your online account has been accessed when you did not take action
Thankfully, you don’t have to wait to be a victim to take action. Data breach victims may submit a Form 14039, Identity Theft Affidavit online, or by completing the fillable Form 14039 PDF, printing and then mailing or faxing the form to the IRS. Again, if you discover you have been the victim of tax-related identity theft, please reach out to us. We are here to help.
And remember—the IRS will not call you on the phone. The IRS sends letters and notices.
Wrapping this up and moving on. Taking actions as listed above can protect us all against identity theft. Keep in mind, that often, we are our own worst enemies when it comes to identity theft. Be vigilant against clicking links in emails or against responding to random phone calls from your bank or other financial institutions. Scammers are evermore convincing and sophisticated. We can protect ourselves by limiting access through security freezes, updating our passwords to unique, secure passwords, by reporting spam and phishing attempts on our phone and in our email, and by cross-verifying requests for information.
And remember, if you need us, we are here.
Warmly,
Adrienne and the Clear Insight Team