Wayyyyyy OT: What to do in case of a personal data breach
I just got an email from the Louisiana Office of Motor Vehicles that they had a data breach and that I am one of the people whose data has been compromised. I can only assume that my SSN, address, birth date, driver’s license number, etc. have all been accessed.
So my question for the board is: What the hell should I be doing right now, ASAP, pronto?
They are offering one free year of LifeLock Standard. Is this worthwhile?
Mods please delete if this is too far off-topic. I know I could google this but I thought it would be good to get input from some smart people who may or may not have been in a similar situation. I also thought it could be useful for others as well.
Lifelock is basically giving your info to yet another company that can be (and has been) breached. And what’s one free year gonna do? It’s basically the most shameless of scams: we lost your info so let’s monetize the mistake with a tie-in to effin’ Norton.
I suggest freezing your own credit so the thieves can’t take out loans and sign up for credit cards using your identity. You need to contact all three major credit bureaus (Transunion, Experian, Equifax) separately.
Plus one to this approach. I have frozen all my credit reports for the past 4 years. I am retired and don’t get CCs or loans, so it is easy for me. Problem is that you’ll have to unlock one or two of them whenever you need credit.
this is the safest approach.
I agree and did this after the big equifax breach years ago. Both mine and my wife’s credit is frozen and I would get a notification if that ever changed. Sometimes it’s a pain to unfreeze it when we apply for credit but we don’t do that very often anymore anyways. It’s probably 10 min of work so it’s not too bad I guess.
In todays world I just assume all my info is available to anyone who wants to pay for it and I just try to take all the precautions I can
In todays world I just assume all my info is available to anyone who wants to pay for it and I just try to take all the precautions I can
This is truth. I think I’m up to 5 or six times that my info has been breached. I’ve had a monitoring service ever since the first one (company provided).
The one VERY important thing when you freeze your credit: don't lose the password to unfreeze it.
Logged in to say the same. To me, that's the safest and most fool-proof way to ensure nobody can do something with my identity. It's a hassle when you need a credit check, but I have no loans to take out, and it's a fairly quick process to temporarily unfreeze your credit at each of the agencies. A minor hassle to ensure that nobody can take out new loans, credit cards, etc with my identity. And in this day and age, with all the data breaches that have taken place, we should all assume our identities have been compromised.
I bought a car for my daughter recently, financed a part of it to get an additional rebate. I forgot to unfreeze my credit. didnt matter chase approved the loan anyway. a little annoying to say the least. I knew their inquiry was blocked because I got the notification while I was sitting there, figured they would be out to tell me there was a problem, nope, just paperwork.
Yes, Lifelock immediately. They do the early legwork for you. Then keep your credit files locked, forever, after Lifelock expires. Including your entire, immediate family.
Being locked is a nuisance at times, but a very minor one relative to the large benefits derived. Just do it NOW!
Good luck. 🤞
Lifelock got breached this year.
As long as your credit files are locked, that's all that matters. And yep, I understand. One of the 3 credit agencies was also "breached", IIRC, several years ago. Locking/freezing OP's credit files is paramount.
Poster needs to be prepared for some very weird emails too and notifications of new subscriptions. Start changing passwords ...
Thanks!
I'm a novice on these financial issues. When you say to keep my credit files locked, do you mean call the credit agencies for that?
Yes, all of them. Can usually be done online too, IIRC. Easy and free. You will be "quizzed" extensively to try to check if you are who you assert you are.
And it's free to temporarily lift a freeze for short time windows if you need to take out a loan. Your proposed creditor will usually be able to tell you which agency they use, so all you need to do is lift your freeze with just one of them --- saving you some time and effort. All the creditor needs is a 24 hour lift then the file locks shut automatically.
The only thing I’d add is to make sure you record or somehow retain account/pw info for each of the services. We’ve locked our files for maybe 10 years now and getting online or calling to do a temporary unlock is pretty easy assuming you’ve retained account info/credentials. And usually a business like a car dealer or bank only uses 1 of the 3 so we’ve only ever had to unlock 1 of the 3 at any given time.
Additional thought - as has been noted most people’s SSN info etc is out and floating around but I’ve adopted the practice of never providing my SSN to any business that asks; I just leave that blank on whatever form I’m completing. They almost always never even ask and the one place that did ask couldn’t answer why they needed it so I just politely declined and they moved on.
Send me your bank account # and PIN and I’ll take a look.
damn it! You beat me to this joke
figures, ski bums think alike
Nigerian princes are some of the most trustworthy people on the internet.
I wonder what the Nigerians think of those American princes.
I'll let you know when she arrives. The check should be here next week, then I'm bringing her over. Better than a mail-order Russian bride because she brings a fortune with her. Woohoo!
Within the last few years I've had ID theft. Such a pain in the ass. Yes, get with the three credit agencies ASAP and make sure everything checks out. You want notification of any attempt to establish credit lines, etc in your name and then you just need to monitor it regularly. Credit card stuff at least gets corrected without too much hassle (I can't imagine how much money gets eaten on this yearly) but someone getting into assets or titles would be a nightmare, I would bet.
blue, suggest you take your wallet out of your pocket, pull out all the credit and ID cards, turn them over, and start calling the 800 #'s to get new cards, new card #'s, stop any charges after 'X' date, etc. won't take you 20 minutes and it'll be quicker and more effective than the lifelock offer.
Having been in two "breaches"? I can say that my credit cards were never impacted. Those were only compromised by:
a) the waitress at a local restaurant (can I get my tip refunded, dear) and
b) by a German credit card processor who, cleverly enough, then started to charge small items against the card using the name, Amazom. Points for effort, but - nope.
Edit/add: DMV probably didn't keep the CVV of OP's credit card on file. Need that number (and billing zip code) to really be dangerous with someone's credit card.
Second add: Blue? If you ever used a debit card at the DMV? That card should be changed instantly. Debit cards have major vulnerabilites. Again, good luck!
Yup, definitely cancel the debit cards. Credit cards offer extreme consumer protections against fraud liability, so there's no reason to preemptively cancel them.
Thanks for the recommendation. I try not to use my debit card, but stick to credit cards. I'll be getting a new debit card on Monday just in case, though.
I can't even recall all the times I've been notified that some company with my info was breached -- Yahoo, Anthem, Facebook, eBay, Target, Equifax, Capital One, etc etc
I never did anything crazy. Change your passwords, sign up for 2 Factor Authentication where available. I think the most important thing is to actually monitor your emails for sign-in notices, password change requests, application notices, and so on (some people just let thousands pile up without looking). Most credit cards offer some form of free credit monitoring, so you can utilize those.
Even the breach notifications via email can be scams. I get those all the time. An easy way to check for a scam email is to look at the sender's email address. If it's [email protected] or something ridiculous like that it's probably a scam email. If it has the @facebook.com or @target.com, etc, then chances are it's legit.
The better question is what have you already been doing? There is a much better chance you were already a victim of a data breach and were never informed. Even worse is that the large majority of data breaches are never discovered until years later and even then you are never informed.
It is no longer just about what the victims should do but what should happen to those companies and agencies who allowed it to happen.
If they did everything they possibly could which includes encrypting the data, restricting access to unencrypted data to only the absolute bare minimum of essential employees, and requiring two factor authentication to unencrypt data then they shouldn't be punished. However, where we are now is they aren't doing everything they can to actually secure this data and are getting by with a simple we're sorry.
Essentially this ^^
Everyone should presume their data has been stolen. What can be done with that information?
1. Open new accounts/credit cards/credit lines in your name
2. Gain access to current bank/credit accounts
3. File false tax returns
4. Get health insurance
(there are more, but I'm forgetting them right now and I think they're less consequential)
So, make sure you lock up your accounts as best as possible. Remember the principles of multifactor authentication: something you know, something you have, something you are. Set that up right away. You can file something with the government as well notifying of ID theft and that will make filing false returns harder.
I think signing up for a credit monitoring service is fine or you can put a credit freeze as others suggested. That's fine if you're not planning on changing your credit card, buying a home/car, starting a business, etc.
Sorry this happened to you and, really, all of us...
Go to the three credit major reporting companies (Equifax, Experian, TransUnion) and freeze your credit. You have to do it separately on each one, but no one, not even you, can open any line of credit or loan as long as they are frozen. Freezing won't affect your credit score. I keep mine frozen as a matter of course. It's also easy to un-freeze.
https://www.nerdwallet.com/article/finance/how-to-freeze-credit
Just go fuck up your credit yourself before anyone else can do it.
Covertly travel to some Eastern European country, go wild with your credits cards and have a good time. Come back to the US, and report it all as fraud.
Again?
I’ve been trying unsuccessfully for years to get someone to steal my identity. They’re welcome to it and I’ll swear on a stack of bibles that they’re me. I’d really love to see their face when they realize what they’ve gotten themselves into.
Those lifelock type things are basically garbage.
1) Set up a Credit Karma account, this way you can see your open credit accounts and check it (even daily if you want to) for free to make sure nothing unusual pops up.
2) Freeze your credit with all 3 of the bureaus (Experian, TransUnion and Equifax). Just takes a few minutes at each of their websites.
3) Take a deep breath, my info was in that big OPM data breach years ago, but with 1) and 2) in place, so far nothing has happened.
FWIW, you almost certainly have free credit monitoring available from your credit cards and bank/CU accounts. There's no reason to voluntarily give Intuit permission to harvest your data.
Don't open things on websites and never interact with bloggers. Learn Morse Code. Do not respond to people you do not know.
This will lessen "points" of interest.
Thanks for all the suggestions.
- Called the credit services and put a freeze on any new credit.
- Called the bank and credit card companies and they told me to keep an eye on any activity.
- I'll also take a look at Credit Karma.
- Checking prices of flights to E. Europe. Would S. or C. America work in a pinch?
One thing I don't see mentioned above is getting an Identity Protection PIN from the IRS (link). That will stop criminals from filing fraudulent tax returns.
Good idea. Thanks!
Another thing to do going forward is make sure you file your taxes as early as possible every year. Best practice anyway, but it gives thieves less time to get first dibs filing returns using your info. It’s a pain in the neck when you file and come to discover someone already filed in your name.
I had a really clever and persistent loan scam emailing me this year, and instead of thinking about it, I put a freeze on my credit. Took maybe 15 minutes, set up profiles on the 3 credit agencies, and clicked a button to freeze my credit. Nobody can open accounts or take out loans in my name, the only thing I have to worry about would be charging to my existing credit cards, but I don't, because my credit companies are pretty diligent and will gladly overturn charges for me.
How can you wonder if a free "whatever" if worthwhile?
Btw I got the same email and I don't even live there. I visit often so maybe I ended up on that list somehow, I have no idea.
How can you wonder if a free "whatever" if worthwhile?
I wasn't asking whether it was worth the money. Others (see dragonchild's comment) think it isn't worthwhile.
I guess this is where we're different. I just do it for free, can't hurt. Unless it takes longer than a few minutes, the risk reward is correct.
I would add that you will want to go to social security (ssa.gov) and irs websites and create accounts there, if you don't already have them. Already having an account there will hinder new accounts being created under your name.