Identity theft is a lot like the flu. You can do everything right -- minimize your risk of exposure and so forth -- but if you are in the wrong place at the wrong time, then you're toast. You can be standing next to the wrong person on a bus and get the flu, and when your data is sitting on the wrong database and the wrong person gains access, you become a victim of identity theft.
According to the latest study by Javelin Strategy & Research, "almost 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010."
A couple of months ago, I commissioned a poll by GFK Roper to gauge awareness and concern about identity theft. To my chagrin the results were worse than I expected. Approximately 40 percent of the respondents said they believed that threats about the danger and probability of becoming a victim were little more than a marketing ploy cooked up by communications departments at identity theft service providers. Even Consumer Reports recently said that they believed the threat of identity theft was "overblown."
While your risk of becoming ill fluctuates depending upon factors such as the strength of that season's particular flu strain, your chances of becoming roadkill for an identity thief continue to rise. The percentage of all consumers who have become identity theft victims has increased in each of the last three years, as the crime spread to affect 12 million victims in 2012 alone, according to Javelin.
If your Social Security number is exposed in a breach, your risk multiplies. Javelin found that, "consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer."
According to the Open Security Foundation, more than 267 million (yup, that's "million") records were exposed last year in 2,644 data breaches and at least 60 million pieces of personally identifying identification wound up in the hands of identity thieves and fraudsters. Even this astronomical number paints an unnaturally rosy picture, since the actual number of breached records is not reported in more than a quarter of all incidents.
Scammers are able to slither into our lives through more cracks and crevasses these days because they are extremely patient and grow more sophisticated by the hour. This spring, hackers cobbled together enough personal information belonging to celebrities and public figures, including First Lady Michelle Obama, Vice President Joe Biden, Jay-Z, Beyonce and Secretary of State Hillary Clinton to access a government-mandated free credit report site and export the purloined data to a Russian website where it was posted for the world to see. Last month, security researchers discovered a piece of data-stealing malware that attacks Android phones and cannot be deleted. Meanwhile, across the globe, hackers manipulated bank computer systems to create fake prepaid debit accounts, hired thugs to withdraw cash from thousands of ATM machines across more than two dozen countries, and stole more than $45 million in a matter of hours.
Just as the flu virus evolves and mutates over time, becoming more virulent as it responds to and overwhelms vaccines designed to contain and defeat it, hackers and identity thieves are able to avail themselves of quantum leaps in computer processing power used by legitimate companies to create modern Internet authentication and security systems which they then manipulate for their own nefarious purposes.
It's no wonder then that criminals are more effective than the flu at infecting vulnerable segments of our society. However, unlike the flu, which must figure out its next move by the random mutations of natural selection, identity thieves have only to follow the maps that we ourselves create for them. As the latest data from Javelin shows, the bad guys are getting better and better at it.
How to Beat the Identity Theft Flu
If you want to avoid becoming a flu victim, there are precautions you can take. The same can be said for identity theft as long as it is tempered by the reality that you are trying to prevent (or minimize) further damage. Here then are five things you should do that will help mitigate the fallout from being on a compromised database.
This is not a test.
Take breach notices very seriously. Forty-six states and the District of Columbia have laws requiring entities that gather individuals' personally identifiable information (PII) to inform victims when that data is breached. These notifications have proven to be surprisingly effective at predicting fraud. According to Javelin's survey, 12% of all consumers received notice in the previous 12 months that their information had been compromised in a breach. But among actual victims of fraud, a whopping 51% had received such notifications.
God helps those who help themselves.
Many companies, government agencies and nonprofits that suffer data breaches either offer credit and/or fraud monitoring services often for a year or two after the breach takes place. Some even provide access to fraud experts to help victims resolve the issue. Credit monitoring is not the silver bullet but it can be a reasonably effective early warning tool to help detect suspicious activity. A combination of credit and public records monitoring is a more effective detection suite. If they offer monitoring and access to a fraud resolution expert, you would be irresponsible not to accept. Identity theft is not something you should face alone.
Check to see if you already have a damage control program.
Through a variety of other relationships, you may already have access to someone who can help you deal with the problem. If you discover that there's a chance your personal information has been improperly accessed, immediately contact your insurance agent, the Human Resources Department where you work, your bank or credit union representative. It is quite possible that one of these institutions may offer such a service at minimal cost or as a free perk to customers, clients, members or employees.
Contact the credit reporting agencies.
Put a fraud alert on your file or "freeze" your credit. With an alert, you're placing a note in your credit file requesting creditors to take extra steps before granting new credit in your name. Alerts must be renewed every 90 days, and can be extended for up to seven years. Unfortunately, many creditors don't follow them, which may make them less effective.
The other option is a credit freeze. This makes sense if you're relatively sure your personal information has been compromised. Unlike an alert where it's possible to access your own credit with sufficient additional identification, a freeze blocks anyone from opening any new credit accounts, including you. The process can prove somewhat cumbersome, however if you actually need more credit--thawing and re-freezing your credit requires advance notice, and can cost between $5 and $20, depending on your situation and state.
Adopt a culture of monitoring
Pay close attention to all of your accounts. This is something you should do as a matter of course, anyway. Your credit is a portfolio. It's an asset just like your investments and must be continuously built, nurtured, monitored and protected. You can also enroll free of charge in a variety of programs offered by banks, credit card issuers and credit unions that notify you whenever a transaction (or a transaction in excess of a designated amount) occurs in any of your accounts.
However, if your personal information has been improperly accessed, this process becomes even more critical and should not be limited to financial accounts. The ramifications of identity theft go way beyond stolen dollars and cents. It could lead to lives endangered or lost. Medical, criminal, synthetic and tax-related identity theft can land a victim on a no fly list, in jail, standing in front of IRS criminal investigators, or in the morgue. That's why you must check your Social Security Annual Earnings Statements, health insurer's Explanation of Benefits, Lexis Nexis CLUE reports, medical records and any other report that can be accessed.
An ounce of prevention
The quicker you detect identity theft the more ammunition you have to challenge fraudulent charges and immunize other segments of your life from contagion. It's similar to the flu, with one grave exception. If you are a victim of identity theft, staying in bed and hiding under the covers will only make things worse.