Recently, I received a form letter from the third-party company that sends paper checks to my monthly creditors who do not accept electronic transfers from my bank. It was alarming to learn that my personal details - name, address, birthdate, bank transactions, Social Security number and few other items of identity - had been taken, along with those of 100,000 other people's by an employee of the company.
The letter said there was no indication that any fraud had been perpetrated in my name (yet), listed the actions I could take to safeguard my identity and blah, blah, blah.
When, 12 years ago, I first took on the additional task of privacy officer at the website where I worked, identity theft was in its infancy. Hardly anyone had heard of it and fewer took it seriously.
No sooner had I educated myself about the ease with which one’s identity can be stolen than I was asked for my Social Security number while purchasing a sweater by telephone. When I refused, the customer service representative told me it was required to track the sale. I did not buy the sweater.
According to the Identity Theft Resource Center, ID theft is the fastest growing crime in the U.S., and in some other countries too. During just the first six months of 2007, in the United States alone, the Center has tracked 187 corporate security breaches [pdf] involving the exposure of 64,940,727 records of personal information.
The types of organizations from which this information was exposed or stolen will surprise you. Universities are at the top of list along with medical organizations. Others include JP Morgan Chase, IHOP, AOL, IBM, Turbo Tax, Radio Shack, Xerox and a number of federal and local government agencies including FEMA.
Although other identifying numbers – credit or debit card numbers, drivers licenses, etc. - can lead thieves to steal your identity, Social Security numbers are the prize with which thieves can loot bank accounts, take out loans in your name, open credit card accounts, access your tax records, and use your identity when arrested by the police.
This makes elders particularly vulnerable because we use our SS numbers more frequently than many younger people for transactions regarding Social Security benefits and Medicare which uses that number to identify us.
Remember that only certain government agencies, employers and organizations that are required to report financial transactions to the government, can legitimately require your Social Security number, so don't give it out to anyone else. Retailers, such as the company from which I tried to buy a sweater, cannot and should not ask for that number. I have stopped using one credit card because the issuing bank requires my Social Security number for identification with them.
Identity theft is a federal crime. The Identity Theft and Assumption Deterrence Act of 2003 (ITADA) amended the U.S. Code, s. 1028 criminalizes the unlawful possession, transfer and use of identification documents without lawful authority.
Which is not much help because it is difficult to find perpetrators of identity theft and identity fraud and worse, it is a nightmare of phone calls and paperwork over many months to restore your credit when your identity has been stolen. Here is a reporter’s personal story from 2004 that gives a general idea but was not nearly as devastating as it can be.
The best deterrent is vigilance:
- Never carry your Social Security card with you
- Use complex passwords online and don’t give them to anyone
- Do not store personal or financial information on your computer
- Shred financial documents before throwing them away
- Be alert for phishing scams
- Get your credit reports from all three agencies – Equifax, Experian, TransUnion. You are entitled to one free report from each of them annually.
Although none of us can do anything about slipshod security practices by companies we do business with, the above measures will help, and here is a list of resources with further information:
As to the third-party company who informed me of their security breach and my stolen personal information, they offered no help that would involve them. It is up to me to contact my bank, watch my bank statements and credit reports at the three reporting agencies and be on constant lookout for theft.
This is not good enough. Corporations that are lax in protecting our information should be required to monitor the accounts of the people whose information has been taken and will be sold to criminals perhaps many times over.
That's not going to happen any time soon and whether it is up-front vigilance every day or follow-up when information has been stolen, it is up to each of us individually to do the work. Repairing one's credit when identity has been stolen is a nightmare of mounds of paperwork and telephone calls and it can take years to restore one's identity.
[At The Elder Storytelling Place today, Joy Des Jardins tell about a couple of kid-icky food experiences from her childhood in Cinderella and the Bomb.]