What Happens When Your Identity Is Stolen?
The IRS has announced that it will be notifying taxpayers after third parties gained unauthorized access to information on about 100,000 accounts through the “Get Transcript” online application. You can view more about the breach via a statement on the IRS’s website.
More About Identity Theft:
According to the Federal Trade Commission’s 2014 Consumer Sentinel Network Data Book, identity theft once again tops consumer complaint categories in 2014. Identity theft can be committed in many ways: from non-technical methods such as stealing purses or “dumpster diving” for documents that have been thrown away that contain sensitive data; to technical methods such as deceptive phishing e-mails that include malware containing spyware or Trojan horses.
When it comes to phishing and social engineering scams, scammers use fake email addresses and websites to try to make them look like they are coming from a legitimate organization. They try to gain your trust and will then trick you into divulging personal information. Even if you don’t divulge any info, malware downloaded from clicking suspicious links, downloading fake apps or attachments, or visiting suspicious websites can still penetrate your computer and install keystroke loggers to steal data or capture account credentials as you type them.
What Happens When Your Identity Is Stolen In A Data Breach?
Although there's a lot you can do to protect your identity, some things are out of your control. Even if you've been careful with your information, and are cautious about what you click on or download, that doesn't mean your information is safe from data breaches. Cybercriminals see data breaches as a big payday, as many companies host vast amounts of data about their users online. Some of the most popular types of data breaches are from financial institutions and medical institutions.
We talk a lot about what to do in the event of a data breach, but never about what it’s really like to experience identity theft first hand. Earlier in February of 2015, there was a large-scale data breach involving a health insurance company. Shaun Harkness, who works in cyber security for a startup company, was one of the victims of the breach whose information was stolen used for fraud.
Harkness was filing his taxes online when he received a notification that the returns were denied. Because he worked in the world of cyber security, Harkness’s first thought was that, “someone had filed them for me.” He immediately called the IRS and they confirmed his suspicions.
As far as Harkness has been able to determine, it was just his taxes that were affected, but when faced with a situation like this, it can be overwhelming to try to figure out what to do. Luckily for Harkness, “The guy I was talking to from the IRS was actually really helpful, he told me all about the steps I should take.”
Harkness says that he had to file an additional form with his taxes, place a fraud alert with the 3 major credit reporting agencies, file a FTC Identity Theft Affidavit, and contact his bank and credit card companies about the breach. In addition, the IRS told him to contact the attorney general's office and file a police report.
Since Harkness works in defending his company against cyber attacks, he was not surprised by the fact that his information was used in a breach. “With all the companies we have to trust our personal data to, I figured it was only a matter of time before it was going to happen. It sucks, yeah, but there's not a lot that could have been done on my side,” he says. “There are numerous companies that we're forced to allow to have private and sensitive data about us. So many companies don't protect their data as well as they should, and there isn't nearly enough fallback on companies like that.”
Sometimes, it can take several months to discover if you're a victim of identity theft if you’re not alerted to it. During that time, thieves can plunder accounts, run up serious debt in your name or in Harkness’s case, file your tax returns in hopes of cashing in on a juicy refund.
You don’t have to end up like Harkness, however. If you find out that you have become involved in a data breach, there are many things you can do proactively to protect yourself.
- Regularly keep an eye on your credit report for unusual activity. Most companies that are involved in a data breach will offer free credit monitoring for the affected customers. Go to the company’s website to see if they have a plan in place to help their customers stay protected.
- If you do see something strange or unexpected, like a new credit line you didn't open, follow up immediately. You can also put a hold on your credit report through the major credit agencies, which will not allow any new accounts to be opened in your name.
- A lot of financial companies offer activity alerts, so look into your accounts and if they have them, sign up for them. If you do receive an alert that is suspicious, or your financial institution reports unusual account activity, respond as soon as possible.
- Use password managers like Norton Identity Safe to autofill login information, bypassing keyloggers.
- Transact financial business online only with secure websites with URLs that begin with "https:" or that are authenticated by companies like Symantec.
- Install personal firewall, antivirus, antispyware, and antispam protection-all are available in a single security suite with Norton Security.
- In the physical world, consider investing in a paper shredder to destroy documents with sensitive information on them, rather than just throwing them away.
- Finally, report the crime to the proper authorities. Notify local police and file a complaint with the Federal Trade Commission. You can also use public resources to help to recover your losses and prevent further theft. Your state's attorney general, the Federal Trade Commission, and nonprofit identity theft protection organizations can also help provide assistance.
They say that defense is the best offence, so protect your personal information closely. If cybercriminals are unable to get their hands on your sensitive data, they can't defraud you.