Mark Pribish

ID-theft threat after data breach goes on for years

By Mark Pribish
Vice President and ID Theft Practice Leader

I'm always surprised how some companies are quick to tell customers in a letter or email that while they have experienced a data breach only some information was affected and no social security numbers were stolen.

Or when a breached organization tells you how you should change and/or use stronger usernames and passwords and review your financial, health care and insurance accounts more closely.

What data breach victims typically aren't told, yet they need to know, is that 70 percent of identity theft victims last year were unrelated to a financial event, according the 2015 Federal Trade Commission Consumer Sentinel Data Book. Free credit monitoring services or changing passwords won't help much with these non-financial breaches.

In addition, the final story for most major data breach and ID theft events seldom resembles the initial news report. Take a look at these recent ID theft headlines. They speak of what's known at the moment, but don't touch the long-term threat that endures.

June 15 - LastPass a cloud service, password management company notified customers of a data breach when they discovered suspicious activity on their network.

June 4 - The Office of Personnel Management reported personal data of 4 million federal employees had been compromised and then said 14 million and now every current and former federal employee.

May 26 - The IRS confirmed that identity thieves filed fraudulent tax returns resulting in over $50 million in fraudulent refunds.

May 20 - CareFirst BlueCross BlueShield notified customer of a cyber attack to a single database, comprising the information of approximately 1.1 million individuals.

May 12 - Starbucks is responding to unauthorized access by hackers into the Starbucks mobile application, draining dollars out of customer's bank accounts, credit cards and PayPal accounts.

My primary point is that the full scope of any organizational data breach or personal ID-theft event is rarely known due to the complexity of major organizations network and security systems.

This means that we are vulnerable for many years ahead to non-financial events such as taxpayer ID theft and refund fraud, medical ID theft and fraud, and driver's license ID theft and fraud. We are also at risk when an employee's identification number or a student's identification is stolen and is being used for fraudulent purposes.

Also much like a bank robber who recently stole money wouldn't immediately go spend that money, ID theft criminals oftentimes hold our sensitive information for some time before ever using it.

I'm advocating that companies, non-profits and government agencies do more of the right things when a data breach happens. Instead of minimizing the potential impact of a data breach by telling affected individuals that a minimal amount of information has been stolen or that there has been no evidence that your information is being misused - companies need to be more open in telling you about the long term risks associated with a data breach such as non-financial ID theft, the limitations of credit monitoring, and most importantly how you will be taken care of if you become a victim.

Be aware that a data breach or an ID-theft event is a lifelong problem that may affect you long into the future and in ways you likely weren't warned about.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert -- Avoid Social Media Easy Money Scams

Scammers are giving get-rich-quick schemes a high-tech makeover. By promoting "money flipping" scams on social media, they are appealing to a new, younger audience, according to the National Consumers League.

How the Scam Works:

You see a photo of a person folding a pile of cash on Instagram. In the caption, the users brag about having "flipped" a couple hundred dollars into thousands. Want to do it, too? It's easy. Just send the account holder a message, and you can get started with a small deposit.

In a the original version of this scam, con artists asked victims to wire money or use a prepaid debit card. In a new twist, scammers ask you to mail your physical debit card and account PIN, granting direct access to your account. The "investor" claims that he/she is going to deposit a check into the account and will compensate you for your trouble.

Don't do it! Scammers will appear to deposit a couple thousand dollars and withdraw an equal amount. But the first deposit was a fake. When the bank realizes the check is fraudulent, you will be on the hook for the withdrawn cash.

Tips to Avoid Money Flipping Scams:

  • Do a quick search. Before contacting the potential scammer, do a web search of their username or phone number. If it's a scam, chances are that other victims have posted complaints and information online.
  • Don't share your debit card, card number or PIN. No legitimate service would ever ask you to share this information
  • Be wary of prepaid debit cards. Treat prepaid debit cards like cash. Once you give away the account info, you will not be able to get that money back.
  • If it sounds too good to be true. Well, you know the rest. Use common sense when seeking ways to supplement your income. Anyone who claims to be able to turn a small investment into piles of cash in mere minutes is a scam artist.

For More Information

Read the full alert on Fraud.org, a project of the National Consumers League.

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam).

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.