Mark Pribish

The Threat of ID Theft Can Go On For Years! 12 months of credit bureau monitoring has limitations and cannot prevent ID theft

By Mark Pribish
Vice President and ID Theft Practice Leader

Last month I had numerous questions from readers on my October article titled The Equifax Aftermath: Assume Your Identity Has Been Stolen, where the Equifax data breach event totaled 145.5 million Americans, including Social Security numbers, driver's license numbers, and dates of birth.

The number one question that I received was: "is 12 months of credit monitoring good enough to protect my identity after a data breach?"

The quick answer is "NO". Consumers need to be aware that a data breach or an ID-theft event can be a lifelong problem that may affect you long into the future and in ways you likely haven't even thought about.

It is unfortunate when organizations are quick to tell consumers in a letter or email that while they have experienced a data breach event, only some information was affected and no social security numbers were stolen.

Or when a breached organization tells you how you should change and/or use stronger usernames and passwords and review your financial, health care and insurance accounts more closely.

What data breach victims typically aren't told, yet they need to know, is that 49% of identity theft incidents last year were unrelated to a financial event, according the 2017 Federal Trade Commission Consumer Sentinel Data Book.

Free credit monitoring services or changing passwords won't help much with non-financial ID theft such as taxpayer ID theft and refund fraud, medical ID theft and credential (e.g. driver's license, passport, employee and student IDs) ID theft.

In addition, the final story for most major data breaches rarely reflect the initial news report. Take a look at these recent ID theft headlines. They speak of what's known at the moment, but don't touch the long-term threat that endures.

  • Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores.
  • Deloitte, one of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients including household names as well as US government departments.
  • Adobe accidentally posted its private PGP key on the firm's official security blog and Adobe's product security incident response team (PSIRT) accidentally published the private PGP key on the PSIRT blog.
  • U.S. Securities and Exchange Commission, where the regulator said the hack of its online database of corporate filings may have included stolen corporate secrets. The SEC blamed the 2016 intrusion - which it was slow to reveal - on a software vulnerability in its test system.
  • And of course Equifax, which added 209,000 U.S. credit card numbers in addition to "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers." Then Equifax said hackers may have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.

My primary point is that the full scope of any organization's data breach or personal ID-theft event is rarely immediately, if ever, known due to the complexity of major organizations' network and security systems.

This means that we are vulnerable for many years to both financial and non-financial events. We are also at risk when an employee's identification number or a student's identification is stolen and is used for fraudulent purposes.

Also much like a bank robber who recently stole money wouldn't immediately go spend that money, ID theft criminals oftentimes hold our sensitive information for years before ever using it.

I'm advocating that companies, non-profits and government agencies do more of the right things when a data breach happens.

Instead of minimizing the potential impact of a data breach by telling affected individuals that a minimal amount of information has been stolen or that there has been no evidence that your information is being misused - companies need to be more open in telling you about the long term risks associated with a data breach such as non-financial ID theft, the limitations of credit monitoring, and most importantly how you will be taken care of if you become a victim.

To conclude, be aware that a data breach or an ID-theft event can be a lifelong problem that may affect you long into the future and in ways you likely weren't warned about.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert: "Confirm Your Account" Emails Look Just Like Amazon.com

November 03, 2017

When it comes to ecommerce, Amazon.com is one of the most trusted and established brands (and a BBB Accredited Business). That's why scammers love to impersonate it. BBB is seeing a new email con that appears to be Amazon asking you to "confirm" your personal information.

How the Scam Works:

The email is a short message explaining that Amazon could not confirm your address or other personal information associated with your account. Before you can access your Amazon account again, you will need to verify all your information. To get started, just click on the link in the message.

Don't do it! The message is fake and an attempt to gain access to your personal information. The link does not lead to Amazon.com, but rather to a third-party website that could be carrying malware.

How to Avoid Email Phishing Scams:

  • Don't click on links in unsolicited emails. Links can download malware onto your computer and even lead to identity theft. Beware of unsolicited emails in general. Even if they look official, they could be fake.
  • Never share your personal information with someone who has contacted you unsolicited. Personal information can include your date of birth, credit card or banking information, address or your Social Security number.
  • Check BBB Tips: Many email scams use similar techniques. Be sure to review the tips found on BBB.org/phishingscam

For More Information:

Click here for information from Amazon about how to tell if an email is really from them.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scamstopper). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker). To learn more about scams, go to BBB Scam Timps (bbb.org/scamtips).

If you believe your identity has been stolen, call 866.SMART68 today.