I’m a US citizen whose spouse had a career with the US Federal government. Needless to say, his personal information was stolen in the (reportedly) Chinese attack on the Office of Personnel Management database.
In the US, even though the instigators promised it would never be a national id, the social security number has become the key to a person’s life – health, finances, everything. My spouse’s was taken, along with at least 40 million others – over a year ago. Other personal information was also taken from these millions of people.
The database administrators did not even realize the hack had occurred until they installed some newer security measures. Scary? You bet! Worrisome, of course. This may be the future of warfare! My 87 year old aunt thinks cyber attacks will be the war of the future, whole countries will fall without a single shot being fired she says.
Data breaches are becoming the norm.
Since the development of the wonderful internet, data breaches have become frequent and hackers persistent (and automated in many cases). It wasn’t that long ago that people and companies didn’t have to worry about their internal data being stolen. Most of it was on paper or in local databases that weren’t connected in any way to the outside world. Now it is a different story.
No one is immune. My best friend had her identity stolen, via a credit card number theft by a restaurant worker. It took her a year to straighten it out.
Just 14 hours ago, as I write this, Walmart Canada’s photo center online possibly affecting more than 60 thousand Walmart customers. The Globe and Mail reports that around 36% of Canada businesses have been hit with breaches.
Millions of US citizens have been affected in 2014 alone via breaches at Target, Anthem, Home Depot and more.
I always figured we were just lucky never to have had any issues with identity theft, and that it would inevitably happen some day – what with all the hackers around the globe. I guess it is somewhat good that the breach happened to so many at once – we at least aren’t alone! Misery loves company (?). dealing with identity theft is definitely miserable – including loss of time, money and sometimes freedom (as when someone breaks the law using your identity).
We have not had any known incidents (yet), but expect some because of this (or maybe some other as yet undiscovered data theft).
Naturally, I’ve been scurrying around trying to figure out how to protect our identities, information and finances ever since we heard about the breach. One of the things I did almost immediately was to place a fraud alert on our accounts with the credit bureaus.
Is credit reporting the same worldwide?
If you are wondering, credit reporting is not done the same way all over the world. However, the US and Canada have similar credit reporting agencies.
Privately run operations by Transunion and Equifax are available in both the US and Canada, plus the US also deals with Experian. In both countries, citizens can get an annual report from the credit bureaus free of charge. In each country, citizens can place alerts on their files if they wish.
In both the US and Canada, consumers can place alerts on their credit bureau accounts. The alerts operate differently in each country, but for the most part, will cause any request for new credit to notify the consumer so that identity of the requester can be verified by the consumer.
To place my alert, I simply called one of our three credit bureaus. There was a totally automated call tree that let me place alerts on both my and my husbands accounts. That one bureau then notified the other two (as required by US law). A week or so later, we got letters from each of the bureaus letting us know that the alert had been placed. It is only good for 90 days though.
With the alert on file, any potential new credit card or other accounts should not be able to be opened without the loaning facility calling us to verify that we were the ones that requested it. However, the loaning facilities can go ahead and issue the credit even if they don’t call. Also, places that don’t require a credit check (like pay day or title loan companies) won’t have to do anything different.
What more can be done?
In the US, consumers can place an additional level of security on their credit bureau accounts. It is called a security (or credit) freeze. When an account is frozen, credit inquiries are severely restricted – the bureaus cannot give out my credit information in many cases. This will typically stop most lenders from allowing new accounts to be opened. It also stops you from opening a new credit or loan account as well, unless you lift the freeze temporarily.
This wasn’t always the case. Until 2003 US citizens could not get a credit report on themselves (unless they paid for it). The information that the 3 bureaus were keeping (and giving out to others) was hidden from consumers! Also in 2003, the first state (California) passed laws requiring the credit bureaus to allow consumers to freeze their files (aka control who could see their information). By 2007, most states had passed similar laws and the 3 bureaus decided to let everyone freeze credit.
Canadians have not yet demanded that ability and cannot necessarily freeze their data. It might be something to think about in a world prone to identity theft! According to credit cards. com Canada:
Credit Counselling Canada’s executive director Patricia White says, “If you have been a victim of identity fraud, the U.S.-style security freeze could be a better safeguard than an alert, which doesn’t have the same teeth.”
My adult son, when I notified him that his social security number may have been in that Office of Personnel Management database, told me that he had frozen his credit over a year ago and so the theft wasn’t as much of a concern to him.
The credit rating is used for so many things these days, though, I wondered if it would be a huge pain (and small expense) to freeze and then unfreeze, refreeze our accounts as needed. My spouse and I are not planning on opening any new accounts, getting any new credit cards or other activities that would typically require a credit check. However, I did a bit of research to see what kinds of things would cause someone to check our credit.
Forbes (via Experian) listed the following as being allowed by the US Fair Credit Reporting Act:
when authorized by the consumer in writing.
when there is a legitimate business need in connection with a business transaction initiated by a consumer.
when a consumer applies for credit.
for the review or collection of a consumer’s account.
to review a consumer’s account to determine whether the consumer still meets the terms of the account.
for making “prescreened” offers of credit.
for portfolio analysis of existing credit obligations.
for employment purposes, including hiring and promotion decisions, when the consumer has given written permission.
for underwriting insurance when a consumer has applied.
for use by state and local officials in connection with determination of child support payments.
to determine a consumer’s eligibility for a government license or other benefit when the law requires consideration of the consumer’s financial responsibility.
when ordered by a court or federal grand jury subpoena.
It is not always necessary for a business to get your permission.
Today, I drafted letters to send to our three bureaus to freeze our accounts and found a government form to alert our wonderful tax agency (IRS) to the fact that we had our id numbers stolen. Would you believe that some bad folks file fax tax returns to get a tax refund in your name?
We have been very careful with our personal information – burning everything with names, addresses, account numbers, never accessing online financial records, being very aware of pfishing attempts and guarding our credit cards and other ids in real life carefully. It’s too bad that the information everyone else in the world keeps on us is not kept as safe as we keep it.
