I have always been amused by calculations of the cost of identify theft and data breaches as I have written here, here, here and here. Not surprisingly, security product and service vendors like Symantec, Mcafee and Websense are quick to present statistics regarding the damage to companies due to data breaches of personal information as a means of justifying purchase of DLP, anti-virus and other end-point security products.
However, the real damage is not for companies but for consumers like you and me.
It is highly arguable that companies actually suffer significant financial damage from data breaches (outside of a handful of high-profile cases like CVS and Hannaford). In fact – the lion’s share of damage from a data breach that leads to identity theft is not borne by the merchant or online web site but by the consumer.
Identity theft is a major challenge in America. The 2012 Identity Theft Report conducted by Javelin Strategy and Research revealed that there was one new identity theft victim every three seconds in 2012. That alarming statistic translates to 12.6 million victims affected in 2012, with losses totaling over $21 Billion. Once a person’s personal information was breached, thieves used their information for 48 days on average (in 2012). Though the amount of time identity thieves have had to use information obtained has fallen (from an average of 55 days in 2011 and from an average of 95 days in 2010), victims should still move as quickly as possible if a breach is suspected. If you or a loved one have been victimized, here are a few steps to help you clear your good name and rebuild your credit:
Alerting The Social Security Administration
Identity theft involving a victim’s Social Security number can be more damaging than you could imagine. If you suspect that someone has obtained your social security number for fraudulent purposes, contact the Social Security Administration as soon as possible at 800-269-0271. By doing so, you place officials at the SSA on alert so that activity involving your social security number can be appropriately monitored and, if necessary, deflected.
Alter Any Accounts Affected
If you login to any online accounts or review statements from your bank and find that you have indeed fallen victim to identity theft, alert those businesses as soon as possible. Close the affected accounts and re-open under a new account.
Often, when accounts are established, you are asked to create a new personal identification number (or PIN) as well as a new password. While you may have established a habit of using certain numbers, if a breach has happened, you will want to avoid using anything that may have also been revealed during the breach. Passwords including the last four digits of your social security number or consecutive numbers (such as 1, 2, 3, 4, etc.) should be avoided. You should also avoid using the name of your spouse or children, your mother’s maiden name as well as easily obtained data such as your date of birth or telephone number. Make your passwords as difficult as possible to guess, When possible, use numbers or punctuation marks in odd places within the password. This may help prevent fraudulent access to your accounts in the future.
Take Steps to Protect Yourself in the Future
One of the leading methods thieves use to get information about potential victims is through “dumpster diving” or sorting through your trash to find identifying information. While many consumers routinely shred their bank statements or other financial documents, many fail to shred the envelopes those statements come in. According to Paige Hansen, Manager of Educational Programs at Life Lock, failing to shred your documents makes the job of a would-be thief easier, as it practically hands them a piece of your identification puzzle. Hansen advises consumers to not only shred, but to be sure they utilize cross-cut shredding techniques which make piecing together those documents virtually impossible.