Data privacy has never been more vital. The number of breaches has more than doubled since 2015, according to the Identity Theft Resource Center. In 2017 alone, there were 1,579 data breaches affecting some 179 million consumers, costing the economy $905 million.
Credit card fraud is the most common form of identity theft, according to Experian. But other types of fraud—such as Social Security number theft and bank fraud—also cause serious economic damage. In the worst cases, identity theft isn’t a one-time event solved by getting a new account number. When equipped with the right information, a fraudster can open up a new bank account, buy a car, rent an apartment and order new identification.
Search the virtual community of Reddit for “identity theft,” and the entries that appear are enough to shock the conscience:
Someone used my credit card and booked an air ticket under my name and flew!
I am running out of steam to fight my identity thief.
Someone I know stole my identity…it was my mom.
“I found out the hard way, there is no easy or permanent solution,” said Alexis Moore, author of “Surviving a Cyberstalker: How to Prevent and Survive Cyberabuse and Stalking.”
Moore, a California attorney and an expert in identity theft, said, “One never can completely clear up identity theft in the cyber age of today. Therefore, don’t be surprised if accounts reappear or if you end up needing to contact an attorney [to] get negative information removed.”
She added that unfortunately you may have to do this multiple times, which is why there are many attorneys that primarily focus on this area of law.
The Federal Trade Commission collects identity theft data and reports that up to 9 million Americans have their identities stolen every year. Most victims won’t need to hire an attorney to resolve an identity theft incident, but the fact remains that identity theft can happen to anyone. And you need to know how to protect yourself and what to do if you become a victim.
Anyone can become a victim of identity theft
Cybercrime has been a growing problem for many years. It’s also been the source of many of today’s biggest headlines, including the Equifax theft that affected 147 million consumers. But even if you have no online accounts—unlikely in this day and age—there is still a chance that you could become a victim of identity theft.
Do you use your credit card at the grocery store or gas station, or your debit card at the local bank’s ATM? Are you loyal to your paper 1040 tax return, your checkbook and a roll of stamps? Do you walk down your street or answer the telephone? These may seem like silly questions, but they’re meant in all seriousness. That’s because identity theft can happen after doing any of these things.
Even if you’re old-school and you don’t trust the internet with your personal data, it can still get stolen. Here are some examples of how:
- A thief could go through your trash, a dumpster or a landfill and find an old statement with your name, address and account information.
- You could use your debit or credit card in person at a real business and fall victim to a skimming device that records your personal data.
- The post office could process a change-of-address form, and your mail could go to a different location.
- You could answer the phone and accidentally give up personal data the caller uses to get even more information.
- Your wallet, purse or files from your office’s human resources department could get stolen.
But chances are, you have an online account or two. Even your email address can compromise your identity, but that’s only one way it can happen.
Ways a thief could mine your personal data online include:
- Buying your personal data illegally on the dark web, which is “part of the internet that isn’t indexed by search engines” and “a hotbed of criminal activity,” according to CSOOnline.com.
- Hacking into a major retailer’s customer transaction records, which is what happened to Target in 2013.
- Planting keystroke-recording software on your laptop after you unknowingly download a virus.
- Looking through your emails for tax documents and billing statements.
- Employing social engineering through online dating sites or email phishing scams.
If you notice signs of identity theft, you’ll need to take action to protect yourself. But make sure you start the right way, warned consumer credit reporting attorney Joseph McClelland, or you could waste valuable time.
“The mistake most people will make is to try to get the company to remove the fraudulent accounts,” McClelland said. “They generally will not. You will need to use the Fair Credit Reporting Act to have the fraud accounts removed.”
What to do if your identity is stolen
If you’re like most people, you probably can’t name the key points of the Fair Credit Reporting Act as well as McClelland can. The good news is that there are concrete steps for you to follow. If you happen to be in this situation, they’re easy and you can start right now:
- Put a credit freeze and a fraud alert on your Equifax, Experian and TransUnion credit reports. A credit freeze severely limits who can access your credit history, and a fraud alert tells new lenders that you may be a victim of identity theft, according to cybersecurity expert Robert Siciliano. Here’s an important caveat: Place a freeze request with each agency, not just one or two. The agencies don’t share freeze requests with each other, and some lenders may not check all three of your credit reports. If you need to apply for new credit, you’ll need to lift the freeze at all three agencies before the lender can check your history. And when the application process ends, you’ll need to reinstate the freeze.
- If your credit card (or other sensitive accounts or documents) were stolen, file a report with the Federal Trade Commission. The FTC tracks identity theft nationwide and you can use this report as evidence to support your case.
- File a police report. If the fraudster opened unauthorized accounts in your name and failed to pay the bills, your lenders will ask for a police report before forgiving fraudulent debt, Siciliano said.
- Dispute the charges with each credit agency and unauthorized lender. This should go without saying, but if the debt isn’t yours, don’t pay it. Instead, fight back: McClelland recommended sending a copy of your police report or affidavit to each. “I recommend using certified mail with return receipt, so you can prove you sent it and they received it,” he said. Keep in mind that each agency and lender will have a proprietary process that handles claims of identity theft, so you may need to provide different documentation to each.
- Alert other businesses, service providers and government agencies if necessary. Remember, there are many types of fraud. If your wallet was stolen, for example, a thief could have access to your Social Security number, your health insurance ID card, your driver’s license and other sensitive documents. Alternatively, the thief might try to open up a new utility account or mobile phone in your name. Reach out where necessary right away.
- Monitor your credit reports. You should do this even if you aren’t a victim of identity theft. Many consumers discover identity theft because they were declined for a loan or credit card and followed up by reading their reports. Every consumer is entitled to one free copy of each credit bureau’s report once per year, available at AnnualCreditReport.com. Read each carefully. Ensure that the agencies removed the fraudulent accounts from your history, but also look for unknown addresses or aliases. If you claimed identity theft and it’s not off your report within a month, McClelland recommended contacting an attorney, as you may have a claim for damages.
How to prevent identity theft
Taking a few steps now can help you avoid a lot of regrets later. Although doing the following can’t guarantee that you won’t become a victim of identity theft, these tips will make it a lot harder for fraudsters to use your data against you.
- When discarding documents with sensitive information, shred them before throwing away.
- Pick up your mail every day.
- Keep sensitive documents and statements stored out of sight.
- Limit what you carry in your wallet to must-haves only.
- Use tough, unique passwords for every online account you maintain.
- Avoid storing electronic versions of sensitive documents in email folders.
- Use two-factor authentication every time it’s available.
- Never access sensitive data when you’re using public Wi-Fi.
- Periodically change account passwords, just in case.
- Never give your personal information to people you don’t know.
“Moving forward, you should monitor your credit report to make sure you continue to be able to identify all open accounts and inquiries,” McClelland said.
It’s also smart to look for identity theft in places you might not think to check. For example, it’s smart to review your email account’s “sent” folder. If you don’t recognize everything you see, someone may have accessed your email account. Don’t overlook it if your sent folder is empty, either. Email hackers often delete folder contents to hide fraudulent messages.
But most of all, fight back quickly
It’s important to make fighting back a priority because the longer your personal data is “out there,” the more likely you are to experience more severe forms of identity theft—especially if your information is on the dark web. Don’t wait until you apply for a loan or a credit card to check your credit report, for example. Make the effort to better know who you’re doing business with. If your conscience is making noise, listen to it. It just might save you years of hassle.