6.8 Million Identities compromised since January 1, 2016

5/3/2016

by Lori Lawson,

I have worked part time with the Orange County Public Library system for over ten years and really enjoy it. In July 2015, I received a two-page notification that my personal data had been compromised when attackers successfully penetrated the employee network database. Here’s the list of information they said was a part of the breach: my name, address, date of birth, Social Security number, Driver’s license number, payroll information, dental, vision, life and disability enrollment information, retirement status, dependent information, usernames and passwords. According to their records, the attack had been underway for about two months. Due to the breach, the county offered identity theft coverage for one year for anyone involved. I have my own robust coverage, but why not have a little more, right? So I enrolled.

Less than two weeks ago, I received another letter from the same employee organization stating that they had been experiencing “several electronic attempts by unknown third parties” to access employee accounts without authorization. Since I was not notified directly, but only by a general letter, my account was not in the sweep this time.

If you’ve ever gotten notifications like this, then you’ll understand when I say that it made me pause. Just how far down the identity theft rabbit hole will this take me? I’m fully covered for events like this, so no matter how far down I go, with my robust coverage, I’ll have a licensed investigator with a global risk management company who will work to restore my identity to the status it was before the breach. I wondered, though, what others would think were they in my situation and NOT covered, so I asked.

Nadeen’s first comment after she had read my notices was that she knows too many people who have gotten notices like these. It makes her feel vulnerable and she wonders when it will be her turn or her husband’s turn. They are both employees of companies and she believes it’s just a matter of time. I asked her who was her identity theft coverage provider and she admitted she had identity theft coverage for her credit cards, but not for her personal information. Since these breaches were after my personal information and not my financial information, it made her realize, she’s probably not adequately covered.

Martin is self- employed and so is not as familiar with these notifications. He had heard of people getting notices like mine, but had not experienced it first-hand. He has had a financial brush with identity theft, which his bank corrected right away by replacing his card and restoring his money, but since he’s careful with his information and shreds everything, he admitted to more or less ignoring the potential threat. Recent breaches with Anthem, the IRS and then my notifications have forced him to rethink this approach.

Now both of these people were not very impressed that I would get a year’s worth of identity theft coverage for free. Both agreed that by the time my information has been peddled to a buyer and the buyer gets themselves organized and ready to assume my life, or at least a portion of it, in most cases a year would have gone by. What happens then? Or maybe my information doesn’t appear “on the market” for a while and I get hit over a year later? What happens then?

I realize it’s unrealistic to believe that any company, agency or organization is going to cover their potential victims for longer than a year, but it’s equally unrealistic to think that much will happen within a year, so it’s a pretty safe offering. If nothing happens in that year of coverage, do most people believe it’s safe to assume nothing will ever happen? I hope not because that’s wishful thinking.

According to the Identity Theft Resource Center, a national non-profit organization founded to provide consumer education, since January 1, over 6.8 million people’s identities were compromised in 201 different breaches. These breaches occur in large entities, like my government breach, and small companies. No company, agency or organization is immune, these thieves do not discriminate. The majority of the 201 cases were payroll breaches. The theory is the thieves were after W2 information. Why? So that they would have data to file fraudulent tax returns. The IRS loses billions each year paying fraudulent tax refunds. Each year the IRS gets more aggressive in going after these thieves, but many of these thieves still succeed.

So what can we do? Be vigilant, check all of your accounts monthly if not weekly. This includes your 401K and health benefits through your employer. Be careful of your data and personal information especially on Social Media. Have a good reason to release your information to people and be bold by asking why they need it. Make it hard for these thieves to gain access to you. Also understand that identity theft is not just about money. In fact, according to the Federal Trade Commission, only about 18% of identity theft is financial. In reality you can become a victim simply because your data is out there and it was in the wrong place at the wrong time. And that’s a real possibility if you were born more than 6 or 7 years ago.

Lori Lawson is an identity theft specialist with LegalShield and ID Shield. Partnering with Kroll Risk Management, ID Shield offers the most robust coverage in the marketplace should the unthinkable happen. Call now for your risk-free, no obligation consultation. Call 949-525-0051 or email lori@newlineassociates.com. Visit her website at newlineassociates.com.

BLOG