“Now is not the time for consumers to think their risk has evaporated. There are still hundreds of millions of records exposed each year and consumers need to understand this is a continuing risk that can have real impacts on their lives.” – Eva Velasquez (ITRC President & CEO)
A family friend mentioned that he didn’t need an identity theft plan because he doesn’t use the computer. My response was, “Great”. You may not put your data online anywhere, but what about organizations which place your records in a database. “What do you mean?”, he asked. Anytime anyone (doctors, dentists, state agencies, department of motor vehicles, cities, credit bureaus, banks etc.) who inputs data about you into a computer already has your information. Your information can be sold (by employees, on the dark web, flea markets and other places) to gain employment, benefits, the ability to purchase products and more. We are digital. He said he never thought of it that way.
Warning Signs of Identity Theft
According to the Federal Trade Commission (FTC)
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account.
You are entitled to 1 credit report per year (from each of the three credit reporting agencies – Transunion, Equifax and Experian) By the way, Equifax had a data breech of an estimated 147 million individuals. Were you in that breech?
You might ask, “How did that happen?” I am glad you asked! Here is a timeline of the
- The company was initially hacked via a consumer complaint web portal, with the attackers using a widely known vulnerability that should have been patched but, due to failures in Equifax’s internal processes, wasn’t.
- The attackers were able to move from the web portal to other servers because the systems weren’t adequately segmented from one another, and they were able to find usernames and passwords stored in plain text that then allowed them to access still further systems.
- The attackers pulled data out of the network in encrypted form undetected for months because Equifax had crucially failed to renew an encryption certificate on one of their internal security tools.
- Equifax did not publicize the breach until more than a month after they discovered it had happened; stock sales by top executives around this time gave rise to accusations of insider trading.
*“Forensics analyzed after the fact revealed that the initial Equifax data breach date was March 10, 2017: that was when the web portal was first breached via the Struts vulnerability. However, the attackers don’t seem to have done much of anything immediately. It wasn’t until May 13, 2017 — in what Equifax referred to in the GAO report as a “separate incident” — that attackers began moving from the compromised server into other parts of the network and exfiltrating data in earnest.”
My question to you is what will you do when it happens to you? Do it yourself (and you can), or have an expert take care of it for you! That choice is one we can all make.
*For more detailed information, go https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
Contact me for additional information or to set an appointment.
Rita H. Pinder
Pinder, Pinder & Associates, LLC
To set an appointment: https://calendly.com/ritahpinder-1?month=2021-05