Uncategorized

Post Equifax Breach: Still dazed /confused about your next steps? Then read this.

If you’re like many clients with whom I’ve talked since the Equifax data breach news first surfaced, you are still processing how all of this may affect you and your family now and for the long term. Before diving into the steps, pat yourself on the back for your gumption for tackling your share of the unwieldy mess that Equifax has handed half this country. Also, while you take steps to protect your financial health, please remain on high alert for vultures. Most of you are likely exercising healthy skepticism when you see ads, unsolicited emails, bogus news stories, etc. that tell you that you need to sign up with them or click on a link. (Yes – this even happened on Equifax’s consumer site post-breach.) But note that the breach has brought out many bad actors to the fore, who are salivating at the thought of preying on the fear borne out of the Equifax debacle(s). *DISCLAIMER: NOTHING ON THIS PAGE OR WEBSITE CREATES AN ATTORNEY-CLIENT RELATIONSHIP.  Please contact an attorney, if you seek counsel. I’m providing these steps as general guidance and NOT as your attorney. Feel free to email me, if you want to seek legal representation.

Step 1: Assume that your information was breached. The likelihood is great that your personally identifiable information (PII) is included in the 145+ millions of individual files compromised because of the Equifax breach.

Step 2:  Place a freeze (a.k.a. “credit freeze” or “security freeze”). No – it’s not difficult or “cumbersome” (as former Equifax CEO, Smith, claimed in hearings earlier this month). It’s not an absolute protection, but will serve as a significant barrier for fraudsters to use your PII. And yes – there is typically a charge (if you reside in Washington State, for example, unless you’re an ID theft victim already). For “how to’s,” see the second bullet point.

  • Please remember your children. While they probably don’t yet have a credit file (although some of my clients were surprised to find that their minors do have credit files), you want to protect against many ways that they can experience identity theft.  If your child has a credit file, then you as a parent may request a security freeze.  If your child doesn’t have a credit file, then the credit reporting agency (e.g., TransUnion, Equifax, etc.) is required to create a record for the child and is prohibited from releasing any PII about the child until the freeze is lifted.  Prepare to provide proof that you are a parent and have authority as a legal guardian to act on behalf of the child. You’ll also need to provide proof of your child’s identification.
  • How to freeze credit reports – You can call, if you’re not keen on entering your PII online (who can blame you?) You do need to contact each one of credit reporting agencies:

Experian — 1‑888‑397‑3742 or visit this page of Experian’s site

TransUnion — 1-888-909-8872 or visit this page of TransUnion’s site

Equifax — 1-800-349-9960 or visit this page of Equifax’s site

  • NOTE: If you can show that you’re a victim of a data breach (hello, Equifax breach victims), you can request a free freeze with Equifax and TransUnion if you go online. But, I remain extremely cautious around any of these CRAs for good reason.

Step 3: 

  • Get a free annual credit report and scour it for anything that looks out of place.  Beware of bogus websites that entice you with offers of free credit reports in exchange for your PII. Don’t do it. Go to AnnualCreditReport.com and no where else.

Step 4: Address potential/existing fraudulently opened utilities, pay TV or phone accounts. Again, it sounds incredible, but fraudsters have found that this is one of the best ways to use stolen PII.

Time to think about the ways that bad actors can use your stolen PII. Please don’t dismiss these possibilities because my clients have experienced all of these forms of ID fraud.

  • Contact the National Consumer Telecom and Utilities Exchange and request your NCTUE Data Report. Again , scour it for anything that looks out of place.www.nctue.com or 1-866-349-5185 (The NCTUE data report is a record of all telecommunication, pay TV and utility accounts reported by exchange members, including information about your account history, unpaid accounts and customer service applications.)
    NOTE: If the service provider doesn’t resolve the problem, file a complaint with the Federal Communications Commission at 1-888-225-5322 or TTY 1-888-835-5322.  Or, if you have an data privacy attorney, s/he can do this on your behalf.

Step 5: Guard against the real possibility that someone has or might have already created fake checking accounts. Order a free copy of your ChexSystems report, which compiles information about all of your checking accounts.

  • Get your report from ChexSystems via 1-800-428-9623  or ChexSystems’ website consumerdebit.com.
  • (If you find that individuals have already opened fraudulent checking accounts with your PII, you’ll need to contact every financial institution where a new account was opened. Ask them to close the accounts in writing.) Write down who you contacted and when. Keep copies of any letters you send.

Step 6: If you receive government benefits, contact that government agency and provide a written request for a report and a fraud alert. 

Lather, rinse, and repeat. Please consider this part of your regular regimen to preserve financial good health. The aforementioned are not a “once and done” list of actions.

Finally, a word about “identity theft protection” services like LifeLock, TrustedId, ProtectMyId, AllClear, blah blah blah. Instead of going with any of these services/products, watch this entertaining yet informative clip from John Oliver’s show. There was a time not too long ago, when I would have said go for it if you don’t want to do it yourself. But, I’ve since revised my opinion and would advise you to take charge of your own identity and PII, by doing all of the above on your own. Why trust some third party who only stands to profit from identity theft and data breaches.

“When they see just a fraction of who you are…”

For full article, click here.

This is not on the topic of data privacy, but I wanted to give a plug to an important book by Caroline Frederickson, former labor law attorney and aide to Senator Tom Daschle. The wonderful folks at Washington State Association for Justice had me review Ms. Frederickson’s book, Under the Bus: How Working Women Are Being Run Over. I just had a chance to start going through my mail, and found that they had featured my review on the cover page of this month’s Trial News.

I highly recommend the book, and hope that everyone can read it. No – it’s not a self-help book like Lean In. Ms. Frederickson explains some lesser known, eye-opening facts about the history of some of our labor laws. If you don’t have time to read it, you can get the gist of it from my review. BTW: the title of my book review was inspired by Michelle Obama’s speech to graduates of Tuskegee University.

Light at end of tunnel?

Privacy is a basic right that each consumer should value and want to protect.

For the last several months, I have gone mostly dark on this website. Not purposely. But I’ll admit that the absence of posts here was in large part a reaction to two events–one involving my personal life and the other involving our body politic.

All of us should not give up in the face of the breathtaking insolence of leaders beholden to corporations. I refer not only to Congress’ onslaught against consumer privacy and consumer class actions, but also to the daily (sometimes hourly) blitz on individual rights. Admittedly, it’s difficult to keep track as the battles grow more frequent.

In the end, I urge all of you to tune out the immediate noise. Please know that there are attorneys such as myself who are dedicated to the long-term fight for each consumer’s privacy rights. Always remember that our privacy rights are inextricably entwined with my fight to protect the consumer. Yes, each of us love the convenience that Google, Amazon, Apple, and other major corporations offer us. And, some of these corporations are doing a decent job to protect individual privacy rights. But each of us must remain diligent.

Please stay tuned for the following new blog posts:

  1. Think that a data breach won’t hurt you? Thank again. – I will share with you some eye opening stories of a client, whose personal data was compromised as the result of a massive healthcare data breach. To this day, she continues to deal with identity fraud.
  2. Experian rubs salt in the wounds of 143+ million breach victims  – Don’t accept offers for “free credit monitoring,” from Equifax. In addition to giving up your valuable Personal Information, you will also give you your right to sue Equifax. If you think that arbitration sounds fair enough, you are in for a rude awakening.

 

Apple’s Strong Stance on Privacy

Bravo Apple for standing up for privacy and data security.

I usually avoid discussing September 11, 2001. But this is relevant. Since 9/11, so many private citizens in this country think it’s ok to give up privacy in the name of homeland security. They will say, “I have nothing to hide,” only those like the terrorists have anything to hide. But valuing our privacy is not about wanting to hide information. It is about having control over what we disclose to whom at the time when we choose. When a governing body has easy access to the minute details of each of us, we have given away so much of ourselves without anything in return (except the sweet promise of catching the bad guys). We have already made it so easy with government surveillance programs.

Trust me: Just thinking about 9/11 still gets me spitting mad at the radicals who claimed to kill in the name of their god. In one of the most horrific ways imaginable (burning innocent people to death, who were trapped in the towers) they stole my brother and best friend from me on his first day at his new job at the 96th floor of the WTC North tower. Many other brothers, sisters, fathers, and mothers were robbed from their families that day as well. If anyone has an inextinguishable desire to rid our world of terrorists, it is me.

But ramming down iPhone security is not the way to go about fighting terrorism. Weakening security that protects each of us from bad actors for the sake of getting a discrete set of information is not the answer.

Each of us need to understand why our personal data and privacy is worth fighting for. If we are ready to throw our privacy out the window for the sake of an investigation, we give in to all that we have fought for since 9/11.

Senator demands more details from Experian re T-Mobile Data Breach

Top Democrat Senator Sherrod Brown (D-OH) on the Senate Banking Committee demands that credit agency Experian provide more details about a data breach in which personal information on millions of T-Mobile customers was stolen.

“Protection of this information is of the utmost importance, especially because the scope of the information is vast and virtually no consumer can apply for credit without entering your system,” Brown wrote in a letter sent to Experian today.

Experian said earlier this month hackers had broken into a server containing data on T-Mobile customers. The breach exposed personal information of 15 million customers and possible customers, including Social Security numbers of those who might have applied for T-Mobile cell service between Sept. 1, 2013 and Sept. 16, 2015.

Experian’s main consumer credit database was not broken into, Experian says, and T-Mobile and Experian are providing two years of credit monitoring services and identity theft recovery services for free.

Along with increased disclosure about the breach, Brown also asks Experian to provide “credit freezes” to affected customers for free. Credit freezes allow customers to restrict access to their credit reports in cases of potential identity theft, but typically credit agencies charge for this service. Brown also asked Experian to explain how well its credit monitoring and identity theft protection services work.

Data breaches, identity theft and cyber security have become a priority as more companies have disclosed breaches of their systems. Lawmakers have attempted to legislation to address the issue, including a bill that would require companies to inform their customers about a breach within 30 days of learning about it themselves.

Experian, in a statement, said they had received Brown’s letter, “understand the concerns raised” and will respond accordingly.