Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Privacy The Almighty Buck

Stolen SSN, Credit Bureaus Alerted , Now What? 42

Posted by Cliff
from the waiting-for-the-other-shoe dept.
privacyIntruded asks: "Recently I was informed by a former employer that a computer containing my name, address, drivers' license information, and social security number had been hacked. Though they do now know what, if any, information was accessed on the computer, they recommended I place a fraud alert on my credit report. To my relief, after placing the alert, I received credit reports that look fine. Now what? Assuming that someone does have the information, do I just wait for the day when someone uses the information for fraud, then hope I can minimize the damage when it is? Is there anything I can do to reduce the risk?"
This discussion has been archived. No new comments can be posted.

Stolen SSN, Credit Bureaus Alerted , Now What?

Comments Filter:
  • by JVert (578547)
    I'm sure your info has been leaked before, they just didn't tell you. So go back and buy more stuff.
    • I believe more information is leaked then we know about. Not necessarily by the "bad guys." I work in a University Computer Lab and use the paper in the recycling bin for scratch. I pull out student's administration papers with their name, SSN, address, DOB. All written and thrown in the bin by students themselves. It would be easy to copy these down and apply for a credit card. People in general need to be more careful with their information. l
  • News for nerds?? (Score:4, Insightful)

    by woobieman29 (593880) on Friday October 01, 2004 @10:29PM (#10411051)
    I really think that you are looking for information in the wrong place. Contact the credit bureaus (Experian, etc) for information, and then google for other organizations that deal with identity theft to get some pointers. Sure, someone here may have had some experience with this, but realistically asking this on Slashdot is about as appropriate as asking the dudes on "Queer Eye for the Straight Guy" to help you overhaul your transmission.

    Good luck anyway - I hope that nothing bad happens to your credit.

    • asking this on Slashdot is about as appropriate as asking the dudes on "Queer Eye for the Straight Guy" to help you overhaul your transmission.

      Or, more accurately, about what to do if someone mugs you (i.e., uses your pants as a vector to steal money).
  • well (Score:5, Informative)

    by schnits0r (633893) <nathannd@s a s k t e l.net> on Friday October 01, 2004 @11:14PM (#10411216) Homepage Journal
    I recently had my informatiuon used against me (1800$ fanished from my account over night, which put me in a bad position as I was about to leave for vacation in 2 days). Anyways, the money was taken from where I was 3 months prior, so if this happened recently, I suggest you change what is feasibly changeibile before it bites you in the ass in a few months after you forgotten about it.


    Inform people this happened, so they don't become victims too. If something had been used already, talk to whoever is in change (if your bank acocunt has been broken in to, the banks will often give you a paper to sign saying they will incur any damages as long as you don't sue them).


    There may also be a victim support group somewhere to attend if you are mentally distrought, but since you are on the internet, I'm sure you have gotten around to accepting you ahve no privacy by now.
  • Here is a list (Score:4, Informative)

    by justanyone (308934) on Friday October 01, 2004 @11:32PM (#10411273) Homepage Journal
    Here is a list of what you should do immediately:
    1. Invent a new set of 4 passwords. Make them impossible to guess, 8 chars with upper and lowercase, NOT WORDS!, and at least two nonsequential numbers. Something like "FjW7zk2a". Don't practice typing them until you fix your box (see below). Create a paper list of them, memorize them well, then once you can remember them easily for 2 weeks (vital for long term memory), destroy the list or put it in a safe deposit box.
    2. Invent a further password that you can use all the time, that you know to be a 'dumb' password that you use to log into websites like slashdot or imdb. Make sure you only use the dumb password for dumb applications, and the good ones (above) for stuff like signing in to your online brokerage or bank's transfer-money-type-website.
    3. Fix your box or get a new one. Make sure it has Norton or MacAfee Antivirus on it, plus a good firewall, plus AdAware's SpyAssasin (recognized as best by most of my group of IT/InfoSec friends). Only when your box is secure should you do any online activity.
    4. Call your credit card companies and request a new card from each of them. Tell them you believe your card number has been compromised and wish a new card.
    5. While you're on the phone with your credit card companies, tell them you add an additional password to your account that they must request and you must provide whenever you talk with them. Chase and Discover at least both do this and have honored my request for it. This adds quite a bit of new security to your account.
    6. Visit your bank, and close your existing accounts. Transfer the money to at least two new accounts. One of those accounts should NEVER EVER have any EFT (electronic fund transfer) transactions into/out of it. If your bank allows it, request that the account type prohibit that kind of activity. The other account should be an everyday checking or savings account that you can have the EFT's done with.
    7. You mentioned contacting the credit bureaus and having a fraud listing attached to your account. This is good; it is free and effective.
    8. If you currently have a Debit card, cut it up. Ask your bank for a card that ONLY does ATM transactions and nothing else. You are NOT protected if a debit card is stolen or misused - your money is GONE. Credit card companies protect you from paying more than $50 if a card is stolen / misused.
    9. Re-read your last 6 months of credit card bills. Make sure you understand each charge on it. This allows you to have the familiarity to immedately spot fraudulent charges on your bill(s) and thus to react more quickly if there is a problem.
    10. If you feel it necessary, there are companies out there who will do credit reports daily (if not the credit bureaus themselves) and email you if there is any significant activity (new accounts opened, etc., something goes to a collection agency, etc.). This service will probably cost you about $200 per year or so, but might be worth it for your peace of mind.
    Just some ideas. Best of luck to you.

    • Re:Here is a list (Score:5, Informative)

      by Judg3 (88435) <jeremy&pavleck,com> on Friday October 01, 2004 @11:55PM (#10411343) Homepage Journal
      If you currently have a Debit card, cut it up. Ask your bank for a card that ONLY does ATM transactions and nothing else. You are NOT protected if a debit card is stolen or misused - your money is GONE. Credit card companies protect you from paying more than $50 if a card is stolen / misused.

      Not true. See here [kiplinger.com]. Granted, credit cards have a broader umbrella then debit cards, but there are protections in place - the Visa and MC "zero-liability" apply to debit cars these days as well. It's tougher to dispute a debit purchase vs a credit purchase, but's its definately doable.

      Credit cards. Under federal law, if someone steals your credit card you're only responsible to pay the first $50 of unauthorized charges. And, says FTC lawyer Carol Reynolds, if you notify the issuer before the thief makes any charges, you may not be out anything. You're also free from liability if unauthorized purchases occur when the card is not physically present, say in an Internet purchase, she says.

      Zero-liability policies, like those offered by Visa and MasterCard, add a second layer of protection. Under these programs you won't pay anything if someone fraudulently uses your credit card online or off.

      Debit cards. The rules are similar for debit cards, but there are a few restrictions. For example, your liability under federal law is limited to $50, but only if you notify the issuer within two business days of discovering the card's loss or theft. Your liability could jump to $500 if you put it off. And even this cap is lifted if you wait more than 60 calendar days from the time your bank statement is mailed.

      Federal protections are a bit more generous if a thief just steals your debit card number (and not the actual card), but you still have 60 days after receiving your bank statement to report any unauthorized transactions.

      The Visa and MasterCard zero-liability policies also apply to debit cards, but only to non-PIN transactions. If a thief steals your card and your PIN, the federal rules are your only defense.

      For additional protection check your homeowners or renter's insurance policy. Most cover up to $500 for losses from unauthorized card use.

      Also, get a new SSN issued and have the old marked as fradulent. It will prevent any new credit cards or loans being created in your name and destroy your credit
      • "Not true. See here [kiplinger.com]. Granted, credit cards have a broader umbrella then debit cards, but there are protections in place - the Visa and MC "zero-liability" apply to debit cars these days as well. It's tougher to dispute a debit purchase vs a credit purchase, but's its definately doable."

        I was under the impression this was under the discretion of the bank you're with. Am I mistaken? (Note: The context of your link is about federal law...)
      • The ultimate danger is not that you can't contest a debit-as-credit (i.e., non-PIN) transaction. It's that you'll have written, say, your monthly rent check yesterday. The thief wipes your balance today. Your landlord deposits the check tomorrow. Presto, you have written a bad check. Good luck getting that wiped off every credit bureau report in the future. It's theoretically possible, but every case I've ever heard of has been a flaming pain in the backside to fix, especially if you've sent multiple
        • My bank is good about this, because checks will automatically (and freely) overdraft from my savings while my debit card will not.

          I always keep 200 in my checking for my debit card, the rest stays safely away in savings.
    • it can be a MAJOR BITCH to enforce but your bank has to give you the same protections on a visa debit card, as a visa credit card, not as a matter of law, (which requires you pay the first 50$) but their contracts with visa..

      see the visa's zero liability policy [visa.com] The Zero Liability policy covers all Visa credit and debit card transactions processed over the Visa network--online or off. The only transactions not covered under the Zero Liability policy are commercial card, ATM, and non-Visa-branded PIN transac

  • In three months (Score:5, Informative)

    by raider_red (156642) on Friday October 01, 2004 @11:53PM (#10411336) Journal
    In three to six months, get a fresh copy of your credit report from the credit bureau. Also, see this site [clarkhoward.com] about ID theft issues. It provides a pretty good cheat sheet for what to do in your situation.

    I had the same thing happen to me last year. We had a break-in at the firm which handled my last company's payroll, which later turned out to be an inside job. Fortunately, I haven't had any problems, and I hope you don't either.
  • by Mordant (138460) on Saturday October 02, 2004 @12:10AM (#10411379)
    All I need in order to help you is your name, address, driver's license information, and social security number. ;>
  • by Corpus_Callosum (617295) on Saturday October 02, 2004 @12:24AM (#10411418) Homepage
    Purchase Equifax Identity Theft Protection. Not only will they notify you by email any time your credit report changes (e.g. new credit being taken out, etc), but they will insure you in case something happens.

    I recommend that everyone does this these days. Your information is out there and easily collected by those that want it. Your information IS NOT safe.
    • I have to second Equifax as being a good company for identity monitoring. I use the Equifax Gold Credit Monitoring service for my wife and I, and it is great. Sure, it costs us $20 a month for the both of us, but I'm sure it will more than pay for itself the first time we have our one of our identities stolen. I like the fact that it notifies you within 24 hours via email if somebody pulls your credit report. Last month we refinanced our house and the morning after the bank pulled our credit, I got an e
  • You wouldn't happen to work at the Bush Campaign Offices [slashdot.org], would you? =)

  • by tbmaddux (145207) * on Saturday October 02, 2004 @01:08AM (#10411544) Homepage Journal
    Unforuntately it looks like you have done all you can. According to Identity Theft And Your Social Security Number [socialsecurity.gov] on the SSA website, you have to have evidence that someone is currently using your number before they will issue you a new one. One way to determine that is to check your social security statement, [socialsecurity.gov] but I doubt anything will turn up here as fraudsters are unlikely to use your number to report earnings. SSA also recommends the flagging of your credit report, as you have already done. The Federal Trade Commission [consumer.gov] suggests the same (fraud flags) but also suggests filing a police report.

    For those of us not as unlucky as the original poster, there is a lot of information available at EPIC [epic.org]

  • You processed the fraud alert...

    You are done... now it is up to your credit companies to deal with unlawful inquiries... you put them on alert that you may have unwanted access happening.

    If they want to minimize their own risk they will issue you new cards, etc.

    you have reported... you can now request new cards and move on....

    that's it... fairly simple...

    -james

  • by Anonymous Coward
    There are two types of credit fraud alerts: one is a 90-day fraud alert and the other is a 7-year fraud alert. The latter is only allowed if you have had your identity stolen (so you qualify). You must explicitly ask specifically for a 7-year fraud alert or the credit bureaus will give you a 90-day one. There's more paperwork required for the 7-year fraud alert too. It's well worth the effort - once in place, no one can extend credit without contacting you by phone and getting your explicit permission.

    In

  • 1. Get a new SSN number. Seriously.
    2. Goto the bank and have them transfer your money into new accounts and have them issue you new a ATM/debit card and checks.
    3. Also have your bank restrict the types of EFT's that can be done to your account.
    4. Have a new credit card issued and ask that your account be assigned a password.
    5. Contact the company that your 401k and have modify your account so that only in person can any withdrawls or wiring of money can occur.
  • It's going to get harder to prevent people from getting your SSN number. It's now required on anything imported by you. So if you purchase a $30 cd-burner from Canada, you now has to supply the vendor with your SSN number so he can ship it to you.

    It use to be that was only required on shipments over $1000 but now it's required on all shipments. So you government isn't helping the situation.
  • You can go down to your local SS office and ask for a new SSN. This is painful, time consuming and difficult because you will need to notify all of the businesses that you used the old SSN ligitamiteley (such as credit cards, mortgages, loans etc.) They may reject the change, but then if you get into a bigger pickle with identity theft, you can hire a lawyer and sue SS.

  • The biggest thing to watch for is a change of address on your credit report, it means that someone has opened an account and the statements are going to someplace you aren't, bad sign.

    Mistaken Identity is probably a bigger problem than Identity theft, there is a woman localy, who's first name, last name and middle initial is the same as my wife's, who's SSN is one digit different, who's driver's license is one digit different and she seems to like bouncing checks and not paying taxes or hospital bills.

Brain damage is all in your head. -- Karl Lehenbauer

Working...