Stolen SSN, Credit Bureaus Alerted , Now What?

privacyIntruded asks: "Recently I was informed by a former employer that a computer containing my name, address, drivers' license information, and social security number had been hacked. Though they do now know what, if any, information was accessed on the computer, they recommended I place a fraud alert on my credit report. To my relief, after placing the alert, I received credit reports that look fine. Now what? Assuming that someone does have the information, do I just wait for the day when someone uses the information for fraud, then hope I can minimize the damage when it is? Is there anything I can do to reduce the risk?"

well

[schnits0r]

I recently had my informatiuon used against me (1800$ fanished from my account over night, which put me in a bad position as I was about to leave for vacation in 2 days). Anyways, the money was taken from where I was 3 months prior, so if this happened recently, I suggest you change what is feasibly changeibile before it bites you in the ass in a few months after you forgotten about it.


Inform people this happened, so they don't become victims too. If something had been used already, talk to whoever is in change (if your bank acocunt has been broken in to, the banks will often give you a paper to sign saying they will incur any damages as long as you don't sue them).


There may also be a victim support group somewhere to attend if you are mentally distrought, but since you are on the internet, I'm sure you have gotten around to accepting you ahve no privacy by now.

Here is a list

[justanyone]

Here is a list of what you should do immediately:

1. Invent a new set of 4 passwords. Make them impossible to guess, 8 chars with upper and lowercase, NOT WORDS!, and at least two nonsequential numbers. Something like "FjW7zk2a". Don't practice typing them until you fix your box (see below). Create a paper list of them, memorize them well, then once you can remember them easily for 2 weeks (vital for long term memory), destroy the list or put it in a safe deposit box.
2. Invent a further password that you can use all the time, that you know to be a 'dumb' password that you use to log into websites like slashdot or imdb. Make sure you only use the dumb password for dumb applications, and the good ones (above) for stuff like signing in to your online brokerage or bank's transfer-money-type-website.
3. Fix your box or get a new one. Make sure it has Norton or MacAfee Antivirus on it, plus a good firewall, plus AdAware's SpyAssasin (recognized as best by most of my group of IT/InfoSec friends). Only when your box is secure should you do any online activity.
4. Call your credit card companies and request a new card from each of them. Tell them you believe your card number has been compromised and wish a new card.
5. While you're on the phone with your credit card companies, tell them you add an additional password to your account that they must request and you must provide whenever you talk with them. Chase and Discover at least both do this and have honored my request for it. This adds quite a bit of new security to your account.
6. Visit your bank, and close your existing accounts. Transfer the money to at least two new accounts. One of those accounts should NEVER EVER have any EFT (electronic fund transfer) transactions into/out of it. If your bank allows it, request that the account type prohibit that kind of activity. The other account should be an everyday checking or savings account that you can have the EFT's done with.
7. You mentioned contacting the credit bureaus and having a fraud listing attached to your account. This is good; it is free and effective.
8. If you currently have a Debit card, cut it up. Ask your bank for a card that ONLY does ATM transactions and nothing else. You are NOT protected if a debit card is stolen or misused - your money is GONE. Credit card companies protect you from paying more than $50 if a card is stolen / misused.
9. Re-read your last 6 months of credit card bills. Make sure you understand each charge on it. This allows you to have the familiarity to immedately spot fraudulent charges on your bill(s) and thus to react more quickly if there is a problem.
10. If you feel it necessary, there are companies out there who will do credit reports daily (if not the credit bureaus themselves) and email you if there is any significant activity (new accounts opened, etc., something goes to a collection agency, etc.). This service will probably cost you about $200 per year or so, but might be worth it for your peace of mind.

Just some ideas. Best of luck to you.

Re:Here is a list

[Judg3]

If you currently have a Debit card, cut it up. Ask your bank for a card that ONLY does ATM transactions and nothing else. You are NOT protected if a debit card is stolen or misused - your money is GONE. Credit card companies protect you from paying more than $50 if a card is stolen / misused.

Not true. See here. Granted, credit cards have a broader umbrella then debit cards, but there are protections in place - the Visa and MC "zero-liability" apply to debit cars these days as well. It's tougher to dispute a debit purchase vs a credit purchase, but's its definately doable.

Credit cards. Under federal law, if someone steals your credit card you're only responsible to pay the first $50 of unauthorized charges. And, says FTC lawyer Carol Reynolds, if you notify the issuer before the thief makes any charges, you may not be out anything. You're also free from liability if unauthorized purchases occur when the card is not physically present, say in an Internet purchase, she says.

Zero-liability policies, like those offered by Visa and MasterCard, add a second layer of protection. Under these programs you won't pay anything if someone fraudulently uses your credit card online or off.

Debit cards. The rules are similar for debit cards, but there are a few restrictions. For example, your liability under federal law is limited to $50, but only if you notify the issuer within two business days of discovering the card's loss or theft. Your liability could jump to $500 if you put it off. And even this cap is lifted if you wait more than 60 calendar days from the time your bank statement is mailed.

Federal protections are a bit more generous if a thief just steals your debit card number (and not the actual card), but you still have 60 days after receiving your bank statement to report any unauthorized transactions.

The Visa and MasterCard zero-liability policies also apply to debit cards, but only to non-PIN transactions. If a thief steals your card and your PIN, the federal rules are your only defense.

For additional protection check your homeowners or renter's insurance policy. Most cover up to $500 for losses from unauthorized card use.

Also, get a new SSN issued and have the old marked as fradulent. It will prevent any new credit cards or loans being created in your name and destroy your credit

Re:Here is a list

[the_cowgod]

Huh, that's not what the Social Security Administration says:

Getting a new Social Security number

If you have done all you can to fix the problem and someone still is using your number, we may assign you a new number. We cannot guarantee that a new number will solve your problem.

You cannot get a new Social Security number if:

* You filed for bankruptcy;
* You intend to avoid the law or your legal responsibility; or
* Your Social Security card is lost or stolen, but there is no evidence that someone is using your number.

Re:Here is a list

[Judg3]

Debit cards fall under the Electronic Fund Transfer Act, see more info here.

Personally, I think the credit card companies have a lot to do with people thinking they have zero protection. Granted, a debit card isn't as safe as a credit card, but it's not as risky as a lot of people like to think.

In three months

[raider_red]

In three to six months, get a fresh copy of your credit report from the credit bureau. Also, see this site about ID theft issues. It provides a pretty good cheat sheet for what to do in your situation.

I had the same thing happen to me last year. We had a break-in at the firm which handled my last company's payroll, which later turned out to be an inside job. Fortunately, I haven't had any problems, and I hope you don't either.

Wrong.

[DAldredge]

I wish you would not make shit up. Here is what can be done to get a new ssn.

The SSA has a new publication on what to do When Someone Misuses Your Number discussing Identity Theft in general terms. It says If you can prove that you're being disadvantaged because someone used your Social Security number, visit your local Social Security office to request a new one. If you've done all you can to fix the problem and someone is still using your number, under certain circumstances, we may assign you a new number. which seems not to promise anything, and to leave the discretion in the hands of the local office. They do recommend that you file a report with both Social Security Fraud Hotline at 1-800-269-0271 and the FTC.

What to do When Your SSN is Compromised

[tbmaddux]

Unforuntately it looks like you have done all you can. According to Identity Theft And Your Social Security Number on the SSA website, you have to have evidence that someone is currently using your number before they will issue you a new one. One way to determine that is to check your social security statement, but I doubt anything will turn up here as fraudsters are unlikely to use your number to report earnings. SSA also recommends the flagging of your credit report, as you have already done. The Federal Trade Commission suggests the same (fraud flags) but also suggests filing a police report.

For those of us not as unlucky as the original poster, there is a lot of information available at EPIC