Stolen SSN, Credit Bureaus Alerted , Now What?

privacyIntruded asks: "Recently I was informed by a former employer that a computer containing my name, address, drivers' license information, and social security number had been hacked. Though they do now know what, if any, information was accessed on the computer, they recommended I place a fraud alert on my credit report. To my relief, after placing the alert, I received credit reports that look fine. Now what? Assuming that someone does have the information, do I just wait for the day when someone uses the information for fraud, then hope I can minimize the damage when it is? Is there anything I can do to reduce the risk?"

News for nerds??

[woobieman29]

I really think that you are looking for information in the wrong place. Contact the credit bureaus (Experian, etc) for information, and then google for other organizations that deal with identity theft to get some pointers. Sure, someone here may have had some experience with this, but realistically asking this on Slashdot is about as appropriate as asking the dudes on "Queer Eye for the Straight Guy" to help you overhaul your transmission.

Good luck anyway - I hope that nothing bad happens to your credit.

well

[schnits0r]

I recently had my informatiuon used against me (1800$ fanished from my account over night, which put me in a bad position as I was about to leave for vacation in 2 days). Anyways, the money was taken from where I was 3 months prior, so if this happened recently, I suggest you change what is feasibly changeibile before it bites you in the ass in a few months after you forgotten about it.


Inform people this happened, so they don't become victims too. If something had been used already, talk to whoever is in change (if your bank acocunt has been broken in to, the banks will often give you a paper to sign saying they will incur any damages as long as you don't sue them).


There may also be a victim support group somewhere to attend if you are mentally distrought, but since you are on the internet, I'm sure you have gotten around to accepting you ahve no privacy by now.

Here is a list

[justanyone]

Here is a list of what you should do immediately:

1. Invent a new set of 4 passwords. Make them impossible to guess, 8 chars with upper and lowercase, NOT WORDS!, and at least two nonsequential numbers. Something like "FjW7zk2a". Don't practice typing them until you fix your box (see below). Create a paper list of them, memorize them well, then once you can remember them easily for 2 weeks (vital for long term memory), destroy the list or put it in a safe deposit box.
2. Invent a further password that you can use all the time, that you know to be a 'dumb' password that you use to log into websites like slashdot or imdb. Make sure you only use the dumb password for dumb applications, and the good ones (above) for stuff like signing in to your online brokerage or bank's transfer-money-type-website.
3. Fix your box or get a new one. Make sure it has Norton or MacAfee Antivirus on it, plus a good firewall, plus AdAware's SpyAssasin (recognized as best by most of my group of IT/InfoSec friends). Only when your box is secure should you do any online activity.
4. Call your credit card companies and request a new card from each of them. Tell them you believe your card number has been compromised and wish a new card.
5. While you're on the phone with your credit card companies, tell them you add an additional password to your account that they must request and you must provide whenever you talk with them. Chase and Discover at least both do this and have honored my request for it. This adds quite a bit of new security to your account.
6. Visit your bank, and close your existing accounts. Transfer the money to at least two new accounts. One of those accounts should NEVER EVER have any EFT (electronic fund transfer) transactions into/out of it. If your bank allows it, request that the account type prohibit that kind of activity. The other account should be an everyday checking or savings account that you can have the EFT's done with.
7. You mentioned contacting the credit bureaus and having a fraud listing attached to your account. This is good; it is free and effective.
8. If you currently have a Debit card, cut it up. Ask your bank for a card that ONLY does ATM transactions and nothing else. You are NOT protected if a debit card is stolen or misused - your money is GONE. Credit card companies protect you from paying more than $50 if a card is stolen / misused.
9. Re-read your last 6 months of credit card bills. Make sure you understand each charge on it. This allows you to have the familiarity to immedately spot fraudulent charges on your bill(s) and thus to react more quickly if there is a problem.
10. If you feel it necessary, there are companies out there who will do credit reports daily (if not the credit bureaus themselves) and email you if there is any significant activity (new accounts opened, etc., something goes to a collection agency, etc.). This service will probably cost you about $200 per year or so, but might be worth it for your peace of mind.

Just some ideas. Best of luck to you.

Re:Here is a list

[Judg3]

If you currently have a Debit card, cut it up. Ask your bank for a card that ONLY does ATM transactions and nothing else. You are NOT protected if a debit card is stolen or misused - your money is GONE. Credit card companies protect you from paying more than $50 if a card is stolen / misused.

Not true. See here. Granted, credit cards have a broader umbrella then debit cards, but there are protections in place - the Visa and MC "zero-liability" apply to debit cars these days as well. It's tougher to dispute a debit purchase vs a credit purchase, but's its definately doable.

Credit cards. Under federal law, if someone steals your credit card you're only responsible to pay the first $50 of unauthorized charges. And, says FTC lawyer Carol Reynolds, if you notify the issuer before the thief makes any charges, you may not be out anything. You're also free from liability if unauthorized purchases occur when the card is not physically present, say in an Internet purchase, she says.

Zero-liability policies, like those offered by Visa and MasterCard, add a second layer of protection. Under these programs you won't pay anything if someone fraudulently uses your credit card online or off.

Debit cards. The rules are similar for debit cards, but there are a few restrictions. For example, your liability under federal law is limited to $50, but only if you notify the issuer within two business days of discovering the card's loss or theft. Your liability could jump to $500 if you put it off. And even this cap is lifted if you wait more than 60 calendar days from the time your bank statement is mailed.

Federal protections are a bit more generous if a thief just steals your debit card number (and not the actual card), but you still have 60 days after receiving your bank statement to report any unauthorized transactions.

The Visa and MasterCard zero-liability policies also apply to debit cards, but only to non-PIN transactions. If a thief steals your card and your PIN, the federal rules are your only defense.

For additional protection check your homeowners or renter's insurance policy. Most cover up to $500 for losses from unauthorized card use.

Also, get a new SSN issued and have the old marked as fradulent. It will prevent any new credit cards or loans being created in your name and destroy your credit

Re:Here is a list

[the_cowgod]

Huh, that's not what the Social Security Administration says:

Getting a new Social Security number

If you have done all you can to fix the problem and someone still is using your number, we may assign you a new number. We cannot guarantee that a new number will solve your problem.

You cannot get a new Social Security number if:

* You filed for bankruptcy;
* You intend to avoid the law or your legal responsibility; or
* Your Social Security card is lost or stolen, but there is no evidence that someone is using your number.

Re:Here is a list

[Judg3]

Debit cards fall under the Electronic Fund Transfer Act, see more info here.

Personally, I think the credit card companies have a lot to do with people thinking they have zero protection. Granted, a debit card isn't as safe as a credit card, but it's not as risky as a lot of people like to think.

Re:Here is a list

[ComputerSlicer23]

Actually, that's not true. I know for a fact that you can get new SSN's. If you can show that the identity theft is bad enough, they will in fact issue you a new SSN.

Furthermore, there is a rule that if you and another family member in your immediatly family have a SSN that differs by only a single digit, the gov't has to let you request a new one. (Notice, that's a single digit, not numerically next to each other). In my family, we have 3 out of 4, but they end in 07, 09 and 10 (actually, now that I've re-read the rule, we might qualify, they say sequential). So we nearly qualified for the rule. Having the first 7 digits and a last name match does create problems for credit reporting companies. Did I mention that there are 5 kids in my family, and we all have names that start with "K". They skipped the 08 one intentionally so that we would not not have sequential ones. So I'm not sure if I am interpreting the rule correctly or not.

http://www.lawsmart.com/ssfaqs/sscards.html

That even references the documentation for the form that you request to have your SSN number changed.

http://ssa-custhelp.ssa.gov/cgi-bin/ssa.cfg/php/en duser/std_adp.php?p_sid=A5OT3Wmh&p_lva=77&p_li=&p_ faqid=79&p_created=955483070

That link has my session in it, the FAQ is FAQ id 79, and is in the Social Security Number and Cards, the sub-category is General- SSNs and Cards. If you look around you'll find it. The following are the criteria:

• Sequential SSNs assigned to members of the same family
• Certain scrambled earnings situations
• Certain wrong number cases
• Religious or cultural objection to certain numbers/digits in the SSN
• Misuse by a third party of the number holder's SSN and the number holder has been disadvantaged by that particular misuse
• Harassment, abuse or life endangerment situations (including domestic violence)

If I didn't have nearly perfect credit, I'd apply to change it just because there are members of my family who know my SSN, whom I wish didn't. Members of my family are nearly indistingishable on the phone from me. Even by other close relatives.

I'd like to see the reference material on non-special SSN's that get re-issued. The SSO has special procedures to ensure that they aren't re-issued for long periods of time after someone is dead. According to the FAQ, no SSN has ever been re-issued (some of the 000-XX-XXXX specials get reused). The SSN has only assigned 450Million of the 1Billion available. In the FAQ search for an entry with the word "died", it'll be one of the first few.

Got any more urban legends you'd like me to debunk?

Sorry that I can't provide direct links, but the site doesn't give them back. You have to have the cookies and goop hooked up to it.

I read up on the rules about SSN's at great length when slashdot posted the story about the man who doesn't have an SSN. There are all sorts of neat rules about them. The IRS is a serious pain to deal with because of it, but it can be done.

Kirby

In three months

[raider_red]

In three to six months, get a fresh copy of your credit report from the credit bureau. Also, see this site about ID theft issues. It provides a pretty good cheat sheet for what to do in your situation.

I had the same thing happen to me last year. We had a break-in at the firm which handled my last company's payroll, which later turned out to be an inside job. Fortunately, I haven't had any problems, and I hope you don't either.

Wrong.

[DAldredge]

I wish you would not make shit up. Here is what can be done to get a new ssn.

The SSA has a new publication on what to do When Someone Misuses Your Number discussing Identity Theft in general terms. It says If you can prove that you're being disadvantaged because someone used your Social Security number, visit your local Social Security office to request a new one. If you've done all you can to fix the problem and someone is still using your number, under certain circumstances, we may assign you a new number. which seems not to promise anything, and to leave the discretion in the hands of the local office. They do recommend that you file a report with both Social Security Fraud Hotline at 1-800-269-0271 and the FTC.

What to do When Your SSN is Compromised

[tbmaddux]

Unforuntately it looks like you have done all you can. According to Identity Theft And Your Social Security Number on the SSA website, you have to have evidence that someone is currently using your number before they will issue you a new one. One way to determine that is to check your social security statement, but I doubt anything will turn up here as fraudsters are unlikely to use your number to report earnings. SSA also recommends the flagging of your credit report, as you have already done. The Federal Trade Commission suggests the same (fraud flags) but also suggests filing a police report.

For those of us not as unlucky as the original poster, there is a lot of information available at EPIC

Re:buy more stuff from them.

[pdx_joe]

I believe more information is leaked then we know about. Not necessarily by the "bad guys." I work in a University Computer Lab and use the paper in the recycling bin for scratch. I pull out student's administration papers with their name, SSN, address, DOB. All written and thrown in the bin by students themselves. It would be easy to copy these down and apply for a credit card. People in general need to be more careful with their information. l