Companies don’t always protect your information – but you can
Some shocking statistics are tucked into a new report by the Identity Theft Resource Center. It wasn’t the increase in reports of so-called “data breaches” – instances where organizations exposed people’s financial information to possible theft. Breaches rose 47 percent in 2008 from the previous year. Nor was it the fact that sensitive financial information of more than 36 million people was put at risk.
The shocking part was how little the victimized companies and agencies had done to protect the data. In almost 98 percent of the cases, the information was not protected by encryption, and in 91.5 percent of cases, the information was not protected by basic password access.
The cases involved high-profile companies like banks, as well as smaller operations like the Pierce County gas station where debit card numbers were swiped.
In some instances, employees of a company were exposed by a criminal human-resources officer.
Most of the cases involved situations where people tend to turn over cards or account information without a lot of thought.
Q. So what can you do to protect yourself?
A. You can take several steps to protect yourself from identity theft generally: guard carefully how information is handled in your mail, your computer and your trash. Don’t leave account information, Social Security number, PINs or other personal information vulnerable, and don’t hand it over to people unnecessarily. Use security software on your home computer, shred documents with sensitive information before discarding them, and don’t leave mail unsecured.
Data breaches, though, involve the way other people use your information. And they’re becoming more and more common. That can leave you feeling helpless.
Q. So is there nothing you can do to protect yourself?
A. “There are several things you can do,” said Kristin Alexander, spokeswoman for Washington Attorney General Rob McKenna. But you’ve got to be vigilant.
“The best defense is a good offense,” she said. “That means keeping tabs on your credit report.”
You’re entitled to one free copy of each of three credit reports a year – available at annualcreditreport.com. Alexander recommends getting one of the three reports and checking it for improper activity, waiting a few months and then getting the second report, and so on.
If you have concerns, you can put a credit freeze on your account (if you’re a Washington resident anyway), blocking any new credit activity.
Q. Anything else?
A. Pay attention to the companies you do business with. If they’ve had breaches, how have they responded? If you’re providing sensitive information, ask how the company will safeguard it, how they screen employees who will have access to that information, what policies they have in place for data breaches or fraud cases.
Question whether you need to give out your Social Security number as a means of identification. Sometimes companies ask for information that isn’t really necessary for the transaction – such as an e-mail address or mother’s maiden name.
You can track data breaches at Web sites such as the Privacy Rights Clearinghouse (www.privacy rights.org/ar/ChronData Breaches.htm).
Q. What if your information is exposed?
A. You should be contacted by the company that had the breach, but if you’re not, get in touch with the firm immediately. Cancel accounts and open new ones; contact companies that might be affected, such as your bank, credit card companies, etc. Scour your bank and credit statements closely, and file fraud alerts with all three credit-reporting agencies – TransUnion, Equifax and Experian.
Q. What if I find improper charges or unauthorized accounts have been opened in my name?
A. Make a police report immediately. That gives you certain legal protections, such as the right to have a seven-year fraud alert on your credit report, according to the Identity Theft Resource Center. Contact the credit-reporting agencies and place that fraud alert to begin the process of having fraudulent charges or accounts removed.
If you haven’t done so, cancel any accounts that are compromised or fraudulent.
Get copies of your credit report and examine them – the resource center advises against getting the “three-in-one report” because it may not contain as much detail as the separate reports from the three credit-reporting agencies.
Q. Can I get more information or help?
A. Washington Attorney General Rob McKenna has made identity theft a priority, and his office provides some resources for consumers in a couple of ways.
The Web site, www.atg.wa.gov, has a wide range of information. People also can call the consumer resource center weekdays between 10 a.m. and 3 p.m. at (800) 551-4636.
The Web site for Idaho’s attorney general also has information for consumers: www2.state.id.us/ag.