A few days ago while sorting through some snail mail that had gathered on the counter; I noticed a letter from the parent company of a local company. The envelope had nothing really written on it, except for a small line on the back “Secure Processing Center”. I decided to open it prior to tossing it into the recycling bin, just in case it contained any personal information or was a credit card offer so I could put it in the “to shred” bucket. Not that I have room in my recycling, or shred, bin again this week.
The letter caught my attention, as letters of this type all start the same:
“Company Name, LLC is writing to inform you of an incident that may affect the security of your personal information. This incident may have resulted in unauthorized access to personal information including your name, Social Security number and date of birth. We are providing this notice to you so that you may monitor your financial statements and take steps to protect your information.”
This is not the first time that I have gotten one of these letters (or notifications), or had my identity compromised/stolen. I have a file in my filing cabinet. The letters have similar parts and are in the same order:
- Intro paragraph explaining your personal information may be compromised
- The Incident
- Company’s Response
- Identity theft protection
- What else you can do
- Concluding paragraph
Where they typically vary is in the description of the incident, and in the credit monitoring agency/company they picked for a years free “Theft Protection Services”. Some give more information about the incident than others. In one letter all I got was the equivalent of “data theft happened” and I had to research news stories to find out more information. With this letter there were two paragraphs explaining what occurred. In this case, much like a few of the others, it was due to someone having the data on a cartridge/laptop in a backpack that was stolen out of their car. Considering the number of times a situation like that happens one would think that the person would have taken better care to make sure to have the backpack on them at all times. Companies should have more rules regarding the safekeeping of personal information.
After the initial shock, anger, frustration, and disbelief passed I went to work and went down my check list:
- Create file for tracking all documentation
- Place fraud alert with Transunion, Equifax, Experian. Each of the top three agencies are required to notify the other two when a fraud alert is placed.
- Request copy of Credit Report. Each person is allowed one free copy of their credit report each year; a 90 day fraud alert allows for one extra report.
- Review contents and print Credit Report for file
The “Theft Protection Services” that were offered turned out to be credit monitoring and identity theft consultation and restoration. It would have required me to provide to another company all of my identifying information. Why should I entrust yet another company with all of my information? I trusted the first company with my information and look where that got me.
The last time that this happened and they provided a year of credit monitoring I did sign up. It was provided by one of the three credit reporting agencies. From my experience all they did was notify me after the fact that a credit check with their agency had occurred. Most of the time they just sent me a newsletter, which I still get and could have signed up for free on their website, and try to sell me on other products and services (which they still do). The main benefit to the credit monitoring is that it would be sooner notification of a hard credit report pull for someone trying to open up a new line of credit. That is also the downfall to the credit monitoring services; they only monitor one type of identity fraud. Once a hard credit report is pulled a persons credit score goes down by at least a few points. It can also introduce fraudulent data into a credit report. To which I still would have to deal with cleaning it all up.
As seen in this video by McAfee (not the company that I was offered free protection from for a year. I am also not advertising for their products or services, this is an educational example.):
It was only “after” the thief tried to establish credit in the victims name, and a credit report was pulled did she know about the incident. The thief also has the persons information and shared it with others.
With a Fraud Alert on the Credit Report any company pulling a credit report is required to contact the person and verify that they are in fact the one applying for credit. They are supposed to call the phone number that is associated with the Fraud Alert. The last time I had a fraud alert on my account and applied for a credit card the company called as soon as they processed the application. They asked me all sorts of information, questions, verification of information on the application, etc. It takes more time to open up a line of credit due to the phone call. Granted a Fraud Alert only works if the company actually checks a credit report.
So despite all my diligent efforts to protect my identity; it once again has turned out not to be enough. Some person was careless and didn’t go to the same effort to safeguard the information. Now I, and others, have to live with the potential of our identity being out there. When at some point in the future, long after the year credit monitoring expires, someone might try to use that data fraudulently. No one is 100% safe when it comes to identity protection, but there are things we can all do. Like not leave a data storage device containing personal identification in a backpack in the back seat of a car unattended. That just seems like common sense to me.
Spring Cleaning (https://roseylinn.wordpress.com/2014/05/09/spring-cleaning/)
FTC Consumer Information Order Credit Report Initial Fraud Alert (http://www.consumer.ftc.gov/articles/0275-place-fraud-alert)
FTC Consumer Information Order Credit Report Initial Fraud Alert (http://www.consumer.ftc.gov/articles/0276-order-credit-reports)
*DISCLAIMER: I am not a lawyer. Any advice given is just that, advice, and any consequences of following said information are the sole responsibility of the reader. This is just information, educational, and advice. It should be taken as such.