December 2018–A breach at Marriot International / Starwood exposed personal information of 500 million people and started in 2014.
October 2018–A Google + bug allowed developers to access personal data from 500,000 users who had installed their app.
September 2018–Facebook continues to be in the news. Bugs in one of there services exposed account contents and activity of 50 million Facebook, Instagram, and WhatsApp users.
Keeping Your Personal Information Private
Have you ever searched your name online? How did those sites get so much private information about you? What are they doing with it? Taking control of your personal information is a great step to avoid being a victim of a data breach or identify theft. Finding a balance between convenience and privacy, here are a few ideas:
- Avoid sharing secrets. While sharing private details of your life on social media, be aware it’s online forever. Avoid sharing where you live, answers to your security questions, vacation plans, occupation, pet or family members’ names, at least. Own your online presence and read those Facebook, Twitter, WhatsApp, etc. privacy controls.
- Children’s Online Safety. Educate your children on what information is appropriate to share, and why. Periodically discussing their email, social media postings and website choices can help keep them safe and create an open conversation about their wellbeing.
- Freeze your Credit Profile with Each Bureau. Start with the top four credit bureaus. Limiting access to your profile greatly reduces bad actors’ ability to open banking or utility accounts.
- Do Not Call Registry. Adding all your family’s telephone numbers will reduce those unsolicited, disruptive sales calls. While charities and unscrupulous companies will call anyway, at least you know why they are calling. Visit https://www.donotcall.gov
- Direct Mail. Reduce unrequested catalogs and junk mail from overwhelming your mailbox. Remove your name from direct mail solicitation. Visit https://dmachoice.thedma.org
- Avoid Pre-Screening. While you’re reviewing your credit reports for fraud, opt-out of credit pulls for pre-approved credit and solicitations. Get your free, annual report at https://www.annualcreditreport.com/
- Eavesdropping on your telephone conversation. Be discreet when talking about private information on your phone when in public. Loud or speaker-phone conversations may be sharing private details about your family, your home or yourself.
- Is your home listening device sharing your information? Devices that are always listening are hearing and likely recording everything your family says. Their convenience is great but knows who your information is being shared with and where it is being sent.
- Be aware of shoulder surfing. Take steps to block other’s view when you are entering your ATM PIN, mobile phone Code, online account password, etc.
- Limit what information you keep in your wallet, purse, vehicle, mobile phone, table, etc. Assume that it will be lost or stolen someday, so take precautions.
Privacy Precautions While You Are Online
Websites and browsers are tracking your activity and presenting targeted advertisements. It can be a helpful service but all that data about you, your identity, location, persuasions, interests, health etc., is aggregated, stored and possibly sold. Search online for browsers and settings to limit or avoid the collection of your purchasing or browsing activity.
Is Your Email Sharing Information? Many ‘free’ email services ‘read’ your email for details about you–names, contacts, addresses, interests, buying habits, health–and formulate a profile and serve ads. If the email service is ‘free,’ your personal information is likely the product. Some email service providers go to great lengths to help you manage your privacy. A simple online search will identify them.
- Email isn’t Secure. Unless your email is encrypted, avoid sending private information in a message. There are relatively easy ways for a bad actor to capture your messages.
- Email isn’t for Storage. Assume it’ll be hacked someday and limit what’s in it. While overly cautious, periodically delete your Sent messages, clean out your Inbox, and even delete your Contacts if you store them elsewhere. Then, delete the contents of your Deleted folder.
- Spam. Don’t unsubscribe or reply to an email that you did not sign-up for or request. By replying or unsubscribing to spam, you are confirming that your email address is a legitimate address, and you will receive more.
HTTPS://. Look for HTTPS:// in the website address and avoid entering personal or financial information or a password into a site that HTTPS is not the prefix. It’s the ‘S’ that makes the difference.
Avoid using Public or Free Wi-Fi to log into banking or private accounts. You don’t know who really created the network or if or how it is secured. Is it truly McDonalds’ Wi-Fi, or a bad actor who used the same name?
Location Services. Some mobile apps request access to your location, contacts, camera or microphone. Avoid services and apps you aren’t planning to use and review the configuration of your mobile device to learn which apps are accessing your private content and determine if there is a legitimate need.
Securing Your Computer
Manage software. Remove software from your computer that you are not using. Software has bugs. For software that you intend to keep, ensure it is supported and up-to-date. Software makers don’t support or provide software updates forever. This is often found under the software’s About or Help button.
Updates. Keep your computer’s and router’s firmware and Operating System (OS), current to help manage the vulnerabilities and bugs it may have. Most systems can be configured to automatically update on a schedule. Confirm this is happening on your computer and router.
Passwords. Avoid using account or identification numbers or personal information. For important accounts, make the passwords unique. If multi-factor, multi-step or MFA is available, start using it today. By sending a code or PIN to your phone, or registering your computer’s IP, you can increase the security of your account. As for passwords, making them easier to remember and more secure could be choosing: Three or Four unrelated words + Number + Special Character. Like this: BlueChickenDiamond23!
Anti-Virus Software. With the many, even free, AV software that is available, make sure that each computer is running the most current version.
Email Links and Attachments. Many computer viruses and fraud use hacked email accounts, so before you open an email message, confirm that you were expecting it, it’s from someone you know, and the content, request, style or time of day matches what you would expect from the person. Avoid opening links or attachments if you are at all suspicious. Ask yourself…
Shred your Papers. Use a cross-shredder to ensure that the documents you put in the trash or recycle cannot be traced or linked to you. Don’t let someone dig through your trash or dumpster dive to find your personal information.
How Would I Discover that I’m a Victim of Identity Theft?
- Regularly review banking, investment and insurance statements and online accounts. If discover unauthorized transactions or activity, immediately report it.
- Review your credit reports. https://www.annualcreditreport.com/ is the only site for free credit profiles from the top three bureaus, so retrieve one, wait four months, then retrieve another… Review your child’s as well.
- Identity Theft Protection services likely do not prevent fraud or Identity Theft, but can alert and help respond to it. It’s really an insurance policy and may provide piece of mind. Read the fine print though. Also, contact your homeowners’ or renters’ insurance policy. You may have coverage and not even know it.
- You’ve an increase in email spam or unsolicited phone calls. If so, don’t reply, merely block the phone number or email address. If they’re too numerous , you may need to change your email address or your telephone number.
How Can I Respond to Identity Theft
So the bad actors have your personal information and are using it. What can you do?
- Notify each banking, investment and insurance institution. Request a ticket/claim number for each report.
- Contact your homeowners’ insurance provider. Your policy may help you recover.
- Take your computer, tablet and mobile phone to a reputable computer tech to check for malware, remote access and updates.
- Using a secure, cleaned, updated computer:
- Change the password for each online account–banking, email, medical, social media…
- Change the administrator and network passwords to your home wi-fi router.
- If you’ve not, immediately freeze your four credit profiles. https://www.tbacu.com/resources/security-alerts/. In that process, declare that you are an identity theft victim.
- If you’ve not, file your taxes.
- Report to https://www.identitytheft.gov/
- Document each step. Who you contacted and the date. This may help with a claim or uncover how the data was stolen.
- You may need to open new banking accounts.
- Regularly review your banking, medical and investment statements, and your credit report at https://www.annualcreditreport.com/
Should your report it to local law enforcement? It never hurts, however many times the crime happened outside of their jurisdiction.