Photo Credit: Richard Stephen on iStockPhoto
Social Security Number Breach: Hype or High-Priority?
By David Stidham, Operations Manager at Cenetric
Hackers are always after more and more of our info, and one group recently hit the mother lode: a whole lot of Social Security numbers they stole from a background-check company called National Public Data. While the number of people affected isn’t clear yet, it’s a big deal we should all pay attention to.
Some news outlets have said 2.9 billion people have had their SSN revealed, but that number is actually referring to the number of rows of data that hackers obtained, according to security experts at KrebsOnSecurity.
KrebsOnSecurity reports that analysts from across the industry have found 272 million unique SSNs and 137 million unique email addresses in the data set, along with names, home addresses, and other identifiers. The sort-of-good news is that almost all the data is likely about people born before 2002 and many of those people are deceased.
But now’s not the time to breathe a sigh of relief. Even if your info isn’t in the breach, this is a wake-up call we should all heed. It’s time to take action now — it’s a lot easier to avoid an identity theft mess than it is to clean one up.
Find out if your Social Security number was included in the breach
You can see if you’ve been affected by checking your name, state and birth year using Pentester’s tool. (Be wary of other sites asking you to submit your SSN.) Be sure to check all the states you’ve lived in and any other names you’ve used, like a maiden name.
If you find your data using Pentester’s tool, read on below for the steps you should take to protect your identity and money.
If you don’t find yourself there, read on below and take the steps anyway to protect yourself down the road. As we say in cybersecurity, it’s not if you’ll get hacked — it’s when.
Photo Credit: scyther5 on iStockPhoto
What should you do if your Social Security number was stolen?
With your Social Security number and other personal data in hand, bad actors can do a whole lot of damage in your name — like open credit cards or bank accounts, get into existing accounts, or file fake tax documents. It’s time to head them off.
Freeze your credit
Contact each of the three credit bureaus — Equifax, Experian and TransUnion — and freeze your credit reports with them. This prevents the bad guys from opening credit in your name. (Take this opportunity to review your credit report for anything fishy as well.)
You’ll note we didn’t say “lock” your credit. On each credit bureau’s site, you might get offers to lock your credit file instead of freezing it. Opt for the freeze. Credit freezes are free by federal law and prevent identity theft by severely limiting who can see your report.
Locks, on the other hand, are paid options offered by the credit bureaus. (Equifax’s is free, though.) While they also block access to your credit reports, unlike freezes, they aren’t governed by federal law.
The allure of locks is that you can unlock them instantly when you want to apply for credit. But freezes can be “thawed” within an hour when requested by phone or online, making the difference negligible. Since most of us are rarely in situations where we need to apply for credit at a moment’s notice, free credit freezes are likely the best option.
Whichever option you choose, do it at all three credit bureaus to make sure you’re as protected as possible.
Enroll in an identity protection service
Even if your data was part of this massive breach, it’s not too late to sign up for a service that will alert you to fraud related to your personal data — in fact, it’s a must-do. Identity theft is a stressful, expensive experience that costs you not only money but also hours and hours of your time.
Our team members have used Norton LifeLock and IdentityGuard to protect themselves. As a business owner, you might even consider offering one of these services as an employee benefit.
Not only will it save you from the lost productivity of an employee distracted by identity theft fallout, but it will also protect your business. If a bad actor has your employee’s data, there’s always a chance they have some of yours too (especially if team members re-use passwords in personal and professional settings).
Photo Credit: Jirapong Manustrong on iStockPhoto
Opt out of data sharing
Industry expert Troy Hunt reported on his blog that analysts who examined the breach said that people who used data opt-out services were not included in the data files. By removing their information from the data aggregator’s database, they’d protected themselves from hackers.
It’s always a good idea to keep as much personal data as you can offline. Our top choice for data opt-out is always Optery because it offers personal and business services. (That’s not an ad — they’re just great!) By removing your information from data brokers’ stockpiles, you’ll protect your identity and steer clear of spam communications and phishing attacks.
For even more info on staying safe from hackers, check out our data protection series:
- Data Protection: Safeguarding Your Data in Emails
- Data Protection: Safeguarding Your Data in Mobile Apps
- Data Protection: Safeguarding Your Data on Wi-Fi
Take cybersecurity seriously at home and at work
It would be great if we didn’t have to worry about the security of our personal information or our financial data, but we absolutely do. And the best person to project you is, well…you. Take the important steps we’ve outlined here to make sure you’re not a victim of this data breach — or the next one.
To thoroughly protect your business, you need experts by your side. The team at Cenetric has the experience and availability to help you prevent a cyber attack — or respond if you’ve already been hit. If you want guidance from a team that’s seen just about everything, we can help you become more secure (and feel a lot safer). Let’s set up a time to talk about cybersecurity.
Photo credits (in order): scyther5, Richard Stephen, Jirapong Manustrong (all on iStock).