Once More, a Data Breach, Dear Friends
Protecting yourself against identity theft
Published in 2015 Washington DC Super Lawyers magazine
on April 21, 2015
Updated on April 30, 2015
While the cyber hack of Sony Pictures Entertainment uncovered confidential emails that titillated Hollywood, it also exposed more than 47,000 Social Security numbers of past and present employees, as well as company financials.
The trend is on the uptick. In the past year and a half alone, customer information from Neiman Marcus, Home Depot, JP Morgan Chase, Staples and Goodwill was compromised.
“Think about the information imprint that the average consumer creates today versus 10 years ago,” says Kurt Wimmer, U.S. chair of Covington & Burling’s privacy and data security group. “Each time you make an online purchase, send a text message, click an online advertisement or download a new app on your smartphone, this creates a new thread of data.”
Most of this electronic information is stored by businesses. “To hackers, these are prized commodities,” says Marc S. Martin, partner at K&L Gates who practices in the telecom, media and technology group. “As the size of the data pie increases, so too will hackers’ attempts to breach it.”
Even as corporations and financial institutions are coming up with new data safeguards, hackers are devising ways to infiltrate them.
If you suspect your information has been compromised, begin collecting copies of statements that indicate fraud, says Chris Griner of Stroock & Stroock & Lavan’s national security privacy group, and document the date on which you discovered a problem. Notify your financial services provider immediately. “When we say immediately, we mean the moment you suspect fraud,” Wimmer says. He suggests writing down the names of everyone you talk to while attempting to resolve the matter.
Also, don’t forget to notify any entity—like a client or employer that makes direct deposits into your account—of the suspected breach, Martin notes, and notify the three main credit-reporting agencies to place a fraud alert on your account. It “will make it harder for bad actors to open unauthorized credit accounts,” he says. “It also provides you free access to your credit report, which will help you determine if any unauthorized credit accounts have been opened in your name.”
If only one credit card has been compromised, and the breach was discovered early, you can generally resolve the issue with the financial institution, Griner says. He recommends that identity theft victims file an Identity Theft Victim’s Complaint and Affidavit, available at FTC.gov.
Identity-theft protection services are an option, too. However, “Personal diligence remains important,” Griner says. “The only secure computer may be the one that is never used.”
PROTECT YOURSELF FROM A CYBER ATTACK
Instead of the usual password, such as a child’s name followed by numbers, use a series of words with numbers and special characters, says Griner. Change passphrases about every 90 days, and stress the importance of securing personal data to family members. “Any user of information has the ability to provide it to others—knowingly or unknowingly,” he says.
Pay attention to correspondence from major retailers or banks. According to Griner, 47 states have laws requiring private or government entities to notify customers if personal information has been compromised. He suggests you verify the authenticity of any correspondence—it could be a scam seeking to get your personal information.
Review credit card and bank statements for unexpected charges, even small ones. “Identity thieves often test consumers with charges of less than a dollar to see if the consumer is watching,” Wimmer says. If the charge goes unnoticed, they “pull the trigger” on larger purchases. Rather than wait for a monthly statement, regularly check your account online.
Remove all personal and financial information from mobile devices before discarding, Martin says.