4 Tips for Consumers After the Equifax Data Breach 
Is Your Credit Report Safe? For Half the Country, Maybe Not 
How Safe Are Websites? 
How to Remediate After Data Breach Occurs 
What to do if your email is hacked 
Data Security Breaches 
Financial Information Breach 
Credit Card Breach Identify theft is a growing epidemic caused in part by the digital age. According to the Federal Trade Commission, Americans made approximately 490,220 identify theft complaints. This is almost a 50% increase from the year prior. Many people turn to the Internet to find out how to prevent identity theft. According to the FTC, credit monitoring or some other identify theft protection software is a great proactive measure to protect yourself from identify theft.
On May 26, 2015, the IRS announced that the its website had been hacked, enabling criminals to access the personal data of an estimated 100,000 consumers’ tax accounts. In addition, there were another 100,000 unsuccessful attempts were made. But a subsequent IRS investigation actually revealed that the personal information – including birth dates, Social Security numbers and street addresses – of more than 700,000 IRS consumers was successfully accessed. The number of unsuccessful attempts were also much higher, at more than 500,000.
The hackers were able to gain access to the personal information thanks to the agency’s “Get Transcript” website application. This enabled legitimate taxpayers to view a specific tax year’s account transactions or line-by-line tax return information. Although since disabled, it provided the cyber thieves with a simple method to obtain consumer information. The IRS did state that this breach spared their main computer system, which was responsible for tax-filing submissions.
But the data the identity theft hackers gathered still allowed them to impersonate real taxpayers, file false federal tax returns and even collect others’ refunds. Over a four-month period, they employed a large team to submit over 200,000 queries into the IRS site. The cyber thieves only had to utilize this stolen information to correctly answer various personal identity verification questions to gain access. This information was probably stolen again or sold.
A 2015 General Accountability Office (GAO) report found that for 2013, identity theft resulted in the IRS paying $5.8 billion in fake refunds; this figure may be much higher, as it’s difficult to determine the exact amount of undetected fraud. As of November 2015, the agency prevented about $8 billion in fraudulent tax returns, representing 1.4 million identity theft cases. But as 2013 saw them lose $5.8 billion to these crimes, there is much work needed. According to the Federal Trade Commission (FTC), 2015 saw 490,220 identity theft complaints made, compared to 332,647 in 2014. This may be due to dramatic increases in tax- and wage-related fraud cases.
According to cyber security experts, total prevention of identity theft may be difficult. Instead, they recommend rapid detection, making it crucial that consumers continuously monitor their private and business information. There are certain tips to reduce identity theft risks, including those for taxes and credit reports. You also need to limit sharing of personal information. And when problems occur, several government and law enforcement agencies must quickly be contacted.
The identity theft epidemic
The types of crimes known as identity theft (or identity fraud) involve a person’s personal data being unlawfully obtained, through any method involving fraud or deception, typically for economic gain. Unfortunately, any personal identifying data (banking or credit card information, Social Security numbers, monthly bill statements), can be used against you. If affected, victims may face hours of missed work or school, and even more money spent. There could be long phone calls and in-person visits to dispute charges and purchases and have transactions removed from your credit report. These crimes can also take a toll on your personal and professional reputation.
Identity theft is closely associated with online shopping. Research shows that for the 2015 holiday season, revenue topped $83 billion, 11 percent more than 2014. In 2014 alone, the FTC reported that identity theft was the top consumer complaint, for the 15th consecutive year. Since 1997, the Consumer Sentinel Network (CSN), a secure online database available only to law enforcement, has gathered identity theft reports. In 2015, the CSN, received 480,000 identity theft complaints, 16 percent of total cases. For those filing complaints, 37 percent reported contacting law enforcement; 89 percent of these people said that a report was taken.
Florida was the state with the highest per capita rate of reported identity theft complaints; Washington was second and Oregon was third. Identity theft is also the number one complaint among military consumers. But identity theft crimes can be much more dangerous, as hackers can basically steal and take over someone’s entire life, ruining their whole financial situation and committing crimes in their name. This could affect any purchases that you may have been planning, such as a vehicle or a home.
Medical identity theft represents a huge segment of identity theft crimes, costing the nation at least $80 billion annually. The FTC defines this as:”A thief may use your name or health insurance numbers to see a doctor, get prescription drugs, file claims with your insurance provider, or get other care. If the thief’s health information is mixed with yours, your treatment, insurance and payment records, and credit report may be affected.” Research shows that in 2014, these crimes impacted 2.3 million Americans; 22 percent more than 2013. About 65 percent of those affected spend an average of $13,500 and 200 hours to try to fix these issues. Only 10 percent reported that their cases reached a “completely satisfactory conclusion of the incident.” As a result, about 20 percent of victims experienced a decrease in their credit score, while about one-third lost their health insurance.
The problem with medical identity theft cases is that a great deal of personal information can be stolen at one time. For instance, the Feb. 4, 2015, hacking on Anthem Inc. and all of its corporate partners, considered the largest healthcare data breaches in history, resulted in more than 37.5 million (later increased to 78.8 million) patient records being taken. This included: names, birth dates, medical IDs, SS numbers, addresses and employment information.
Compared to financial identity theft and fraud, medical identity theft is considered more complex and difficult to control. Criminals can obtain 20-50 times more identities, making their value up to50 times greater than a Social Security number alone. These identities can be used for longer periods, and unlike credit card-related crimes, victims are rarely notified about suspicious activity. Typically, victims learn of these acts more than three months after; 30 percent had no idea when the crime may have occurred. Of those who did notice, about 50 percent didn’t know who to contact.
The switch to electronic health records is also helping to make patient information easier to steal. Among the findings of a Medical Identity Fraud Alliance (MIFA) study, 68 percent of those polled said they weren’t confident that their healthcare providers’ security measures would keep their medical records secure. And, 50 percent stated that they would change providers if they were not confident in these security practices.
Another target for identity theft is that of children. Cyber thieves will take anyone’s information, no matter how young, as long as they have a Social Security number. In most cases, the only way to know if a child’s information has been stolen is after a crime has occurred. For instance, you may receive bills for products or services that weren’t delivered. The IRS could contact you, as well. Your child’s benefits could be stopped, or you might notice strange activity on your child’s credit report. Their healthcare may also suffer, as medical records can be affected. Generally, children affected may not be aware until they’re older, when they try to use their make a purchase, take out a credit card or enroll in college. Their damaged credit can affect them for years.
How to prevent identify theft
Identity theft is a crime requiring little experience, as only a little personal information is needed to gain access. Cyber security experts caution that total prevention may be difficult, making rapid detection your best weapon. Fortunately, there are practices to take to better reduce identity theft risks. This includes regularly checking your business and personal accounts and your credit score and reports (free or otherwise) for errors. Signing up for a credit monitoring service is an easy identify theft protection solution. You should note any sudden changes in your credit scores, as this may indicate identity theft. Contacting any creditors and credit bureaus is advised, as is freezing your credit report; this can prevent fake accounts from being opened in your name.
For your Social Security number, try not to carry it in your wallet or purse; instead, keep it and any other related documents in a safe place. Also, try not to share your card (and any other personal information), unless absolutely necessary. When online, ensure that your personal financial information is safe; you may want to change your passwords, as well.
Identity theft costs consumers and businesses billions of dollars each year. As such, multiple government and law enforcement agencies, local, national and international, are tasked with fighting these crimes. However, they can only help if problems are quickly reported. The Department of Justice (DOJ) prosecutes cases under various federal statutes. The Identity Theft and Assumption Deterrence Act, established in fall of 1998, actually made identity theft a recognizable crime. Typically, it carries a maximum 15-year prison term, a fine and criminal forfeiture of any personal property used or intended to be used to commit the offense. The DOJ’s federal prosecutors work with other federal investigative agencies, including the Federal Bureau of Investigation, the United States Secret Service and the United States Postal Inspection Service.
The IRS has also made great strides against identity theft. The IRS Criminal Investigation (CI), established in 1919, is the leading agency dedicated to identity theft (and all tax and financial crimes). Since 2012, the Identity Theft Clearinghouse (ITC) has targeted and referred 10,750 identity theft schemes to CI Field Offices for investigation. As a result, more than $11.4 billion in claims have been refunded. In 2015 alone, 790 people were sentenced, an 84.6 percent incarceration rate.
The IRS’ Taxes. Security. Together campaign, a joint effort between the agency, individual states and the private sector tax industry, educates taxpayers about protecting their financial tax data on the internet and devices. There’s also an expanded series of important new protections provided by the IRS, states and the tax industry for the 2016 filing season. One procedures involves reviewing computers’ IP addresses to check if multiple online returns are being filed. Another monitors the time taken to complete electronic income tax returns, as fraudulent returns are usually completed faster than legitimate returns. In addition, income tax preparation software companies must use enhanced validation protocols, including security questions.
The IRS advises taxpayers to file their taxes as soon as possible and pay any amounts on time. If worried about online forms, you can mail in paper forms. Be aware that the IRS doesn’t ever contact taxpayers for personal or financial information, whether by email or social media. If you do receive these communications, immediately forward the message to phishing@irs.gov. As for phone (or text) scams, including threats or promised refunds, promptly report these to the Treasury Inspector General for Tax Administration, at (800) 366-4484, or IRS Impersonation Scam Reporting. Additional guidance includes:
- File reports and claims –If identity theft is suspected, file a report with the local police. You can also file a complaint with the FTC, or you can call the FTC Identity Theft Hotline, at (877) 438-4338.
- Contact the credit agencies –Check your credit report by contacting one of the three major credit reporting agencies (Equifax, Experian or TransUnion); request a fraud alert on your credit records.
- Close your accounts –If tampering with any credit or financial account is suspected, quickly close it.
- Alert the IRS — Once identity theft occurs, you should call the number provided on the IRS’ fraud notice. You’ll also have to complete IRS Form 14039, Identity Theft Affidavit; it can be completed online, mailed or faxed. If the IRS fails to provide a resolution, call the Identity Protection Specialized Unit, at (800) 908-4490.
For child identity theft, the National Consumer Law Center recommends freezing their credit files, as soon as a child receives a Social Security number. This prevents NY accounts from being opened, until that individual, or their parent or guardian, applies to have the file “thawed.” While certain federal legislation is being considered, 23 states have their own identity theft precautions in place for children 16 years and younger; Connecticut and Illinois allow those up to 18 years. The major credit reporting agencies also have their own policies.
As for medical identity theft, regularly inspect your credit reports to see if any strange, unpaid bills appear. Under law, you’re permitted one free copy of your credit report each year from each of the three main reporting agencies. You may want to spread these out, maybe one report every three months. You should also ask your doctor(s) if you can view your electronic health records for errors, as well as your insurance plan’s explanation-of-benefits statement; these are good ideas if you’ve already been an identity theft victim. If requested, your plan and providers will provide one annual accounting of disclosures, a listing of who received your records and what information was provided.
Additionally, avoid providing too much healthcare-related information; research suggests that about 25 percent of identity theft victims had given identifying information to a friend or family member. You should be wary of medical scams, especially those requesting Social Security numbers or other personal data. If you find out that you’ve been victimized – it can take a long time to notice – you must report it. Among the parties you can notify are: healthcare providers, insurers, federal and state authorities, the local police, state Attorney General’s offices and the Department of Health and Human Services (HHS).