MONEY privacy

Will the New Consumer Privacy Bill Protect You?

person using smartphone in dark
Kohei Hara—Getty Images

A proposed law would beef up your rights when your data is leaked or stolen.

Legislation that would establish new nationwide privacy protections for American consumers was introduced by a group of high-profile Democratic senators on Thursday, including Pat Leahy (Vermont) and Elizabeth Warren (Massachusetts). The Consumer Privacy Protection Act would establish federal standards for notification of consumers when their data is lost or stolen, greatly expand the definition of private information beyond financial data, and allow existing state privacy laws to remain in force. Geolocation data and images would be covered by its data leak disclosure rules, for example.

“Today, data security is not just about protecting our identities and our bank accounts, it is about protecting our privacy. Americans want to know not just that their bank account and credit cards are safe and secure, they want to know that their emails and their private pictures are protected as well,” Sen. Leahy said. “Companies who benefit financially from our personal information should be obligated to take steps to keep it safe, and to notify us when those protections have failed.”

Consumer groups cheered the proposal, saying it offered a fresh approach to consumer privacy.

“This is a step forward. This is the first time you get something new in federal legislation. Usually it scales back (protections) in state law,” said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. “It’s good to see some new thinking on the issue, something that actually adds new protections for a lot of people.”

“Everyone from the NSA to the local grocer has become a consumer of our data. So many pieces of our data are being collected, stored, shared and sold, either without our knowledge or ability to understand the process,” said Adam Levin, privacy expert and chairman and founder of Credit.com. “It is long overdue that we expand the definition of ‘personally identifying information’ as well as the protections necessary to safeguard our privacy and data security and require quick notification when our PII is exposed.”

The legislation would require social media firms or cloud email providers to notify consumers if their accounts are compromised, Brookman said. Currently, most disclosure rules apply only to financial information such as credit card numbers.

The legislation comes on the heels of a similar White House proposal called “The Consumer Privacy Bill of Rights Act of 2015,” but goes several steps further than the administration’s proposal, said Susan Grant of the Consumer Federation of America. The White House proposal would allow federal law to supersede state laws, potentially diminishing consumer rights. It also requires demonstration of actual harm before requiring notice.

“(We believe) that federal legislation will only be helpful to consumers if it provides them with greater privacy and security protection than they have today. Most of the bills that we have seen in Congress would actually weaken existing consumer rights and the ability of state and federal agencies to enforce them,” Grant said. “(This bill) takes the right approach, requiring reasonable security measures, providing strong consumer protection and enforcement, and only pre-empting state laws to the extent that they provide less stringent protection.”

Most significant: The legislation creates entire new classes of protected information. Private information is divided into seven categories. Compromise of any one of them would require companies to notify consumers. They are:

  1. Social Security numbers and other government-issued identification numbers;
  2. Financial account information, including credit card numbers and bank accounts;
  3. Online usernames and passwords, including email addresses and passwords;
  4. Unique biometric data, including fingerprints;
  5. Information about a person’s physical and mental health;
  6. Information about a person’s geolocation;
  7. Access to private digital photographs and videos.

Leahy has repeatedly proposed legislation since 2005 that would establish a nationwide notification standard called the Personal Data Privacy and Security Act; it has not passed. While co-sponsors of this new bill include Al Franken (Minn.), Richard Blumenthal (Conn.), Ron Wyden (Ore.) and Edward J. Markey (Mass.), there are, notably, no Republican co-sponsors. That probably dooms the bill, says Brookman.

“They didn’t get a GOP co-sponsor, and that’s not a great sign. Still, having the bill out there is good for dialog on the issue,” he said.

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

Woman Allegedly Lived Under 74 Aliases, Targeted Hollywood

The Hollywood Sign, Los Angeles, California
David Leventi—Gallery Stock

A suspect in California is accused of stealing multiple identities.

Living a double life seems like it would be challenging enough, but that’s child’s play compared to what one California identity theft suspect is believed to have accomplished. Cathryn Parker, 72, was arrested in March when she was stopped for a traffic violation and gave a law enforcement officer a fake name. Turns out, Parker is under investigation for stealing multiple identities and living under at least 74 aliases, according to the Associated Press.

Parker is accused of stealing seven identities, most of whom are Hollywood film production staffers. Investigators discovered that Parker’s home and utilities services were registered under false names, and Parker had also opened fraudulent credit card accounts with victims’ information. Investigators say she is suspected of committing crimes dating back to 2010.

As of April 17, Parker was in federal custody in Northern California, where she was wanted for violating probation, the AP reported. She had been convicted of mail fraud in 2000.

While Parker’s high number of identities is uncommon, her alleged crime is not. Identity theft affects millions of Americans each year. Victims of identity theft often suffer damage to their credit standings and finances, and the longer it goes undetected, the more costly and time-consuming the recovery can become.

Preventing identity theft is a huge part of this problem — it’s practically impossible to do. Even consumers who take the best preventative measures, like never storing sensitive data online and rarely sharing personally identifiable information, may still have their data stolen in a cyberattack on a company that rightfully has that information (for example, the Anthem data breach).

Credit monitoring can be extremely helpful in stopping a situation like a thief opening a fraudulent credit card account in your name. You can get your credit report summary for free, updated every month on Credit.com, to watch for changes that you didn’t authorize. In addition to that, the most effective form of protection is monitoring your identity from as many angles as possible, including public records and information on the Internet. Whether you do it yourself or pay for an identity theft protection service, the most important thing is to act quickly when you notice something is wrong, in order to prevent extensive damage to your credit and financial well-being.

More from Credit.com

This article originally appeared on Credit.com.

MONEY the photo bank

Some Women Will Get Naked Before They Expose the Contents of Their Handbags

Photographer Jeremy Goldberg is on a quest to uncover the mysteries contained in the handbags of women around the globe.

Let me see your handbag, Jeremy Goldberg said to fashion icon Iman. He made her dump all its contents on a table. Then he instructed her to stand against the wall, and he shot her and all of the items she’d been carrying.

The resulting images are part of the Los Angeles–based photographer’s Purseonal project. For four years, Goldberg has been asking women around the globe—famous personalities like actresses Emmanuelle Chriqui and Stephanie March and Facebook Vice President Carolyn Everson, as well as district attorneys, students, and commuters—if he can rummage through their purses and wallets and photograph the mysteries contained therein. He then pairs mugshot-style portraits of each woman with her purse(onal) cargo. To date, Goldberg has photographed more than 300 women in New York, Los Angeles, Sydney, London, Tokyo, Seoul, Malaysia, and Singapore; he recently exhibited some of the results at Tokyo Photo 2014.

Goldberg is drawn to learn more about his subjects by exposing what they carry when they think nobody is looking. “Women’s purses are generally off limits,” he explains. “Even a husband would never dump out his wife’s purse and go through the items, but that’s exactly what I’ve been doing.”

Goldberg generally shoots fashion and portraiture—actors, musicians, company executives, etc.—for publications ranging from Adweek to Gotham and advertising clients including Oxfam and Sony. He points out that magazines often include a “what’s in your bag” or “what’s on your desk” feature, but they’re not real. Readers hoping to gain insight into the personal lives of celebs instead see photos that are typically staged with products the celebrities endorse. “I didn’t want to see Zooey Deschanel’s perfect lip glosses, but the hair tie used to hold her credit cards together,” he explains. “I didn’t want to see a model’s perfect life, but her juvenile court summons….I’m much more interested in seeing someone’s unpaid parking tickets, Starbucks receipts, etc.”

Purses have long been symbols of status or style. For Samantha in Sex in the City, the trendy Birkin was a must-have bag because of its popularity among the glitterati; Meryl Streep, in her role as fashion editor Miranda Priestly in The Devil Wears Prada, used her lineup of purses to reinforce her power and intimidate her subordinates. World leaders like Margaret Thatcher, Michelle Obama, or Queen Elizabeth II have used a well-selected bag to put citizens at ease with a feeling of normalcy or set a “get-down-to-business” tone. Last fall, “Scandal” star Kerry Washington accessorized with a purple Prada clutch she designed to raise awareness about “domestic violence and financial abuse.”

So if the outside of a purse can communicate so much about its owner, what can the insides reveal? In Goldberg’s words:

The outside represents how people want to be seen, but the inside represents who they really are—most people never expect anyone to see inside their purse, so there’s no artifice. But it’s open to interpretation. What does it say when someone carries a huge purse but it’s almost empty? What does it say when they carry an asthma inhaler, almonds and a pack of cigarettes? What does it say when their purse and their face is perfect, but the inside of their purse looks like a crime scene? There are so many unusual little items. One person had a note reminder not to kill themselves but just to buy needles—turned out it was about knitting needles for an arts and crafts project.

Goldberg includes everything within his subjects’ bags in his photos, but artfully arranges the contents to “hide or highlight” various items, balancing a respect for personal privacy with his own curiosity and desire for unvarnished truth. Identification cards or prescription information, for example, are judiciously covered in a way that does not expose drug names or account numbers. Viewers are invited to pore over the details and construct their own narratives from the objects presented.

Though the actual shoot with his digital cameras lasts a speedy 5 to 10 minutes (the majority of which are devoted to arranging the contents) and have the look of quick snapshots, it has taken Goldberg a long time to work out the tools and aesthetic for the images. He collaborated with German designer Thomas Schostok to create a presentation that combines the portrait and still life with salient details about the subjects—name, city of birth, occupation, location, date of portrait, and type of purse. The images and information are digitally collaged onto a dirty and distressed index card that could have been pulled from the bottom of the bags he photographs.

As for getting permission from his subjects, Goldberg says most people will quickly consent to posing for the portrait but hesitate when they realize they have to dump out their purse. “There’s a moment of panic,” he says. “I see them mentally cataloguing how embarrassing the contents of their purse may be before they agree.”

Given the intimate relationship women have with the things they carry, strong reactions aren’t surprising. Says Goldberg, “One woman said it was a bit of a thrill for her, as her husband got to see her naked, but even he wouldn’t go through her purse.”

This is part of The Photo Bank, a recurring feature on Money.com dedicated to conceptual photography on financial issues. Submissions are welcome and should be sent to Sarina Finkelstein, Online Photo Editor for Money.com at sarina.finkelstein@timeinc.com.

MONEY identity theft

Why We Need to Kill the Social Security Number

Social Security card with no number
Getty Images

SSNs were never designed to be a secure key to all of our personal data.

While tax season is still producing eye twitches around the nation, it’s time to face the music about tax-related identity theft. Experts project the 2014 tax year will be a bad one. The Anthem breach alone exposed 80 million Social Security numbers, and then was quickly followed by the Premera breach that exposed yet another 11 million Americans’ SSNs. The question now: Why are we still using Social Security numbers to identify taxpayers?

From April 2011 through the fourth quarter of 2014, the IRS stopped 19 million suspicious tax returns and protected more than $63 billion in fraudulent refunds. Still, $5.8 billion in tax refunds were paid out to fraudsters. That is the equivalent of Chad’s national GDP, and it’s expected to get worse. How much worse? In 2012, the Treasury Inspector General for Tax Administration projected that fraudsters would net $26 billion into 2017.

While e-filing and a lackluster IRS fraud screening process are the openings that thieves exploited, and continue to exploit, the IRS has improved its thief-nabbing game. It now catches a lot more fraud before the fact. This is so much the case that many fraudsters migrated to state taxes this most recent filing season because they stood a better chance of slipping fraudulent returns through undetected. Intuit even had to temporarily shut down e-filing in several states earlier this year for this reason. While the above issues are both real and really difficult to solve, the IRS would have fewer tax fraud problems if it kicked its addiction to Social Security numbers and found a new way for taxpayers to identify themselves.

Naysayers will point to the need for better data practices. Tax-related fraud wouldn’t be a problem either if our data were more secure. Certainly this is true. But given the non-stop parade of mega-breaches, it also seems reasonable to say that ship has sailed. No one’s data is safe.

Identity thieves are so successful when it comes to stealing tax refunds (and all stripe of unclaimed cash and credit) because stolen Social Security numbers are so plentiful. Whether they are purchased on the dark web where the quarry of many a data breach is sold to all-comers or they are phished by clever email scams doesn’t really matter.

In a widely publicized 2009 study, researchers from Carnegie Mellon had an astonishingly high success rate in figuring out the first five digits for Social Security numbers, especially ones assigned after 1988, when they applied an algorithm to names from the Death Master File. (The Social Security Administration changed the way they assigned SSNs in 2011.) In smaller states where patterns were easier to discern the success rate was astonishing — 90% in Vermont. Why? Because SSNs were not designed to be secure identifiers.

That’s right: Social Security numbers were not intended for identification. They were made to track how much money people made to figure out benefit levels. That’s it. Before 1972, the cards issued by the Social Security Administration even said, “For Social Security purposes. Not for Identification.” The numbers only started being used for identification in the 1960s when the first big computers made that doable. They were first used to identify federal employees in 1961, and then a year later the IRS adopted the method. Banks and other institutions followed suit. And the rest is history.

In fact, according to a Javelin Research study last year, 80% of the top 25 banks and 96% of the top credit card issuers provide account access to a person if they give the correct Social Security number.

There are moves to fix related fraud problems elsewhere in the world, in particular India where, in 2010, there was an attempt to get all 1.2 billion of that nation’s citizens to use biometrics as a form of identification. The program was designed to reduce welfare fraud, and according to Marketwatch, 160 similar biometric ID programs have been instituted in other developing nations.

In 2011, President Obama initiated the National Strategy for Trusted Identities in Cyberspace, a program that partnered with private sector players to create an online user authentication system that would become an Internet ID that people could use to perform multiple tasks and aid interactions with the federal and state governments. There may be a solution there — but not yet.

The first Social Security card was designed in 1936 by Frederick Happel. He got $60 for it. It was good enough for what it had to do (and was clear that the card wasn’t a valid form of identification). That is no longer the case. That card is nowhere near good enough. Perhaps one solution is a new card design — one with chip-and-PIN technology. Just how something like that might work — i.e., where readers would be located, who would store the information & support authentication, etc. — would have to be a discussion for another day.

The point is, we need to do something.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More from Credit.com

MONEY identity theft

8 Ways You Didn’t Know Hackers Could Steal Your Identity

hand reaching out of laptop screen
Getty Images

Who knew?

There are a surprising number of ways that criminals can use your personal information to commit fraud. Here are some of the weirdest:

1) They can steal your frequent flyer miles.

Whenever your credentials are valuable, thieves want them—even your frequent flyer credentials. In December, some 10,000 American Airlines and United accounts were hacked, and in at least two cases, cybercriminals actually booked free flights and upgrades using stolen perks, the Associated Press reported. The hackers had somehow gotten access to victims’ login credentials. Happily, folks got their miles back, but this is just one good reason to change your passwords regularly and monitor your accounts.

2) They can steal your health insurance.

In a world of astronomical medical costs, insurance is very valuable. So it’s no surprise that medical identity theft is on the rise. How it works: Identity thieves obtain medical services using your benefits, saddling you with their health records. It can take a lot of time and money to set things straight. You might not notice a problem until you get an Explanation of Benefits statement for services you didn’t receive, so it’s a good idea to actually read your insurance paperwork.

3) They can commit crimes in your name.

Here’s a worst-case scenario: You get pulled over as part of a routine traffic stop, and you learn that there’s a warrant out for your arrest for a crime you didn’t commit. It can happen, if someone commits a crime and gives your name to the cops. Of course it’s rare—but here’s what the Privacy Rights Clearinghouse says you should do if it happens to you.

4) They can hack your company’s chat system.

Has your boss told you to download HipChat or Slack for interoffice correspondence? Both have been hacked in the past two months. In February, HipChat reported that hackers made off with “names, usernames, email addresses, and encrypted passwords for a very small percentage (<2%) of our users.” Similarly, Slack recently discovered that hackers broke into a database that stores usernames, email addresses, phone numbers, and Skype IDs for Slack users, and the messaging service notified a small group of people of other “suspicious activity.” All you can do? Change your passwords frequently and set up two-factor authentication if available.

5) They can take over your social media accounts and impersonate you.

You’ve probably received a message from a friend that goes something like this: “I’m on vacation abroad, I lost my wallet, and now I can’t get home. Will you wire me some money right away?” That’s a scam called “social engineering.” Identity thieves will hack your account, send messages to your friends, and try to ride on your reputation to trick people into sending you money. These scammers commonly use email and sometimes Facebook. To protect yourself, hone your BS radar—would your second cousin really ask you to wire money to Amsterdam without calling first?

6) They can steal your tax refund.

You need to file your taxes by April 15, but the IRS won’t check your return against your employer’s until July. That gives fraudsters a critical time window. With your Social Security number and name, an identity thief can file a fake tax return and collect the refund. You won’t notice until your real return is rejected. Prevent this theft by filing early and trying these other tricks.

7) They can hold all of your computer files for ransom.

In perhaps the scariest online scam of our age, cybercriminals will use a “ransomware” virus to encrypt all of your computer files, then refuse to decrypt the files until you wire them thousands of dollars. (Yes, this happened on “The Good Wife.”) The worst part? Right now, there’s little you can do except pay, writes Alina Simone in the New York Times. Instead, prevention is key: Keep your security up to date, back up your files, and beware of suspicious links and attachments in emails.

8) They can open credit card accounts in your name.

When most people talk about identity theft, this is what they’re really afraid of—not that someone will steal their credit card number, or their banking login, or the password to their email—but that someone will steal their Social Security number and start opening new accounts all over the place. If that happens, criminals can run up debt in your name, and you might not notice until your credit score tanks. So guard your Social Security number and check your free credit report three times a year for accounts you don’t recognize.

TIME Innovation

Five Best Ideas of the Day: April 3

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

1. With sanctions lifted, is Iran on its way to becoming a Shiite counterweight to Saudi Arabia?

By Bobby Ghosh in Quartz

2. The al-Shabab attack on a college in Kenya is part of a dangerous terrorist trend of targeting schools in Africa.

By David A. Graham in the Atlantic

3. Finally, big data we can use: Precision traffic modeling lets cities program stoplights to reduce delays and carbon emissions.

By David L. Chandler in MIT News

4. You are the first line of defense against identity theft, and you’re doing a terrible job.

By Stewart Rogers in Venture Beat

5. Coding the next generation of mobile apps means planning for self-driving cars and much more.

By Peter Wayner in InfoWorld

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

MONEY identity theft

The Surprising Kind of Identity Theft You Probably Haven’t Heard Of

hand scrolling over medical records in dramatic lighting
David Whitney—Getty Images

Medical identity theft is a scary scam, but you can avoid it or minimize its damage.

You surely know about the dangers of identity theft, where someone who has obtained some of your personal information, such as your Social Security number, uses that to get money (often yours) or credit. It can cause massive headaches, at the very least. There’s not just a single kind of identity theft, though. There’s one kind in particular that has been happening more often lately. You probably don’t know about it and you definitely should. It’s medical identity theft.

The Federal Trade Commission has warned consumers about this growing danger, explaining medical identity theft thusly: “A thief may use your name or health insurance numbers to see a doctor, get prescription drugs, file claims with your insurance provider, or get other care. If the thief’s health information is mixed with yours, your treatment, insurance and payment records, and credit report may be affected.”

A growing problem

Here’s how much of a growing problem medical identity theft is: There’s a Medical Identity Fraud Alliance, or MIFA. And it has studied the matter, estimating that 2.3 million Americans were victimized by it in 2014, up almost 22% over 2013. That’s a lot of people — and a fast growth rate. Worse, along with the Ponemon Institute, MIFA has surveyed Americans, finding that among victims of medical identity theft, 65%, about two-thirds, ended up spending an average of $13,500 to straighten matters out. Victims also lost a lot of time — an average of about 200 hours spent trying to resolve their cases. Can it get any worse than that? Yup, it can: the folks at MIFA found that only 10% of those surveyed reached a “completely satisfactory conclusion of the incident.” And while about a fifth of victims suffered a decrease in their credit score, almost a third lost their health insurance.

Part of the problem likely stems from cyberattacks and security breaches at major corporations, when thousands or millions of people’s data is stolen in one fell swoop. That happened recently at America’s second-largest health insurer, Anthem, for example, and even more recently at Premera Blue Cross, based in Washington State. Premera Blue Cross’ breach is believed to affect 11 million members, and a Reuters report has explained that “the attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other personal data in an attack that began in May 2014 and was uncovered on Jan. 29 of this year.” See some potential problems? Right. (Anthem believes that medical information was not stolen in its breach that affected close to 80 million people.)

What to do

Fortunately, if you’re now quivering in fear, worrying about being victimized, know that you’re not completely powerless. There are some steps you can take to reduce your chances of falling prey:

  • Check your credit reports regularly for any strange unpaid bills that an identity thief might have generated. You’re entitled to one free copy of your credit report each year from each of the three main reporting bureaus, and you can access those at AnnualCreditReport.com. To be strategic about it, you might space out your three annual copies, requesting one every four months, so that you’re getting information more regularly than once a year.
  • It also helps to know your Health Insurance Portability and Accountability Act rights and to ask your healthcare providers if you can see your electronic health records, to check for errors — especially if you know or suspect that you’ve been victimized. Read your explanation-of-benefits statements from providers, too, to check for any fraudulent charges. Know that you can ask health plans and medical providers for an “accounting of disclosures,” too, which is a listing of who has received your records and what information they received. You should, by law, be able to get one copy per year from each provider.
  • Don’t give out your personal information to friends or family members so that they can access some medical care. The data from MIFA shows that about a quarter of victims had given identifying information to a friend or family member.
  • Be on the lookout for scams, such as if someone claims to work for a healthcare company and offers you some services for free or for a too-good-to-be-true price, requiring your Social Security number or other personal data.

If you find that you’ve been victimized — and it can take several months for someone to notice, perhaps after receiving an unexpected bill or a collections notice — report it. Many people don’t report medical identity theft. Reasons include being embarrassed (such as if they gave their information to a trusted person) or not knowing where to report it. You can report problems to your health care provider, your insurer, and federal and state authorities. You can also contact your local police department, your state Attorney General’s office, and the Department of Health and Human Services.

Medical identity theft is a scary scam, but by taking certain steps, you may be able to either avoid it or minimize its damage, should it happen to you.

Related Links

MONEY identity theft

Target to Pay $10 Million Settlement in Data Breach Lawsuit

Target has agreed to pay $10 million in a proposed settlement to the customers who lost money in that 2013 hack.

MONEY identity theft

Meet the New Grave Robbers

grave with wooden cross for marker
Gregg Segal—Gallery Stock

They are not what you'd expect...

Take your driver’s license out of your wallet. Flip it over. Now look carefully at the back of it. There’s no box to check for “Identity Donor.” Yet when it comes to identity-related crimes, one of the greatest times of vulnerability is immediately after you die.

You can do everything right. You can use long and strong passwords and account-unique user names. You can check your financial accounts and monitor your credit on a regular basis, you can set up transaction alerts on your credit cards — even order a credit freeze — and then you die. Well, not entirely…

Include Identity in Your Estate Planning

A good identity thief can undo all your fraud precautions with a few phone calls. Most people don’t think about this, because it’s a wee bit late to refinance the family homestead — much less worry about interest rates — when you’re dead. Regardless, the recently deceased continue to exist on paper, and this may be the case for some time. Meanwhile, many bankable facts — key among them your Social Security number and personally identifiable information — are just sort of there in the form of “zombie” purchasing power. An identity thief can use that purchasing power to drain your bank accounts, open new credit in your name and perpetrate all sorts of fraud that can impact your family and heirs.

Think of your post-mortem identity as a would-be extra on “The Shopping Dead.” Now that you have that image in your head, take the time to arrange for the deactivation of your identity by making it part of your estate planning. This will mostly take the form of a to-do list for whomever will be handling your affairs, since nothing can be done till…well, you know, after the fact. There are many good resources, including this list from the Identity Theft Resource Center.

There are many different scams out there, ranging from the misappropriation of Social Security payments to the more old-fashioned practice of ghosting, whereby a person of approximately the same age assumes the identity of the deceased. In keeping with the proliferation of possible crimes, there are plenty of criminals out there who make a living in this post-mortem niche. They scan death notices in the local paper, read obituaries, even attend funerals, and, make no mistake about it, they can get a lot of shopping done with your available credit before the three credit reporting agencies and your current and future potential creditors are notified of your demise. Those same bad guys may also use your Social Security number to grab a big fat tax refund (if you’re lucky enough to pass away during tax filing season).

How will they get the information needed to commit fraud? Sometimes the perpetrator is a family member, so they already have access. But more often, family members are distracted and distraught. There are visitors who come and go, unchecked, and of course the numerous demands of making final arrangements and dealing with matters of the estate. If there was a long illness, unsupervised healthcare workers may have had the run of the deceased’s domicile — including the owner’s most sensitive information. Maybe the wake was at the deceased’s home, or people sat shiva there. The opportunities for fraud abound. Funerals, of course, provide a thief with a precise time to get what he or she wants. But instead of grabbing the television or the silver (too easy to miss), an envelope containing a financial statement or a copy of last year’s tax return might go walkabout. From there, it’s a race to apply for as much credit and buy as many pricy things for resale as possible before the money spigot coughs credit dust.

The Bigger Picture

Government agencies are famously slow to get the news of a person’s undoing.

A recent audit of the Social Security Administration conducted by the Office of the Inspector General found approximately 6.5 million Social Security numbers belonging to people aged 112 or older whose death information wasn’t in the system. Of those numberholders, only 13 people were still receiving payments, the rest consisted of “numberholders who exceeded maximum reasonable life expectancies and were likely deceased.” The fact that their deaths were not recorded in Numident (the SSA’s numerical identification system), and thus are also missing on the Master Death List, leaves plenty of runway for misconduct. According to the audit report, the “SSA received 4,024 E-Verify inquiries using the SSNs of 3,873 numberholders born before June 16, 1901.”

On the off chance you missed the memo while diving for sunken treasure at the bottom of Loon Lake: Identity theft is now the third certainty in life, right behind death and taxes. When a loved one passes, there is a trifecta, which is why it’s trebly important to protect against the threat of a different kind of life everlasting.

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

These Are the Only Data Breaches You Really Need to Worry About

social security card breaking up into bits and floating away
Yasu+Junko—Prop Styling by Shane Klein

Every day seems to bring news of another hack that compromises your personal data. While you can't afford to get complacent, you don't need to panic about every leak. Here's how to know when to worry and what action to take.

At this point, you can bet a hacker has made off with some of your personal information. The number of data breaches hit an all-time high in 2014, according to the Identity Theft Resource Center. An estimated 86 million records—including credit card and debit card numbers—were compromised, with Kmart, Home Depot, and Staples among the companies that saw the greatest data spillage.

Perhaps the worst scare yet, however, came in early 2015, when health insurer Anthem reported that hackers accessed its customers’ Social Security numbers—pure gold to an ID thief. “This one is a nightmare,” says Ed Mierzwinski of advocacy group U.S. PIRG.

But you may be too weary to heed the wake-up call. Almost a third of Americans who receive breach notifications ignore them, privacy research group Ponemon Institute has found. While you can’t panic over every breach, you also can’t afford to get complacent. How much to worry and what action to take depend on what data you learn have been compromised.

YOUR SOCIAL SECURITY NUMBER

How much to worry: A lot. A fraudster could apply for credit in your name, and you could spend years repairing your records, says Paul Stephens of the Privacy Rights Clearinghouse.

What to do: Check your credit reports ASAP for unusual activity. You’re entitled to one free copy per year from each of the credit bureaus (Equifax, Experian, TransUnion) via AnnualCreditReport.com. At minimum place a free 90-day fraud alert with one of the bureaus, which will inform the other two. This alert tells lenders to confirm your identity before extending credit.

A better move: Freeze your credit, preventing anyone from getting loans in your name. On the downside, you’ll pay up to $10 per credit bureau to place a freeze and up to $12 per bureau to lift it when you apply for new credit. A hassle, yes, and costly. “But for someone worried about ID theft, it’s the best $30 you can spend,” Stephens says.

A PASSWORD

How much to worry: Depends on what kind of site was hacked and whether you reuse passwords (61% of people do, identity protection firm CSID found).

What to do: Ideally, you’d change your password on the breached site and all others on which you used the same code. But if the idea of that much work leaves you paralyzed, the least you need to do is change codes for the most critical accounts (like email and financial sites), says Joseph Bonneau, technology fellow at the Electronic Frontier Foundation. And where it’s an option, set up two-factor authentication, which requires you to input an additional piece of information to log in. That will make it harder for hackers to break into your account next time a password is compromised.

YOUR CREDIT CARD NUMBER

How much to worry: Very little. When criminals steal just a credit card number, you’re not liable for any fraudulent charges, notes Chi Chi Wu of the National Consumer Law Center. With a debit number, you’re not liable for unauthorized charges you report within 60 days of getting your statement, and often banks will make you whole even if you don’t report until later. (The laws are different when a card itself is stolen, but, again, many issuers have zero-liability policies.)

What to do: Simply read your statements carefully, says U.S. PIRG’s Mierzwinski. Call the issuer if you see charges you don’t recognize, he says, “though usually your bank calls you first.” Don’t assume credit monitoring—which many breached businesses offer to customers for free—will do the job for you, Wu says. The services only tell you when a lender checks your credit, not when charges are run up on an existing account.

OTHER PERSONAL INFORMATION

How much to worry: Very little. Criminals can’t commit ID theft with just your name, birth date, or email—though they may try to “phish” for more info by posing as legitimate businesses.

What to do: Stay vigilant. Avoid clicking on links in emails. And when a financial institution calls, hang up and call back. Better to seem rude than get rooked.

 

Your browser is out of date. Please update your browser at http://update.microsoft.com