There are a multitude of benefits to living in the information era and having such a robust digital economy. Alas, there are some pitfalls as well, with cybersecurity breaches being the major drawback. Major institutions have seen breach after breach, offering all sorts of apologies and rewards to affected customers all while trying to build up their cybersecurity infrastructure.
This latest breach might be one of the largest yet: a hack into Equifax systems has created insurmountable risk for as many as 143 million affected US citizens. UK and Canadian citizens were affected as well, but we don’t know how many.
Breaches like this put the ball in the individual’s court, asking questions like, “How do I know if I was hacked?” or “How do I cleanup this mess of stolen information?” There’s not too much concrete information on this out there, and therefore, navigating the waters of stolen digital data — possibly even your identity — are murky. But don’t worry, we’ll help you start to navigate this journey.
How do I know if I’ve been hacked?
Identifying if you’ve been hacked and what the scale of the hack was is your first step. Some breaches might have little consequence for you, whereas larger scale hacks, such as the Equifax situation, could pose extreme consequences to you.
So, yes — identifying the scale of said breach is your first step. Check media outlets for information — it’ll give you an idea of what you’re looking at. If it’s something like the Home Depot hack in late 2014 where perpetrators got a hold on customer credit and debit cards, it’s as simple as making a trip to your financial institution and getting a new card by reporting the old as stolen. The best way to identify this is to, yes, check media outlets for information, but also keep an eye on account balances, statements and transaction records for any fraudulent activity.
For something more drastic — like the Equifax breach — it takes a little more legwork. You still need to keep an eye on media outlets for updates as well as monitoring records from your financial institution(s). However, you need to take this a step further and keep an eye on credit reports for fraudulent activity. In the US, by federal law, you get one free credit report per year for each of the three credit monitoring institutions (3 reports in total). You can access those reports at www.annualcreditreport.com (use one every four months).
How do I know if my PC has been hacked?
It’s extremely difficult to tell if a computer has been hacked or if information has been stolen off it. Some telltale signs are if new programs have been installed on your computer — programs that carry things like trojans and backdoor access — computer doing things by itself (i.e. the mouse is moving by itself, words are being type by itself; could be indicative of someone else having control), security programs uninstalled, etc.
It’s worth noting that most computer problems aren’t caused by a hacker. The most common reason is because of a virus (which a hacker can use to steal information or take control), which are easily dealt with through built-in shields and security programs.
What do I do after being hacked or having information stolen?
If you find out, from your credit report (or from some other method, such as a company notifying you by mail), that you’ve been affected, you need to spring into action as soon as possible. I’ve listed below the steps that identity theft victims need to take. It’s a little less drastic if you only had a credit card stolen, as you’d only need to contact your credit card issuer to fix the problem (usually you don’t need to file a police report for things like that). However, all the information that you might need to know is below.
First, freeze your credit and/or file a Fraud Alert. You can often do this online for TransUnion, Equifax and Experian, but it might cost you money. The initial 90-day alert is free, but afterwards, you might incur a few small fees. However, that’s not always the case, as most victims of identity theft are extended these services for no charge. This Fraud Alert tells credit companies to take extra steps to properly identify the individual (i.e. making sure it’s indeed you) before offering a line of credit.
Once you put a Fraud Alert on your credit reports, you are entitled to a free credit report from each of the credit reporting agencies. Look over these reports with a fine-toothed comb. You’ll want to make sure there is no fraudulent activity whatsoever. And if there is, there’s usual a dispute button that allows you to start the dispute process. Often when you dispute something, this has to be proved in writing with proper documentation for it to fall off your credit report.
I would also highly recommend placing a security freeze on your credit reports. A freeze will, going forward, prevent anyone from accessing your credit reports. That said, when credit is applied for, that application will be denied since the credit report cannot be accessed. After a freeze is placed, you can remove the freeze when you feel that things are in the clear. Freeze your credit at all three credit reporting bureaus — Experian, Equifax and TransUnion.
You’ll need to contact any institution that you think might’ve been affected as part of not only identity theft, but stolen cards and account numbers. If your credit card was compromised, contact your credit card issuer. If your bank account number was stolen, contact your bank. If a loan was opened in your name, contact the loan issuer as soon as possible and so on.
In addition, if you start receiving debt collection letters, you need to send a letter to the debt collection agency within 30 days of receiving it. Of course, sending a letter can be a daunting task, as you might not know what to say. The Federal Trade Commission has a sample letter that you can use to send to institutions. You’ll, of course, need to customize the letter with your information, but the necessary information that debt collectors need to know is all there.
Get in touch with the Federal Trade Commission
You should also get in touch with the Federal Trade Commission as soon as you can. File an Identity Theft Affidavit with them or Identity Theft Report as soon as possible. They’ll help you travel these murky waters until things return to normal. They’ll also provide you with a personal recovery plan.
You also need to file a police report. Filing the Identity Theft Affidavit and police report combine to create your official Identity Theft Report. Sometimes you can do this over the phone, but the best way is to head down to your local police department and file one in-person with an officer.
Now, if you think your Social Security number has been stolen and is being misused, you should apply for a new or replacement Social Security card depending on the circumstances. If someone got their hands on this number, they can very easily use it to apply for loans, student loans and general lines of credit with ease.
File your taxes early
Filing your taxes as soon as you have all the information needed is an excellent idea, too. If someone has your Social Security number, someone can use it to snatch a refund from you or obtain a job, committing tax identity theft. You should file your taxes as early as possible to prevent some of this. But, if you believe you have been affected, you should notify the IRS right away with Form 14039. Be sure to answer any IRS letters as soon as possible.
What are the scopes of these hacks?
There’s no “true” way to know the scope of these breaches. There’s not really a way to “prove” that someone stole your Social Security number if someone out there has it, but isn’t doing anything with it. So it’s hard to know the actual factual scope of these breaches.
If you know there was a security breach and know that it affected you, just keep an extra cautious eye on credit reports and financial records. That’s the best you can do. And if a institution, such as Equifax, says they believe your Social Security number was stolen, believe them and stay cautious.
How can I prevent this in the future?
Contrary to many, identity theft can’t always be stopped. Just like any other crime, it’s something that you have to deal with at times. Obviously the best way to keeping yourself from being a victim of identity theft is keeping your personal information under a lock and key. You don’t want your Social Security number getting out too easily, nor your bank account numbers.
I would recommend that folks not rush to sign-up for services like identity protection, as it’s just a waste of money for something that isn’t helpful at all. The problem with many of these “services” is that they’re reactionary. They alert you once something has already happened, making them not actual “protection.” Instead, I would implement appropriate practices for keeping your information safe:
- Keep your Social Security information and checks somewhere inconspicuous, such as a safe deposit box at home somewhere.
- Never write down your Social Security number, bank account number(s) or card numbers on paper. These can be easily lost and even stolen.
- Be wary of websites that you enter your information in. Some websites appear safe, but actually aren’t. In fact, some folks create fakes websites that look like a real company. You can usually verify this by making sure the domain name or URL is the actual company URL. This has gotten easier in recent days, as many are implementing SSL certificates (the green lock next to the domain name), giving you not only extra security, but assurance that you’re on an official website.
Unfortunately, sometimes life just happens — an Equifax breach occurs, and despite your best efforts, someone has your Social Security number anyway. In this scenario, you just need to roll with the punches — keep an extra cautious eye out on your credit reports and take action with the above steps if necessary.
Preventing PC hacks
Preventing hackers from getting into your PC is one of the easier things to do. First, you’ll want to make sure you have a solid foolproof backup strategy in play in the event that anything happens to your PC or your have to reset it to factory settings. We show you how to do just that. Next, your best bet is to make sure you have antivirus programs monitoring your computer, staying away from suspicious email attachments and also staying on safe websites and not clicking on websites that appear questionable. We point you in the right direction for that security, too.
Watch your digital trail
Another thing to keep in mind is that the larger a digital trail you have, the more likely it is that you’ll have information stolen. For example, if you’re done using a service, it’s best to close the account — if you can — or at the very least remove payment information. This reduces the chance of your payment methods getting compromised, since the amount of services you’re attached to is less after closing or removing payment information.
It’s also worth regularly doing a Google search on yourself (about once a month) as well. It’s as simple as doing a search with your name in-between quotes, like this: “Brad Ward”. If you have a pretty common name like myself, you may need to add modifiers in the search, such as your city or state. This helps you keep an eye on accounts opened up in your name, such as social media accounts. And when you do this, you can also usually find things that people are posting about you online. With this information, you can close this false accounts and ask for a discussion to be taken down, if necessary.
This basically helps you scrub information off the Internet that you don’t want public.
Identity theft or any pertinent data getting stolen is a depressing situation. But, have hope! It’s not an impossible situation, and there are tons of free resources for getting your credit back into its original shape. You just need to know where all those resources are, and hopefully we’ve helped you find them here.