Website data breaches, defined as “cybersecurity mishaps” in which sensitive information is accessed and retrieved without the consent or authority of the owner, have been much in the news of late. Records maintained at the common consumer sites of Target, Uber, Netflix, and Yahoo were all invaded. Perhaps the most potentially embarrassing attack occurred a few years ago at Ashley Madison, an online dating service marketed to people who are married or in relationships.
But the largest and arguably the worst breach occurred in 2017 at the credit reporting agency Equifax, when the data of more than145 million American consumers was exposed. The Equifax breach occurred because of a flaw in the company’s software that was never patched. Adding more insult to the injury, the public was not told of the debacle for about two months. Adding still more insult, it was later reported that three of Equifax’s top executives curiously sold nearly $2 million in shares in the company days after the cyberattack was discovered.
And even more insult: Initially, Equifax representatives admitted the breach gave access to consumers’ names, Social Security numbers, birthdates, addresses, driver’s license numbers, and credit card numbers. But it was later revealed that tax identity numbers, email addresses, phone numbers, credit card expiration dates, and the issuing states of driver’s licenses were also jeopardized. The last two forms of information—credit card expirations and driver license states—are surprisingly precious, as they reveal the answers to questions companies might ask to ensure a person’s identity before a transaction is authorized.
Said one industry executive shortly after the breach was revealed: “We have a problem now that we don’t know how to fix.”
The damage caused by that breach is still being discovered. But the population of older Americans—here defined as 55 and older—was among the hardest hit. “Older adults always have bulls’ eyes on their backs because they own 70% of the wealth in this country,” explains Shawna Reeves, director of Elder Abuse Prevention at the Institute on Aging. She notes that it its not only wealthy seniors affected by nefarious information snitching.
Theft in Various Forms
Seniors seen as vulnerable or lonely are also particular targets for face-to face scams and unscrupulous marketers purporting to offer free or low-cost merchandise such as cell phones with untold strings attached.
Reeves emphasizes that older people are frequently the aims of other types of shady losses, including those occasioned by:
- Dumpster diving—in which valuable information is retrieved from documents such as bank statements left unshredded in garbage and recycling bins
- Mail, purse or pocket theft
- Credit and debit card theft
- Phishing—in which valuables such as usernames, passwords, credit card details are lifted by thieves disguised as a trustworthy entity in an electronic communication, as well as its more sophisticated cousin, spear phishing—in which the electronic thieves snag their victims with information edited to be unique to their targets
- Pharming—malware that allows outsiders to get access to a computer, or ports users to another site that appears legitimate to get them to enter passwords and other allegedly protected information
- Vishing—getting access to private information over the telephone, and
- Smishing—eliciting private information through email messages.
Preventative Steps to Take
There are a number of precautions that experts encourage consumers to take to ensure their private information stays private.
Be cautious in computer use. Create strong passwords that don’t include personal identifying information such as an address or birthdate, and make them complex by adding capital letters, numbers, and symbols if possible. Also be sure to do something few people do: Update all passwords often—at least every six months.
Another common slip-up: Trumpeting personal information such as birthdates and upcoming vacations on social media sites such as Facebook—an evolving goldmine for thieves.
Also, don’t use public computers, such as those in a library or common living space, to conduct private interactions such as paying bills or seeking medical information, If you do use public computers, be sure to delete your browsing history (usually by hitting control + shift + delete) and to log out of a session when finished.
Keep your Smartphone smart. Use a password or fingerprint-protection to keep others from gaining access. Most newer phones also have a “kill switch” feature in the setting or “find my phone” panels that enable owners to deactivate them if lost.
Store personal information safely. Be fastidious about keeping laptop computers as well as such as passports, tax documents, and Social Security information in safe places, preferably locked or secured.
Use those shredders. Shred potentially sensitive papers, such as receipts, statement and credit offers before discarding them.
Check your mail. Resist the temptation to let the mail pile up. Check it promptly for usual activity such as credit card offers bearing unfamiliar names. And put a hold on it at the Post Office if you intend to be out of town for more than a few days; you can now do that quickly and easily online.
Monitor your credit. Monitor your accounts often, checking for irregularities or charges you don’t recognize.
And request credit reports—detailed listings of your credit history based on spending and buying habits. This information is collected and maintained by three agencies in the United States: Equifax, Experian, and Transunion. Each company is required to supply a free copy of your report once yearly; there is a slight charge for reports requested more frequently. And obtaining these credit reports was recently simplified through a single website. Experts recommend that you stagger report requests from the three companies throughout the year to get the best picture of your credit records.
If Your Credit Is Compromised
If the annoying-to-imagine happens, and your information is compromised in a breach, there are immediate steps to take to at least stem the flow of access and get some help in tracking the culprits.
- Request your credit reports, as explained earlier, and check them scrupulously for unusual activity. Be sure to correct any inaccurate information at once.
- File a report with the Federal Trade Commission, which supplies an online form for this very purpose.
- File a report with your local police department. While the response will vary widely from locale to locale, such reports are needed before other agencies will step in to take action. When filing a police report, you will need to supply a copy of your credit reports, along with a form of identification and proof of your address.
- Contact any companies, such as department stores or online sellers, that were erroneously charged in your name. While other authorities may also do this if you pursue a claim, doing it yourself gives you assurance it will happen quickly.
- Consider placing a temporary credit alert on your accounts, which requires creditors to take extra steps to verify your identity for 90 days, or a credit freeze, which can last for up to seven years if you are the verifiable victim of fraud or identity theft. Contact one of the three credit agencies to take either step.
- Contact the Internal Revenue Service, since many thieves file fake returns in the hopes of collecting money back. The IRS will require you to complete a Form 14039, Identity Theft Affidavit.
- For additional guidance, contact Operation Stop IT!