In light of the recent Equifax breach, in which more than 145 million individuals’ information was compromised from mid-May through July of 2017, many are concerned about what this will mean for our financial future. However, what many are not thinking about is facing criminal charges or our children being responsible for hundreds of thousands of dollars in debt. Yes, that’s right, as a result of identity theft many could find themselves facing criminal charges when they’ve never even committed a crime a day in their life, or a 1-year-old could be already buried in debt.
You might be wondering how that would even be possible. According to Kristina Albright, a market development specialist with Legal Shield who serves the Rutherford County and surrounding Nashville area, all it takes is a thief getting caught doing something illegal and using your identity when arrested. Regarding the debt that children can find themselves in without ever having made a purchase, criminals would gain access to their information through medical or school records being sold on the dark web. A criminal, after stealing a child’s social security number, would use it to make a synthetic identity by merging the number with a different date of birth and other information, making a separate identity, and then using that to take out credit cards and home loans. In fact based on current statistics, children are five times more likely to have their identity stolen than an adult. And what makes this truly frightening is that parents are not checking for identity theft on their children, so it may not pop up until they apply for a loan.
“I saw a report on a child that is 11 years old and they were $150,000 in debt,” Albright states. “And somebody said, ‘Well, they’re not responsible.’ But what you have to realize is that’s associated with their social security number. See, someone has to clean that up whether or not you owe the debt . . . it will affect any loans they might get in the future. People just don’t realize how vulnerable their children truly are.”
Surprisingly, the largest growing sector for identity theft is stolen medical records from doctors’ offices and hospitals. As of right now, medical identity theft accounts for about half of identity theft. Those records are the most valuable on the black market because they have so much information: legal names, date of births, social security numbers, blood type and previous addresses as well as current addresses. Legislation has been passed requiring these offices to implement cyber-security measures, but some laws do not go into effect for a few more years. The same can be said for the school systems, where there have been a lot of breaches in the last two years.
“There is always a lack of money in school systems to even buy band uniforms or for their sport programs, and to upgrade their [security] systems to where they need to be is a massive undertaking,” Albright said. “They have no budget to do that, and yet how important should that be? It should be really important, but then you are looking at education versus protecting everybody’s identity.”
So, where is everyone’s stolen information going? Unfortunately, it is being put on the dark web where it is either traded or sold. This is a black marketplace where information can be sold either separated into a thousand identities or 10,000 identities for a certain amount of money. It really all just depends on what type of information it is and what it’s being used for.
With all of this going on it can leave a person overwhelmed and not sure of where to even begin in trying to counteract this new wave of criminal activity. The general advice being put out there by the Federal Trade Commission, a.k.a. the FTC, is to check and see if you were one of the ones compromised by the Equifax breach, if you haven’t already, by visiting equifaxsecurity2017.com.
Women should also check under their maiden names as well as their married name. In fact, you will need to check under any name you have ever used. To find out if your information was exposed, click on the “Am I Impacted?” tab and enter your last name and the last six digits of your social security number. Make sure that you are on a secure computer and an encrypted network connection when you enter your information. The site will tell you if you’ve been affected by this breach. Through this site, U.S. consumers can also enroll for a year free of credit monitoring, regardless if they’ve been exposed.
Recent statistics from the FTC show that it takes an individual an average of 200 hours to get their identity back once it’s been stolen and used. That’s five weeks of time wasted on fear and phone calls, which is why many employers are now offering identity theft protection as a benefit at their workplace. If your employer does not offer this service you may need to consider purchasing this type of product on your own. However, make sure that the company you use has licensed private investigators that resolve any issues in proving who you are and that the service does more than just monitor. In fact, some services monitor the dark web to see if your information pops up and then can resolve from there—something that the average person should probably not do since it puts a target on their back for criminals. Currently, ID Shield and other businesses are not considering the Equifax breach to be a pre-existing condition. So, as long you don’t know that your information has been used, you can still get coverage even if you are aware that it was compromised.
The FTC is also advising everyone to check their credit report from Equifax, Experian and TransUnion and to consider placing a credit freeze or fraud alert on your files. Everyone should also be monitoring their existing credit card and bank accounts closely and file your taxes as soon as you get your necessary information, before a scammer can file on your behalf. You should also respond to letters from the IRS right away, but do not give out your information over the phone to someone claiming to be the IRS, as that is most likely a scam.
Risk consulting firm Kroll advises consumers not to do a credit freeze but to instead place a fraud alert on all accounts.
Albright also advises against the credit freeze, stating, “It’s very difficult if you decide you want to use your credit for something to get it back. It’s just inconvenient to have it on there; if you have a fraud alert that should be enough. The only time I don’t recommend a fraud alert is if you’re about to buy a house or are in the process of buying a house. It can hold up your closing if you have a fraud alert.”
The two pieces of advice Albright gives others are “protect your social security number and be proactive by getting some monitoring and full restoration product in place for your family—make sure that you are asking questions, informed questions, about who will actually do your restoration for you.”
At this point it’s hard to know what all of the ramifications from this Equifax breach are going to be. According to a CNBC interview with Morgan Wright, U.S. State Department senior antiterrorism advisor, authorities are not sure how the Equifax breach will play out, since the culprits are still unknown. Depending on whether this was a state act or organized crime, the information stolen could be used in different ways. Either way, the information could be held for years before being used.
As far as what will be done for the individuals whose information was compromised, the one-year free monitoring from Equifax is all that is on the table at present. And according to a CNBC article by Kevin McCoy in September, more than 70 class action lawsuits have been filed.
Class action lawsuits can be tricky and are known to take a long time to come to a determination because plaintiffs have to show causation, meaning that your identity being stolen was a direct result of the breach with Equifax and not for some other reason. Since this is a new arena for the legal field, said Kevin Sharp, “There is no consistent standard that federal court districts across the U.S. use to decide the issue of legal standing in cyber breach cases. However, most have ruled that the theft of personal consumer data ‘is sufficient to establish standing,’ said Sharp, a former federal judge in Tennessee who’s now a managing partner for the Sanford Heisler Sharp law firm, which, according to McCoy’s September article, has also sued Equifax.
Regarding whether we will see more breaches in the future, “It’s not a matter of if—it’s just a matter of when,” Albright said. “145 million Americans were affected by this one breach, and then there have been just so many others in the last few months like Yahoo, which was a pretty large data breach, and then the Verizon data breach as well, and that’s just in the last two months. And those were the just the ones that have been reported to consumers . . . nobody is really safe from identity theft and it’s not going away. It’s just getting worse.”
If you would like Kristina Albright from Legal Shield to share information with your civic group or organization, contact her at 615.207.7555 or kristinacarver.com.