“The reality is that your sensitive data has likely already been stolen, multiple times. Cybercriminals have your credit card information. They have your social security number and your mother’s maiden name. They have your address and phone number. They obtained the data by hacking any one of the hundreds of companies you entrust with the data — and you have no visibility into those companies’ security practices, and no recourse when they lose your data.
Given this, your best option is to turn your efforts toward trying to make sure that your data isn’t used against you. Enable two-factor authentication for all important accounts whenever possible. Don’t reuse passwords for anything important — and get a password manager to remember them all.
Do your best to disable the “secret questions” and other backup authentication mechanisms companies use when you forget your password — those are invariably insecure. Watch your credit reports and your bank accounts for suspicious activity. Set up credit freezes with the major credit bureaus. Be wary of email and phone calls you get from people purporting to be from companies you do business with.
Of course, it’s unlikely you will do a lot of this.”
—Bruce Schneier, “Protecting Yourself from Identity Theft.” Schneier on Security. May 6, 2019.
“Paper trails, though, are terrifying to regulated institutions. Your bank’s customer support representatives are taught to evaluate whether someone looks like they’re competent and collecting a paper trail. If they are, the CS rep is supposed to stop touching the case immediately and instead escalate them to a supervisor or to the legal department.
The legal department (or an analogous group – it is different at every bank) is not scored on cases resolved per week. They are scored on regulatory incidents per quarter, and their target for success is likely zero. Shockingly senior people will be involved to avert regulatory incidents.
What causes a regulatory incident? Bad behavior on the part of the bank? No. Banks screw up all the time; the screwups are literally forecast and budgeted for. Do regulators cause regulatory incidents? Generally no; they’re understaffed and underfunded, and they don’t go on fishing expeditions. The thing which causes regulatory incidents is well-organized people taking paper trails to regulators which allow a regulator to trivially follow up with an investigatory letter. Accordingly, anyone who sounds like a well-organized professional with a paper trail is a problem to be swiftly addressed.”
—Patrick McKenzie. “Identity Theft, Credit Reports, and You.” Kalzumeus.com. September 9, 2017.
Useful addition to addressing identity theft beyond How I Learned to Stop Worrying and Embrace the Security Freeze — Krebs on Security, and Graham Cluley’s more consise summary of Kreb’s recent advice, which includes a freeze on your ChexSystems data.
“Q: What’s involved in freezing my credit file?
A: Freezing your credit involves notifying each of the major credit bureaus that you wish to place a freeze on your credit file. This can usually be done online, but in a few cases you may need to contact one or more credit bureaus by phone or in writing. Once you complete the application process, each bureau will provide a unique personal identification number (PIN) that you can use to unfreeze or “thaw” your credit file in the event that you need to apply for new lines of credit sometime in the future. Depending on your state of residence and your circumstances, you may also have to pay a small fee to place a freeze at each bureau. There are four consumer credit bureaus, including Equifax, Experian, Innovis and Trans Union.
Q: How much is the fee, and how can I know whether I have to pay it?
A: The fee ranges from $0 to $15 per bureau, meaning that it can cost upwards of $60 to place a freeze at all four credit bureaus (recommended). However, in most states, consumers can freeze their credit file for free at each of the major credit bureaus if they also supply a copy of a police report and in some cases an affidavit stating that the filer believes he/she is or is likely to be the victim of identity theft. In many states, that police report can be filed and obtained online. The fee covers a freeze as long as the consumer keeps it in place. Equifax has a decent breakdown of the state laws and freeze fees/requirements.”
—Krebs, Brian. How I Learned to Stop Worrying and Embrace the Security Freeze. Krebs on Security. July 15, 2008.
Useful reminder in light of the recent Equifax breach.