Community Advocate Network of Michigan
  • Home
  • Blog
  • Services
    • Disability Services and Resource Center
    • Medicaid/Medicare Services
  • Community Resources
    • Thrift Stores
    • Food Assistance
    • Housing
    • Wraparound Services
    • Death and Burial
    • Returning Citizens
    • Community Board
  • Contact

BLOGS

www.canmichigan.com

Identity Theft Protection Following the Equifax and Capital One Data Breaches

8/19/2019

1 Comment

 
Picture
Identity theft protection is an insurance service that provides coverage for damages related to stolen identity which utilizes technology to protect personal information, monitor private and public records, and offers assistance to resolve breaches in consumer credit, legal and financial records.
Identity theft protection may be offered free of charge by some nonprofit organizations, but the costs associated with identity theft protection services typically provide monitoring and recovery services as well as regular access to your credit reports or credit scores.

Visit IdentityTheft.gov to locate free identity theft protection services and assistance.

What is Considered Identity Theft?
Identity theft is a crime that can be prosecuted as a misdemeanor or felony depending on the State and severity of the offense in which a criminal fraudulently acquires all or a portion of personally identifiable information (e.g. social security number, driver license number, etc.) for the purposes of impersonating someone else to unlawfully obtain money, property, credit, services, U.S. citizenship, or to commit acts of domestic terrorism.

Identity theft may also be criminally charged and prosecuted as impersonation or fraud.

The dollar amount or value of stolen property is the distinguishing factor between a misdemeanor or felony.  State law establishes the minimum amount or value of the property usually between $500 to $1000 to be considered a felony theft.

According to Smarter Shredding, Inc. the following facts are related to identity theft:
  • Nearly 70% of identity theft cases involve rogue employees.
  • Fraudulent charges now average more than $90,000 per name used.
  • The average time spent by victims of identity theft is 600 hours.
  • It takes more time and money for victims of identity theft to remove negative information from their credit reports.
  • The majority of identity theft crimes committed involve opening new credit cards (73%) and accessing (the use of) credit cards (27%).
  • The emotional impact of identity theft has been found to parallel that of victims of violent crime.

But identity theft crime is not just about credit fraud. A criminal armed with your personal information like social security numbers and your date of birth has unlimited access to wreak havoc on every area of your life and for many years to come.

Consider what can be done with that type of information?  For example, filing tax returns, stealing money from your bank or investment accounts, getting medical care, or even committing other crimes, to name a few.

Personal information like your name, birthdate, and social security number are permanently attached to your identity and will never change.  That is why data breaches are so problematic when credit files are compromised.  Criminals can assume and use your identity for an indiscriminate number of years long after the breach.

Identity theft protection will either prevent or, at least, minimize those damages.

Consumer data breaches are more common than most realize.  Since 2008, there have been eight (8) major data leaks affecting over 100 million consumers each.

The two most recent, Equifax in March 2017 and Capital One in July 2019 caused consumers to become increasingly concerned with identity theft and securing identity theft protection.

In fact, the growing demand for identity theft protection is largely due to aroused consumer awareness of the nearly incessant corporate data breaches in recent years, most scarcely reported.
Picture
The Capital One Data Breach
The latest to fall victim to a data hack was Capital One, again, affecting 100 million people in the U.S. and 6 million in Canada.

Capital One alleges that the breach was manufactured by a single software engineer. Paige A. Thompson, formerly employed with Amazon Web Services (AWS).

It is reported that Thompson was able to exploit a misconfiguration in Capital One’s AWS server (a credit application firewall stored on an Amazon Web Services cloud) through an incognito browser and private IP network which conceals one’s online activities to access the data.

Amazon confirmed Thompson’s employment which ended in 2016, yet the breach is alleged to have taken place between March and July 2019.

The Capital One breach is probably the most egregious because it impacted individuals and small businesses that applied for credit with the company during an extended period of time between 2005 and early 2019.

It also involved a more extensive theft of consumer records that would be most advantageous to criminal assumptions of consumer identities.

Financial analysts surmise the potential for political and regulatory actions including penalties up to $150 million against Capital One as the compromised server was under its direct management.

According to Capital One’s statement, approximately 140,000 social security numbers and 80,000 linked bank accounts were compromised.

Due to the size and frequency of data leaks, cyberattacks have become the biggest threat to the U.S. financial system.  Most companies have taken great strides in cybersecurity to prevent outside attacks but have little defense against inside hackers.

As a result, consumer data vulnerabilities will come into question among tech companies, cloud firms and banks as to how they will limit and control access to consumer data and detect potentially rogue employees.

In the meantime, consumers must be proactive in protecting their identities and minimize the damages of criminal activity.

The Eight Largest Data Hacks of the 21st Century
The following are the eight (8) largest data hacks of the 21st Century, according to Markets Insider (July 2019).
  • Yahoo
Date: 2013 – 2014
Number of people affected: 3 billion user accounts
Data released: Names, email addresses, dates of birth, and phone numbers

  • Marriott International
Date: 2014 – 2018
Number of people affected: 500 million
Data released: Names, contact information, credit card numbers, passport numbers, Starwood Preferred Guest numbers, and travel information

  • Adult Friend Finder
Date: October 2016
Number of people affected: Over 412 million
Data released: Names, email addresses, and passwords

  • eBay
Date: May 2014
Number of people affected: 145 million
Data released: Names, addresses, dates of birth, passwords

  • Equifax
Date: July 2017
Number of people affected: 143 million
Data released: Social security number, birth dates, addresses, and driver license numbers

  • Heartland Payment Systems
Date: March 2008
Number of people affected: 134 million
Data released: Credit card information

  • Target
Date: December 2013
Number of people affected: 110 million
Data released: Credit/debit card and contact information

  • Capital One
Date: July 2019
Number of people affected: 106 million
Data released: Names, addresses, self-reported income, phone numbers, some credit card data status including credit balances and limits, payments, and transaction history –credit card numbers and log-in credentials not compromised.

The Equifax Data Breach
The Equifax data breach of 2017 compromised 143 million credit files and it recently reached a class action settlement proposal with the Federal Trade Commission (FTC) of $700 million to compensate consumers pending federal court approval in December 2019.

The class action settlement offer presents two (2) reimbursement options to customers:
  1. One-time payment of $125 Alternative Reimbursement Compensation
  2. 10 years of free identity theft protection and credit monitoring services

If you are applying for the Equifax class action settlement be sure to document your identity theft protection activities in order to be compensated when claiming damages.

Follow the link provided below in the Related Posts section to the article for more information on the Equifax Data Breach Class Action Lawsuit.

How to Freeze or Lock Your Credit to Protect Your Identity
The best way to protect yourself against identity theft is to place a security freeze on your credit and the service is offered by all three major credit bureaus free of charge.

A security freeze is designed to prevent credit, loans and services from being approved in your name without your consent but may also delay or interfere with or prohibit the timely approval of any subsequent requests or application you make regarding new credit, loans or services. 

Take the following two (2) steps to freeze your credit:
  1. Sign up with a credit monitoring service such as MyFico or through one of the credit bureaus but there will be a fee.  Credit Karma and Credit Sesame offer credit monitoring services free-of-charge. (You will need credit monitoring to ensure your credit information is not compromised in the future).
  2. Contact Experian, Equifax, and TransUnion to request a credit freeze.

Please note: Credit Karma and Credit Sesame only monitor your Vantage credit score and not the FICO score which is more commonly used by lenders.

The Vantage Score will not be an accurate depiction of your credit rating and how lenders determine risk in extending credit.
​
If you decide to purchase credit monitoring services with expanded features (e.g. security freeze, identity theft insurance, etc.) it is not necessary to purchase more than one (1) service at a time. Also, make sure that you have access to your credit report and score multiple times a year upon request with your purchase.
Credit Bureau
Online
By phone
By mail
Experian
https://www.experian.com/freeze/center.html
1(888) 397-3742
​Experian Security Freeze, P.O. Box 9554, Allen, TX 75013
Equifax
https://www.equifax.com/personal/credit-report-services/
1(800) 685-1111; NY residents call 1(800) 349-9660
​Equifax Security Freeze, P.O. Box 1057888, Atlanta, GA 30348
Trans Union
https://www.transunion.com/credit-freeze
​1(888)909-8872
​TransUnion, LLc, P.O. Box 2000, Chester, PA 19016
To request a credit freeze by mail, you must submit your request by certified mail with all applicable attachments as required per each credit bureau.

Each credit bureau offers a Fraud Alert option which allows you to keep your credit file open to creditors but receive notifications when a credit lender accesses your credit file or opens a new account in your name.

The Fraud Alert option is used as a more convenient identity theft protection strategy to avoid going through the process of lifting a credit freeze each time you apply for new credit or loans.

How to Lift, Unfreeze, or Thaw a Credit Freeze
A credit freeze may be temporary or permanent at your discretion.  But, once you have frozen your credit and decide to apply for a new loan, line of credit, or utility account the freeze must be lifted for lenders to access your credit file.

If you opt to lift a credit freeze by phone or mail, you will be required to provide a PIN number, password, or other personal information to verify your identity.

The PIN number will be provided to you at the request for a credit freeze.  If you lose or forget your identifying information (e.g. PIN, password, etc.) you may access this information by visiting the credit bureau’s website (listed in the chart above) or by phone.

Use the chart above to contact each credit bureau for specific instructions.

The Identity Theft Protection Loophole
The loophole in consumer financial records involve the lesser-known credit reporting agencies that store and share consumer credit and other important financial information.

The number of these “specialty” credit reporting agencies and the extent of data they retain remains a looming threat to consumers even with identity theft protection strategies in place.

There are literally dozens (about or at least, 30) of said credit agencies according to a CBS News report (May 2018) that retain credit files on consumers.

It is recommended that you contact each of these agencies that may be retaining data files of your financial information to initiate a credit freeze or lock as appropriate.

One of which may apply to most everyone is the National Consumer Telecommunications and Utilities Exchange (NCTUE).

The National Consumer Telecom and Utilities Exchange (NCTUE) is a member association database, powered by Equifax through which its “member companies” exchange consumer source-anonymous information such as:
  • New connection requests
  • Payment histories
  • Historical account data and status
  • Fraudulent telecommunication activities

The NCTUE association also share consumer payment data from utility bills, including:
  • Cable accounts
  • Utility accounts (electric, gas, and water)
  • Telephone accounts

NCTUE is one of many credit reporting agencies that warehouse consumer credit, payment, and banking data to determine risk in extending credit or opening new accounts.
Consumer data is stored with these “specialty” credit reporting warehouses for a myriad of transactions, including but not limited to:
  • Purchasing a home
  • Renting an apartment
  • Opening a bank account
  • Purchasing auto insurance
  • Opening new utility accounts
  • Applying for employment
  • Medical records and payments

A link is provided below for a list of “specialty credit reporting agencies” published by the Consumer Financial Protection Bureau.

It should be noted that although NCTUE is powered by Equifax, it is technically a separate organization from the credit bureau and freezing your credit file with Equifax does not affect your NCTUE file.

This means that criminals may still access and open new utility, cable, or telephone accounts in your name if you fail to take measures to protect your identity with NCTUE.

You will need to contact the National Consumer Telecom and Utilities Exchange (NCTUE) to place a security freeze on your Disclosure Report.

The three options for sealing your Disclosure Report with NCTUE are:
  • Security Freeze
  • Fraud Alert or Active Duty Alert (for military personnel)
  • Opting Out

You may contact NCTUE to inquire if it maintains a file of your financial information at:
            NCTUE Disclosure Report
            P.O. Box 105161
            Atlanta, GA 30348
            PH:      1(866) 349-5185

For instructions on how to place a voluntary security freeze on your NCTUE data file:
            NCTUE Security Freeze
            P.O. Box 105561
            Atlanta, GA 30348
            PH:      1(866) 343-2821

To place a fraud alert or active duty alert on your Disclosure Report:
            NCTUE Alerts
            P.O. Box 105425
            Atlanta, GA 30348
            PH:      1(866) 349-3233

To opt-out of the Disclosure Report:
            Exchange Services Center: NCTUE Opt-Out
            P.O. Box 105398
            Atlanta, GA 30348-5398
            PH:      1(888) 327-4376

It is important to note that opting-out of the NCTUE Disclosure Report will also prevent you from receiving pre-approved credit offers.  You may also be required to submit your name, address, social security number, and data birth with your request for a security freeze.

The National Consumer Telecom and Utilities Exchange (NCTUE) consumer reporting agency is regulated by the Fair Credit Reporting Act (FCRA) and subject to its statutes.

See the link below to the NCTUE website for more information and instructions.

Identity Theft and Assumption Deterrence Act
The Identity Theft and Assumption Deterrence Act of 1998 established identity theft as a federal crime regulated by the Federal Trade Commission (FTC) with penalties up to fifteen (15) years in prison and a maximum fine of $250,000.

The law identifies the person whose identity was stolen as the true victim where only the credit grantors who suffered monetary losses were previously considered the victims.

The legislation further enables the Secret Service, Federal Bureau of Investigations (FBI) and other law enforcement agencies to combat identity fraud crimes and allows financial restitution to victims of identity theft if there is a conviction.

Identity Theft Penalty Enhancement Act
The Identity Theft Penalty Enhancement Act of 2004 establishes penalties for aggravated identity theft or identity theft in connection with the commission of a felony.

Aggravated identity theft is punishable by a minimum sentence of imprisonment for two (2) years or by imprisonment for five (5) years if it relates to a terrorism offense.

According to the Congressional Research Service, CRS (2015) “The two-year offense occurs when an individual knowingly possesses, uses, or transfers the means of identification of another person, without lawful authority, during and in relation to one of more than 60 predicate federal felony offenses (18 U.S.C. 1028A). Section 1028A has the effect of establishing a mandatory minimum sentence for those predicate felony offenses, when they involve identity theft.”

The sentencing court, therefore, has the discretion not to “stack” multiple aggravated identity theft counts and may impose a sentence of less than the mandatory minimum.

A link is provided below for more information on the Identity Theft Penalty Enhancement Act.

Related Posts:
How to Claim $125 From the Equifax Data Breach Class Action Lawsuit Settlement
https://www.canmichigan.com/blog/equifax-data-breach-class-action-lawsuit-settlement

How to Avoid DTE Utility Fraud: Beware of Telephone Imposters
https://www.canmichigan.com/blog/how-to-avoid-dte-utility-fraud-beware-of-telephone-imposters

Links:
Capital One is the latest company to get rocked by a massive data breach. Here are the 8 largest hacks of the 21st Century.
https://markets.businessinsider.com/news/stocks/8-largest-hacks-and-data-breaches-of-the-21st-century-2019-7-1028399924

The Capital One breach is unlike any other major hack, with allegations of a single engineer wreaking havoc
https://www.cnbc.com/2019/07/30/capital-one-hack-allegations-describe-a-rare-insider-threat-case.html

Capital One shares dive after data breach affecting 100 million
https://www.cnbc.com/2019/07/30/capital-one-shares-dive-after-data-breach-affecting-100-million.html

How to freeze your credit with Equifax, Experian and Trans Union
https://clark.com/credit/credit-freeze-and-thaw-guide/

​This Equifax credit database can boost your risk of phone fraud
https://www.cbsnews.com/news/equifax-managed-nctue-credit-database-can-boost-your-risk-of-phone-and-utility-fraud/

What are specialty consumer reporting agencies and what kind of information do they collect?
https://www.consumerfinance.gov/ask-cfpb/what-are-specialty-consumer-reporting-agencies-and-what-kind-of-information-do-they-collect-en-1813/

Disclosure Reports Provide Consumer Information Contained in Their Data Report (NCTUE)
https://www.nctue.com/Consumers

Identity Theft Protection following the Equifax data breach
https://www.consumerfinance.gov/about-us/blog/identity-theft-protection-following-equifax-data-breach/

Federal Trade Commission: Identity Theft and Assumption Deterrence Act
https://ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/identity-theft-and-assumption-deterrence

Identity Theft Penalty Enhancement Act
http://www.smartershredding.com/identity-theft-penalty-enhancement.php

Mandatory Minimum Sentencing: Federal Aggravated Identity Theft
https://fas.org/sgp/crs/misc/R42100.pdf

​President Signs into Law H.R. 1731, The Identity Theft Penalty Enhancement Act
https://www.ssa.gov/legislation/legis_bulletin_072004.html
1 Comment
Mia Evans link
11/3/2022 11:45:20 pm

I like that you talked about having a security freeze that will protect your credit, loans, and other services you need from being approved without your consent even if they are under your name. I have never known anyone who got into this situation, and I hope that I will not be a victim in the future. But this information can help me have an idea what to do to prevent loss on my part while hiring an identity theft lawyer at the same time to start looking for the culprit and making them responsible for what they have done.

Reply



Leave a Reply.

    Deborah Mitchell

    Welcome to The Community Advocate Network.  My name is Deborah Mitchell,  I am a graduate in Social Work and Registered Social Work Technician.  My human service background began in 2007 which includes medical case management and service navigation for the indigent population, outpatient mental health counseling with substance use and abuse disorders, supportive employment and job development for mental health consumers, and structured living domicile management.

    In 2016, I completed my Bachelors Degree in Social Work and began my graduate studies at Wayne State University in Detroit, Michigan.

    On this platform we will be reviewing social topics and news and providing resources to community programs and services.  It is my goal to maintain a recovery-focused, service-oriented environment while working to expand the capacities of individuals, families, groups, organizations, and communities in developing and restoring optimal social and economic functioning.

    Archives

    October 2022
    March 2022
    February 2022
    January 2022
    August 2019
    June 2019
    February 2019
    January 2019
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018

    Categories

    All
    Consumer Services
    Government Benefits And Programs
    Public Policy
    Social Topics

    RSS Feed

Services

Case Management

Disability Claims

​Referrals

About

Individualized approach to planning and coordinating care with the goal of medical rehabilitation.

Support

PH:  248-773-2658
FAQ:
Case management services are billed directly to your insurance company.  Auto accident victims may contact us for referrals to an attorney  that specializes in your specific case and needs to handle your legal representation.
Terms of Use: 
Information provided on this website does not guarantee approval for benefits or guarantee employment.  Users may copy, download, and share resource information only.
AMAZON ASSOCIATES DISCLOSURE
Community Advocate Network of Michigan is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to www.amazon.com.
© COPYRIGHT 2018. ALL RIGHTS RESERVED.
  • Home
  • Blog
  • Services
    • Disability Services and Resource Center
    • Medicaid/Medicare Services
  • Community Resources
    • Thrift Stores
    • Food Assistance
    • Housing
    • Wraparound Services
    • Death and Burial
    • Returning Citizens
    • Community Board
  • Contact