Identity theft protection may be offered free of charge by some nonprofit organizations, but the costs associated with identity theft protection services typically provide monitoring and recovery services as well as regular access to your credit reports or credit scores.
Visit IdentityTheft.gov to locate free identity theft protection services and assistance.
What is Considered Identity Theft?
Identity theft is a crime that can be prosecuted as a misdemeanor or felony depending on the State and severity of the offense in which a criminal fraudulently acquires all or a portion of personally identifiable information (e.g. social security number, driver license number, etc.) for the purposes of impersonating someone else to unlawfully obtain money, property, credit, services, U.S. citizenship, or to commit acts of domestic terrorism.
Identity theft may also be criminally charged and prosecuted as impersonation or fraud.
The dollar amount or value of stolen property is the distinguishing factor between a misdemeanor or felony. State law establishes the minimum amount or value of the property usually between $500 to $1000 to be considered a felony theft.
According to Smarter Shredding, Inc. the following facts are related to identity theft:
But identity theft crime is not just about credit fraud. A criminal armed with your personal information like social security numbers and your date of birth has unlimited access to wreak havoc on every area of your life and for many years to come.
Consider what can be done with that type of information? For example, filing tax returns, stealing money from your bank or investment accounts, getting medical care, or even committing other crimes, to name a few.
Personal information like your name, birthdate, and social security number are permanently attached to your identity and will never change. That is why data breaches are so problematic when credit files are compromised. Criminals can assume and use your identity for an indiscriminate number of years long after the breach.
Identity theft protection will either prevent or, at least, minimize those damages.
Consumer data breaches are more common than most realize. Since 2008, there have been eight (8) major data leaks affecting over 100 million consumers each.
The two most recent, Equifax in March 2017 and Capital One in July 2019 caused consumers to become increasingly concerned with identity theft and securing identity theft protection.
In fact, the growing demand for identity theft protection is largely due to aroused consumer awareness of the nearly incessant corporate data breaches in recent years, most scarcely reported.
The Capital One Data Breach
The latest to fall victim to a data hack was Capital One, again, affecting 100 million people in the U.S. and 6 million in Canada.
Capital One alleges that the breach was manufactured by a single software engineer. Paige A. Thompson, formerly employed with Amazon Web Services (AWS).
It is reported that Thompson was able to exploit a misconfiguration in Capital One’s AWS server (a credit application firewall stored on an Amazon Web Services cloud) through an incognito browser and private IP network which conceals one’s online activities to access the data.
Amazon confirmed Thompson’s employment which ended in 2016, yet the breach is alleged to have taken place between March and July 2019.
The Capital One breach is probably the most egregious because it impacted individuals and small businesses that applied for credit with the company during an extended period of time between 2005 and early 2019.
It also involved a more extensive theft of consumer records that would be most advantageous to criminal assumptions of consumer identities.
Financial analysts surmise the potential for political and regulatory actions including penalties up to $150 million against Capital One as the compromised server was under its direct management.
According to Capital One’s statement, approximately 140,000 social security numbers and 80,000 linked bank accounts were compromised.
Due to the size and frequency of data leaks, cyberattacks have become the biggest threat to the U.S. financial system. Most companies have taken great strides in cybersecurity to prevent outside attacks but have little defense against inside hackers.
As a result, consumer data vulnerabilities will come into question among tech companies, cloud firms and banks as to how they will limit and control access to consumer data and detect potentially rogue employees.
In the meantime, consumers must be proactive in protecting their identities and minimize the damages of criminal activity.
The Eight Largest Data Hacks of the 21st Century
The following are the eight (8) largest data hacks of the 21st Century, according to Markets Insider (July 2019).
Number of people affected: 3 billion user accounts
Data released: Names, email addresses, dates of birth, and phone numbers
Number of people affected: 500 million
Data released: Names, contact information, credit card numbers, passport numbers, Starwood Preferred Guest numbers, and travel information
Number of people affected: Over 412 million
Data released: Names, email addresses, and passwords
Number of people affected: 145 million
Data released: Names, addresses, dates of birth, passwords
Number of people affected: 143 million
Data released: Social security number, birth dates, addresses, and driver license numbers
Number of people affected: 134 million
Data released: Credit card information
Number of people affected: 110 million
Data released: Credit/debit card and contact information
Number of people affected: 106 million
Data released: Names, addresses, self-reported income, phone numbers, some credit card data status including credit balances and limits, payments, and transaction history –credit card numbers and log-in credentials not compromised.
How to Freeze or Lock Your Credit to Protect Your Identity
The best way to protect yourself against identity theft is to place a security freeze on your credit and the service is offered by all three major credit bureaus free of charge.
A security freeze is designed to prevent credit, loans and services from being approved in your name without your consent but may also delay or interfere with or prohibit the timely approval of any subsequent requests or application you make regarding new credit, loans or services.
Take the following two (2) steps to freeze your credit:
Please note: Credit Karma and Credit Sesame only monitor your Vantage credit score and not the FICO score which is more commonly used by lenders.
The Vantage Score will not be an accurate depiction of your credit rating and how lenders determine risk in extending credit.
If you decide to purchase credit monitoring services with expanded features (e.g. security freeze, identity theft insurance, etc.) it is not necessary to purchase more than one (1) service at a time. Also, make sure that you have access to your credit report and score multiple times a year upon request with your purchase.
To request a credit freeze by mail, you must submit your request by certified mail with all applicable attachments as required per each credit bureau.
Each credit bureau offers a Fraud Alert option which allows you to keep your credit file open to creditors but receive notifications when a credit lender accesses your credit file or opens a new account in your name.
The Fraud Alert option is used as a more convenient identity theft protection strategy to avoid going through the process of lifting a credit freeze each time you apply for new credit or loans.
How to Lift, Unfreeze, or Thaw a Credit Freeze
A credit freeze may be temporary or permanent at your discretion. But, once you have frozen your credit and decide to apply for a new loan, line of credit, or utility account the freeze must be lifted for lenders to access your credit file.
If you opt to lift a credit freeze by phone or mail, you will be required to provide a PIN number, password, or other personal information to verify your identity.
The PIN number will be provided to you at the request for a credit freeze. If you lose or forget your identifying information (e.g. PIN, password, etc.) you may access this information by visiting the credit bureau’s website (listed in the chart above) or by phone.
Use the chart above to contact each credit bureau for specific instructions.
The Identity Theft Protection Loophole
The loophole in consumer financial records involve the lesser-known credit reporting agencies that store and share consumer credit and other important financial information.
The number of these “specialty” credit reporting agencies and the extent of data they retain remains a looming threat to consumers even with identity theft protection strategies in place.
There are literally dozens (about or at least, 30) of said credit agencies according to a CBS News report (May 2018) that retain credit files on consumers.
It is recommended that you contact each of these agencies that may be retaining data files of your financial information to initiate a credit freeze or lock as appropriate.
One of which may apply to most everyone is the National Consumer Telecommunications and Utilities Exchange (NCTUE).
The National Consumer Telecom and Utilities Exchange (NCTUE) is a member association database, powered by Equifax through which its “member companies” exchange consumer source-anonymous information such as:
The NCTUE association also share consumer payment data from utility bills, including:
NCTUE is one of many credit reporting agencies that warehouse consumer credit, payment, and banking data to determine risk in extending credit or opening new accounts.
Consumer data is stored with these “specialty” credit reporting warehouses for a myriad of transactions, including but not limited to:
A link is provided below for a list of “specialty credit reporting agencies” published by the Consumer Financial Protection Bureau.
It should be noted that although NCTUE is powered by Equifax, it is technically a separate organization from the credit bureau and freezing your credit file with Equifax does not affect your NCTUE file.
This means that criminals may still access and open new utility, cable, or telephone accounts in your name if you fail to take measures to protect your identity with NCTUE.
You will need to contact the National Consumer Telecom and Utilities Exchange (NCTUE) to place a security freeze on your Disclosure Report.
The three options for sealing your Disclosure Report with NCTUE are:
You may contact NCTUE to inquire if it maintains a file of your financial information at:
NCTUE Disclosure Report
P.O. Box 105161
Atlanta, GA 30348
PH: 1(866) 349-5185
For instructions on how to place a voluntary security freeze on your NCTUE data file:
NCTUE Security Freeze
P.O. Box 105561
Atlanta, GA 30348
PH: 1(866) 343-2821
To place a fraud alert or active duty alert on your Disclosure Report:
P.O. Box 105425
Atlanta, GA 30348
PH: 1(866) 349-3233
To opt-out of the Disclosure Report:
Exchange Services Center: NCTUE Opt-Out
P.O. Box 105398
Atlanta, GA 30348-5398
PH: 1(888) 327-4376
It is important to note that opting-out of the NCTUE Disclosure Report will also prevent you from receiving pre-approved credit offers. You may also be required to submit your name, address, social security number, and data birth with your request for a security freeze.
The National Consumer Telecom and Utilities Exchange (NCTUE) consumer reporting agency is regulated by the Fair Credit Reporting Act (FCRA) and subject to its statutes.
See the link below to the NCTUE website for more information and instructions.
Identity Theft and Assumption Deterrence Act
The Identity Theft and Assumption Deterrence Act of 1998 established identity theft as a federal crime regulated by the Federal Trade Commission (FTC) with penalties up to fifteen (15) years in prison and a maximum fine of $250,000.
The law identifies the person whose identity was stolen as the true victim where only the credit grantors who suffered monetary losses were previously considered the victims.
The legislation further enables the Secret Service, Federal Bureau of Investigations (FBI) and other law enforcement agencies to combat identity fraud crimes and allows financial restitution to victims of identity theft if there is a conviction.
Identity Theft Penalty Enhancement Act
The Identity Theft Penalty Enhancement Act of 2004 establishes penalties for aggravated identity theft or identity theft in connection with the commission of a felony.
Aggravated identity theft is punishable by a minimum sentence of imprisonment for two (2) years or by imprisonment for five (5) years if it relates to a terrorism offense.
According to the Congressional Research Service, CRS (2015) “The two-year offense occurs when an individual knowingly possesses, uses, or transfers the means of identification of another person, without lawful authority, during and in relation to one of more than 60 predicate federal felony offenses (18 U.S.C. 1028A). Section 1028A has the effect of establishing a mandatory minimum sentence for those predicate felony offenses, when they involve identity theft.”
The sentencing court, therefore, has the discretion not to “stack” multiple aggravated identity theft counts and may impose a sentence of less than the mandatory minimum.
A link is provided below for more information on the Identity Theft Penalty Enhancement Act.
How to Claim $125 From the Equifax Data Breach Class Action Lawsuit Settlement
How to Avoid DTE Utility Fraud: Beware of Telephone Imposters
Capital One is the latest company to get rocked by a massive data breach. Here are the 8 largest hacks of the 21st Century.
The Capital One breach is unlike any other major hack, with allegations of a single engineer wreaking havoc
Capital One shares dive after data breach affecting 100 million
How to freeze your credit with Equifax, Experian and Trans Union
This Equifax credit database can boost your risk of phone fraud
What are specialty consumer reporting agencies and what kind of information do they collect?
Disclosure Reports Provide Consumer Information Contained in Their Data Report (NCTUE)
Identity Theft Protection following the Equifax data breach
Federal Trade Commission: Identity Theft and Assumption Deterrence Act
Identity Theft Penalty Enhancement Act
Mandatory Minimum Sentencing: Federal Aggravated Identity Theft
President Signs into Law H.R. 1731, The Identity Theft Penalty Enhancement Act
Welcome to The Community Advocate Network. My name is Deborah Mitchell, I am a graduate in Social Work and Registered Social Work Technician. My human service background began in 2007 which includes medical case management and service navigation for the indigent population, outpatient mental health counseling with substance use and abuse disorders, supportive employment and job development for mental health consumers, and structured living domicile management.