Identity theft and computer hacks are happening far too often, so protecting yourself and your finances is essential.
In 2013, we were shocked when Target Corp. announced that the credit card information for 41 million customers was compromised after a hacker gained access through credentials stolen from a third-party vendor.
In 2017, Equifax, a credit reporting agency, reported a hack that exposed the personal information of up to 143 million Americans, 15 million British citizens and 19,000 Canadians.
In 2020, a massive cyberattack occurred when SolarWinds, a technology firm based in Austin, Texas, provided a software update that included malware attached by hackers.
Ironically, SolarWinds sells their Orion software to thousands of companies, and it is intended to monitor their computer networks. SolarWinds estimated that 18,000 customers, including roughly 40 government agencies, received the update and were exposed to the hack.
The government agencies included the Pentagon, the Treasury Department, the Department of Energy, the U.S. Postal Service and the Department of Homeland Security. Once the data is stolen, we do not know who has access to it or how they may use it.
Recently, hackers have shifted their strategies and have been using a form of malware that encrypts files on a computer system. Once the hackers have infiltrated a computer system, they demand a ransom in exchange for unencrypting the files. This strategy has been used in recent years to attack the computer systems of cities and municipalities, including Atlanta; Baltimore; Denver; Knoxville, Tennessee; New Orleans; and Tulsa, Oklahoma.
In some cases, the ransom was paid, although there is a concerted effort among the U.S. Conference of Mayors to stop paying ransoms.
Most recently, in January 2022, the computer systems of Bernalillo County and Albuquerque Public Schools were hacked.
Being hacked is not always an indication that the company or city was lax in their computer security policies.
Hackers have numerous ways to gain access. I assume that most personal information — including Social Security numbers, birthdates, addresses, tax records, credit card numbers, emails, passwords and investment details — has been stolen, and is accessible to cybercriminals and their malicious activities. This puts us at risk of having our identity stolen, having money illegally withdrawn from our bank accounts and investment accounts, having our credit cards used fraudulently, and having tax refunds stolen.
What can you do?
According to the definition from the Department of Justice’s website, “Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.”
Ngo Minh Hieu was a hacker who ran an online store that sold the stolen personal information of roughly 200 million Americans. He spent seven years in prison, and now helps people avoid cybercriminals. An article by Cezary Podkul for ProPublica (Jan. 27, 2022) reported that it is impossible to create a failproof shield, but there are several steps that Ngo Minh Hieu and Podkul recommended to reduce the risk. These are listed below, along with some of my own recommendations:
- Do not reuse passwords. In other words, do not use your pet’s name for all the websites you visit. You should use long, complex passwords that are different for each site. Write them down on a master password list. Or use an encrypted password manager, such as LastPass or 1Password.
- Review your credit reports, and cancel all unnecessary credit cards. If there are errors on your credit report, take the time to get them corrected. One way to access credit reports from all three credit reporting agencies is the website www.annualcreditreport.com.
- Freeze your credit files. The freeze will restrict access to your credit report, so criminals cannot open a new account or credit card in your name. If you decide to buy a car or apply for a new credit card, you can lift the freeze for a few days. Freezing and unfreezing your credit files is free, and the websites are provided in the box.
- Consolidate and then close any redundant bank accounts or investment accounts.
- Review your bank statements, investment accounts and credit card statements every month.
- Avoid clicking on links that you did not request. Criminals are always trying to access your computer, so you should be very cautious about opening anything that looks suspicious. The cute videos that friends email you can contain malware.
- Be cautious with social media. Personal information you have shared on Facebook or LinkedIn can be accessed by criminals. You can check the privacy settings on the sites, or buy a service like DeleteMe to help you remove personal information.
- Keep your computer software up to date.
- Back up your computer data and files routinely or automatically.
- Set up two-factor authentication when possible. This provides a second level of security if you are accessing websites for your bank or investment accounts.
Implementing some of the above tips requires time. However, if they help you avoid identity theft or becoming a target of cybercriminals, it is a wise investment of your time.
Credit bureau contact
Equifax: http://www.equifax.com/personal/credit-report-services/credit-freeze/ or by phone at 800-685-1111
Experian: http://www.experian.com/freeze/center.html or by phone at 888-397-3742
Transunion: http://www.transunion.com/credit-freeze or by phone at 888-909-8872