Breach, breach, breach
August 18, 2016 11:43 PM Subscribe
My identity was stolen last year
It was likely from the Sony or Anthem breach. Since then I have been working with AllClearID and Law Enforcement to help monitor the fraudulent activity. Which comes in spurts. After reading this article I placed security freezes on all credit agencies. About a month ago I started getting alerts of new activity only to discover that the Freezes have been removed at all credit agencies without my knowledge. I have spoken to TransUnion at length, and though they really cannot fess up as to how it happened, they did tell me that they have fake california driver's license, social security card and SoCal Gas bill with my data on it.
The detective at the LAPD commercial crimes unit who is assigned to my case think s it highly irregular that someone was able to lift the freeze, even with those false documents, because there was also a secondary passphrase only for that account and that freeze.
In a nutshell, the perps can do what they want is what I discovered, they can create whatever documents needed and make as many phone calls as possible until they find someone at the credit agency that is willing to help them.
I have filed a police report
I have created a presence at identitytheft.gov
I have an account with AllClearID
What else can I do? What else can I consider??
AllClearID (which came free with the Sony and Anthem breach) is not ranked high on any reviews, but Identity Guard is tops on all of them. Yet everyone (including the LAPD detective on my case) says it really doesn't make much difference which outfit you use.
btw, just to put a little more perspective on how outrageously in the open this situation is, when I filed my report on a Tuesday afternoon, they guy next to me was doing the same thing and the officer adn duty said "This is what I do all day, this is the crime of the 21st century" The after a month of waiting for the case to be assigned, I was told very nicely,,"We are so sorry, but the western division of the LAPD commercial crimes unti recives 6,000 case a month and we are a bit behind schedule in assigning cases"
Thoughts, help, suggestions, etc?
It was likely from the Sony or Anthem breach. Since then I have been working with AllClearID and Law Enforcement to help monitor the fraudulent activity. Which comes in spurts. After reading this article I placed security freezes on all credit agencies. About a month ago I started getting alerts of new activity only to discover that the Freezes have been removed at all credit agencies without my knowledge. I have spoken to TransUnion at length, and though they really cannot fess up as to how it happened, they did tell me that they have fake california driver's license, social security card and SoCal Gas bill with my data on it.
The detective at the LAPD commercial crimes unit who is assigned to my case think s it highly irregular that someone was able to lift the freeze, even with those false documents, because there was also a secondary passphrase only for that account and that freeze.
In a nutshell, the perps can do what they want is what I discovered, they can create whatever documents needed and make as many phone calls as possible until they find someone at the credit agency that is willing to help them.
I have filed a police report
I have created a presence at identitytheft.gov
I have an account with AllClearID
What else can I do? What else can I consider??
AllClearID (which came free with the Sony and Anthem breach) is not ranked high on any reviews, but Identity Guard is tops on all of them. Yet everyone (including the LAPD detective on my case) says it really doesn't make much difference which outfit you use.
btw, just to put a little more perspective on how outrageously in the open this situation is, when I filed my report on a Tuesday afternoon, they guy next to me was doing the same thing and the officer adn duty said "This is what I do all day, this is the crime of the 21st century" The after a month of waiting for the case to be assigned, I was told very nicely,,"We are so sorry, but the western division of the LAPD commercial crimes unti recives 6,000 case a month and we are a bit behind schedule in assigning cases"
Thoughts, help, suggestions, etc?
Lawyer up. In particular, have a lawyer write a letter to all three credit reporting agencies demanding that they place the freeze on your account, and do not lift it or modify it without your consent, regardless of any other "evidence" they receive. Also, walk through your credit reports yourself and dispute any information that is errant.
It helps very much if you have a stable address and phone number (as in "been this for many years"), and it helps even more to have a demand on a lawyer's letterhead. The credit reporting agencies would basically take that as a precursor to a potential lawsuit over the issue, which is basically the Big Hammer you use with them when they're not being legally compliant.
http://www.nolo.com/legal-encyclopedia/if-the-credit-reporting-agency-does-not-correct-your-report-what-do.html
Getting a lawyer involved also gives a clearer paper trail in the event that you would actually need to go with the lawsuit route, and sending the letters shouldn't be horribly expensive (though I suppose that's a matter of opinion).
Nothing you can do will necessarily guarantee a permanent fix to the issue, I'm sorry to say, but you should focus on doing things that will make your life a little easier. Don't expect a lot of help from the police. This is the 21st century version of the stolen bicycle. Sorry.
posted by jgreco at 7:10 AM on August 19, 2016
It helps very much if you have a stable address and phone number (as in "been this for many years"), and it helps even more to have a demand on a lawyer's letterhead. The credit reporting agencies would basically take that as a precursor to a potential lawsuit over the issue, which is basically the Big Hammer you use with them when they're not being legally compliant.
http://www.nolo.com/legal-encyclopedia/if-the-credit-reporting-agency-does-not-correct-your-report-what-do.html
Getting a lawyer involved also gives a clearer paper trail in the event that you would actually need to go with the lawsuit route, and sending the letters shouldn't be horribly expensive (though I suppose that's a matter of opinion).
Nothing you can do will necessarily guarantee a permanent fix to the issue, I'm sorry to say, but you should focus on doing things that will make your life a little easier. Don't expect a lot of help from the police. This is the 21st century version of the stolen bicycle. Sorry.
posted by jgreco at 7:10 AM on August 19, 2016
Is there any chance your identity could have been stolen by a friend, family member, or coworker who has access to your personal information directly (i.e. access to your wallet, access to your computer)?
It's not *impossible* that someone who doesn't know you could have gone to all that effort. But if I had access to data from the Anthem breach, I would just move down to the next name on the list that hadn't put freezes on the account before I would try to get freezes removed from an account that I already knew was on to me.
Regardless, if you haven't done it already, it wouldn't hurt to check your computer for malware and change all your passwords (ideally with a password manager so you can use different passwords for everything) and security questions.
posted by mskyle at 9:41 AM on August 19, 2016 [2 favorites]
It's not *impossible* that someone who doesn't know you could have gone to all that effort. But if I had access to data from the Anthem breach, I would just move down to the next name on the list that hadn't put freezes on the account before I would try to get freezes removed from an account that I already knew was on to me.
Regardless, if you haven't done it already, it wouldn't hurt to check your computer for malware and change all your passwords (ideally with a password manager so you can use different passwords for everything) and security questions.
posted by mskyle at 9:41 AM on August 19, 2016 [2 favorites]
Response by poster: It is unlikely it is someone I know, but of course anything is possible. The mailing address that keep getting used for the fraudulent account are all on skid row in Los Angeles, something that law enforcement confirmed as being common in this day of cyber crime.
It is a great question as to why they would go to great lengths on my account, really dont have an answer to that.
I just sent an email to me lawyer asking to create letters to all three agencies. I also just had a 30 minute conversation with Experian where they flat out said there is nothing more they can do to protect the account. The documentation I am sending in is exactly the same as the documentation the perps used. They suggested changing the pin code, but when I suggested the pin code didn't matter because what I am doing right now is changing the freeze status without the pin code, there was silence followed by "this is what we can do you you today..."
posted by silsurf at 10:19 AM on August 19, 2016
It is a great question as to why they would go to great lengths on my account, really dont have an answer to that.
I just sent an email to me lawyer asking to create letters to all three agencies. I also just had a 30 minute conversation with Experian where they flat out said there is nothing more they can do to protect the account. The documentation I am sending in is exactly the same as the documentation the perps used. They suggested changing the pin code, but when I suggested the pin code didn't matter because what I am doing right now is changing the freeze status without the pin code, there was silence followed by "this is what we can do you you today..."
posted by silsurf at 10:19 AM on August 19, 2016
Response by poster: There is a space for a disclaimer on your credit report, currently the perps have this in place:
ID FRAUD VICTIM ALERT FRAUDULENT APPLICATIONS MAY BE SUBMITTED IN MY NAME OR MY IDENTITY MAY HAVE BEEN USED WITHOUT MY CONSENT TO FRAUDULENTLY OBTAIN GOODS OR SERVICES. DO NOT EXTEND CREDIT WITHOUT FIRST CONTACTING ME PERSONALLY AND VERIFYING ALL APPLICATION INFORMATION AT DAY 213- 992- 1007 OR EVENING 213- 992- 1007. THIS VICTIM ALERT WILL BE MAINTAINED FOR SEVEN YEARS BEGINNING 08- 12- 16.
Once I get back control of my file at Experian, I was wondering if there is something that I could write that would really be a stop gap for future incursions? What might that look like?
posted by silsurf at 3:52 PM on August 19, 2016
ID FRAUD VICTIM ALERT FRAUDULENT APPLICATIONS MAY BE SUBMITTED IN MY NAME OR MY IDENTITY MAY HAVE BEEN USED WITHOUT MY CONSENT TO FRAUDULENTLY OBTAIN GOODS OR SERVICES. DO NOT EXTEND CREDIT WITHOUT FIRST CONTACTING ME PERSONALLY AND VERIFYING ALL APPLICATION INFORMATION AT DAY 213- 992- 1007 OR EVENING 213- 992- 1007. THIS VICTIM ALERT WILL BE MAINTAINED FOR SEVEN YEARS BEGINNING 08- 12- 16.
Once I get back control of my file at Experian, I was wondering if there is something that I could write that would really be a stop gap for future incursions? What might that look like?
posted by silsurf at 3:52 PM on August 19, 2016
Experian is kind-of correct in that there's "nothing more" they can do to protect the account. They've made the typical corporate word-substitution lie of "can" for "will." They certainly *could* do more to protect the account, but since you are not their customer, and they are merely complying with existing law, they have no compelling reason to act in your best interest, except to avoid a lawsuit.
Adding a victim statement (or whatever they're calling it these days) is only modestly effective. In many cases, potential lenders aren't pulling your full credit report from the CRA's, and even then, someone would have to read and comprehend it. More often they're just looking at scores.
As mskyle suggested, checking for malware is a good idea. It is also a great idea to take a few other steps. If you can, use a separate dedicated computer for "sensitive" financial things such as banking. Do not use it for e-mail or random web browsing. Create security questions for web sites, but do NOT provide real answers. Generate random words (there are some great web sites to do this) and write them down, keeping a hard paper file with your answers. Use different answers for each website. Don't give banks your mother's maiden name, but rather make up something that's clearly not real.
Moving forward, as Candleman suggested, talk to your state congresscritter and push for a more comprehensive law for your state. We finally got one here that allows for victims of identify theft to place a security freeze for free, and it looks like California does too, but your story and several others I've heard of are suggesting to me that the current steps people are able to take are becoming insufficient. The only real recourse "we" as a society have is to legislate and regulate the companies who profit from this state of affairs.
I suffered a big incident back in 2001/2002, at which point things in our state were so screwed up that the police departments involved couldn't even resolve jurisdiction. Since then, that's been resolved and victims now get our security freezes for free. I can tell you that the worst bits are usually the six months following the event. But I also encourage you to take some time to learn more about all of this, even though you shouldn't *have* to. Getting educated about how the system works also helps you understand how to influence things like your credit score. You learn neat little factoids such as the fact that you can have fraudulent inquiries made on your credit reports suppressed so that they do not harm your credit score.
I am very sorry you're dealing with this, I know it sucks.
posted by jgreco at 5:49 AM on August 20, 2016
Adding a victim statement (or whatever they're calling it these days) is only modestly effective. In many cases, potential lenders aren't pulling your full credit report from the CRA's, and even then, someone would have to read and comprehend it. More often they're just looking at scores.
As mskyle suggested, checking for malware is a good idea. It is also a great idea to take a few other steps. If you can, use a separate dedicated computer for "sensitive" financial things such as banking. Do not use it for e-mail or random web browsing. Create security questions for web sites, but do NOT provide real answers. Generate random words (there are some great web sites to do this) and write them down, keeping a hard paper file with your answers. Use different answers for each website. Don't give banks your mother's maiden name, but rather make up something that's clearly not real.
Moving forward, as Candleman suggested, talk to your state congresscritter and push for a more comprehensive law for your state. We finally got one here that allows for victims of identify theft to place a security freeze for free, and it looks like California does too, but your story and several others I've heard of are suggesting to me that the current steps people are able to take are becoming insufficient. The only real recourse "we" as a society have is to legislate and regulate the companies who profit from this state of affairs.
I suffered a big incident back in 2001/2002, at which point things in our state were so screwed up that the police departments involved couldn't even resolve jurisdiction. Since then, that's been resolved and victims now get our security freezes for free. I can tell you that the worst bits are usually the six months following the event. But I also encourage you to take some time to learn more about all of this, even though you shouldn't *have* to. Getting educated about how the system works also helps you understand how to influence things like your credit score. You learn neat little factoids such as the fact that you can have fraudulent inquiries made on your credit reports suppressed so that they do not harm your credit score.
I am very sorry you're dealing with this, I know it sucks.
posted by jgreco at 5:49 AM on August 20, 2016
« Older What Could Be Making My Tree Brown? | Grappling with mental illness and self-hatred. Newer »
This thread is closed to new comments.
Is there any especially notable thing about you that would explain why an attacker would spend that much effort on you? It seems like a lot of work when there's plenty of less protected IDs out there. With this level of effort being addressed towards you, you might get a new SSN. It's a pain, but it may be the only thing that you can really do.
posted by Candleman at 7:09 AM on August 19, 2016