What do we do after a break-in?
March 24, 2006 4:40 AM Subscribe
What do I need to do, practically speaking, after a computer theft? (Several related questions inside.)
So the house was broken into yesterday, and they made off with my laptop. My laptop, which (I await chastisement) had every piece of financial information I had on it. (Damn online banking!) It also had my social security number (my taxes were on there too). I've closed the bank accounts. I've changed my e-mail passwords and my online banking passwords. What else do I need to do that I haven't thought about?
Do I need to bother changing my passwords for anything else? Do I need to create a paper trail with the (American) government or anybody else? And how much do I need to flip out that somebody has my social security number? It seems like I practically have to give it out at the post office these days - am I really in much more danger now than I was before yesterday?
Also, how about those 50 albums I downloaded on the iTunes store? Am I totally out of luck?
While I'm at it, any other practical advice for keeping our house (in a neighborhood the cop politely called 'transitioning') safe without hiding from the outside world in a steel-barred fortress would be appreciated.
Sorry - I know that's a lot. Any advice would be so helpful.
So the house was broken into yesterday, and they made off with my laptop. My laptop, which (I await chastisement) had every piece of financial information I had on it. (Damn online banking!) It also had my social security number (my taxes were on there too). I've closed the bank accounts. I've changed my e-mail passwords and my online banking passwords. What else do I need to do that I haven't thought about?
Do I need to bother changing my passwords for anything else? Do I need to create a paper trail with the (American) government or anybody else? And how much do I need to flip out that somebody has my social security number? It seems like I practically have to give it out at the post office these days - am I really in much more danger now than I was before yesterday?
Also, how about those 50 albums I downloaded on the iTunes store? Am I totally out of luck?
While I'm at it, any other practical advice for keeping our house (in a neighborhood the cop politely called 'transitioning') safe without hiding from the outside world in a steel-barred fortress would be appreciated.
Sorry - I know that's a lot. Any advice would be so helpful.
I would return it, seeing as it isn't yours. (Joke)
Having been the victim before, in my town it is customary to check every pawn shop within a 20 mile radius. Before you do that, find and organize all the papers pertaining to said computer (reciept of purchase, warranty, etc.). You need to have as much as possible (mainly the serial number) to that you actually owned the computer if they find it.
Sorry for your loss
posted by bamassippi at 5:22 AM on March 24, 2006
Having been the victim before, in my town it is customary to check every pawn shop within a 20 mile radius. Before you do that, find and organize all the papers pertaining to said computer (reciept of purchase, warranty, etc.). You need to have as much as possible (mainly the serial number) to that you actually owned the computer if they find it.
Sorry for your loss
posted by bamassippi at 5:22 AM on March 24, 2006
iTunes will not like it, but if you are persistent, they will probably give you your music back (depends on who you talk to). When my hard drive crashed, they restored all of my music. It took several phone calls. They CAN do it.
Have you called your insurance co.? the police?
Yes, you give out your social security number to a lot of people, but presumably only a tiny fraction of those people are thieves. You KNOW this person is a thief. You need to contact the 3 credit reporting companies and put a hold on any charges and any new accounts. You need to check this - they don't always do it.
If it's all accessible (i.e., they have access to your passwords) you need to cancel it or put a hold o it. Especially credit cards.
You might want to notify your friends or anyone else who might have sent you sensitive info, as email is probably on the computer. Make a list of everything that is on it that needs to be dealt with - and assume the worst.
Good luck!
posted by clarkstonian at 5:27 AM on March 24, 2006
Have you called your insurance co.? the police?
Yes, you give out your social security number to a lot of people, but presumably only a tiny fraction of those people are thieves. You KNOW this person is a thief. You need to contact the 3 credit reporting companies and put a hold on any charges and any new accounts. You need to check this - they don't always do it.
If it's all accessible (i.e., they have access to your passwords) you need to cancel it or put a hold o it. Especially credit cards.
You might want to notify your friends or anyone else who might have sent you sensitive info, as email is probably on the computer. Make a list of everything that is on it that needs to be dealt with - and assume the worst.
Good luck!
posted by clarkstonian at 5:27 AM on March 24, 2006
They essentially have everything they need to steal your identity. I wrote this up awhile back that shows how (please ignore the rest of it as it isn't pertinent). The problem is until they do it, if they do it, it is a bit hard for you to do much. You've taken some reasonable steps to shut them out of your money but if they are determined they can get credit cards in your name, etc.. They probably have the info that would be asked on the application. What they don't have can easily be bought cheaply or free now that they have so many of the missing pieces.
Call the three major credit reporting agencies and see what they say. I don't think you can place a fraud alert on an account without fraud, but maybe they can. You can also start watching your credit report for any changes. That will also get you the ammo you need if you do find a problem. I.e. A new SSN (the fourth bullet down). There is also a reporting agency banks use for reporting non-credit things like banking overdrafts and such. I can't remember it's name but hopefully someone will know. Filling out a report with the police is an extremely good idea if only because it would generate a paper trail for you to show creditors if there is a problem. Plus they might get the computer back :-)
I'd also go a step further and ask the folks you have online accounts with if there have been any bad or incorrect logins on your account(s). They'll have logs of the IP addresses for that, which can be traced to a person with a little footwork. If they won't tell you the police can go as far as getting a subpoena for it... another reason to file a report if you haven't already.
posted by jwells at 5:49 AM on March 24, 2006
Call the three major credit reporting agencies and see what they say. I don't think you can place a fraud alert on an account without fraud, but maybe they can. You can also start watching your credit report for any changes. That will also get you the ammo you need if you do find a problem. I.e. A new SSN (the fourth bullet down). There is also a reporting agency banks use for reporting non-credit things like banking overdrafts and such. I can't remember it's name but hopefully someone will know. Filling out a report with the police is an extremely good idea if only because it would generate a paper trail for you to show creditors if there is a problem. Plus they might get the computer back :-)
I'd also go a step further and ask the folks you have online accounts with if there have been any bad or incorrect logins on your account(s). They'll have logs of the IP addresses for that, which can be traced to a person with a little footwork. If they won't tell you the police can go as far as getting a subpoena for it... another reason to file a report if you haven't already.
posted by jwells at 5:49 AM on March 24, 2006
Damn online banking?
Does that mean that you have your passwords to such bank account saved? Or that you use a money management program that links to them?
If the latter is the case, closing them would be necessary. Otherwise, a change of password for each affected account might work. Water under bridge.
Was there any password on the system at all?
My system is locked down pretty tight, but once you get beyond the Windows password, it's pretty much free game. Still, a Windows password is frustratingly difficult to crack without certain tools and know-how, and is good enough for next time.
So is using the built in XP encryption, so that once they *do* hack into your account, they can't get to any of the good stuff.
Do you have any security system installed? I would guess not, but a quick, interim solution could be a security system sticker. Or, rather, a series of stickers and posts. Theif presented with house broadcasting it's protected vs. house that is plain will usually go to house that is plain. Why chance it, right?
Sorry for your loss. That absolutely sucks.
posted by disillusioned at 6:21 AM on March 24, 2006
Does that mean that you have your passwords to such bank account saved? Or that you use a money management program that links to them?
If the latter is the case, closing them would be necessary. Otherwise, a change of password for each affected account might work. Water under bridge.
Was there any password on the system at all?
My system is locked down pretty tight, but once you get beyond the Windows password, it's pretty much free game. Still, a Windows password is frustratingly difficult to crack without certain tools and know-how, and is good enough for next time.
So is using the built in XP encryption, so that once they *do* hack into your account, they can't get to any of the good stuff.
Do you have any security system installed? I would guess not, but a quick, interim solution could be a security system sticker. Or, rather, a series of stickers and posts. Theif presented with house broadcasting it's protected vs. house that is plain will usually go to house that is plain. Why chance it, right?
Sorry for your loss. That absolutely sucks.
posted by disillusioned at 6:21 AM on March 24, 2006
I lost my wallet a while back and notified the three credit agencies and they supposedly put a 3 month fraud alert on my account. I believe someone checked my credit 60 days later and I was not notified by any of the agencies. I don't think the agencies should be trusted with this kind of protection considering the more fear there is in the general public about identity theft the more people will by their premium products. It's like having Microsoft sell you antivirus protection.
posted by any major dude at 6:40 AM on March 24, 2006
posted by any major dude at 6:40 AM on March 24, 2006
While I think it's prudent to follow all the good advice in this thread (and at risk of sounding pollyanna-ish), there's a very good chance that this thief is not looking to mine your laptop to steal your identity, he just wants to sell it to get cash for it.
Of course, who knows about the guy he sells it to.
posted by adamrice at 6:44 AM on March 24, 2006
Of course, who knows about the guy he sells it to.
posted by adamrice at 6:44 AM on March 24, 2006
Mind if I tag a question onto this? Are there any programs to ensure that if your system gets stolen and brought online, that it will "phone home" and give you some idea of where it is, how its connecting, or any other information? How else can you make it useless once stolen?
posted by JonnyRotten at 6:47 AM on March 24, 2006
posted by JonnyRotten at 6:47 AM on March 24, 2006
Just to be clear on a topic mentioned a couple of times above: Whether your laptop itself was password protected or not at this point is immaterial.
Once your laptop is accessible to someone else physically it is trivial (for someone with the know-how) to get your data, whether you have a login and password set up or not. For example, one way to bypass them is boot up via CD to another OS and copy the contents of the harddrive somewhere else.
Just consider everything on that laptop compromised.
posted by poppo at 6:54 AM on March 24, 2006
Once your laptop is accessible to someone else physically it is trivial (for someone with the know-how) to get your data, whether you have a login and password set up or not. For example, one way to bypass them is boot up via CD to another OS and copy the contents of the harddrive somewhere else.
Just consider everything on that laptop compromised.
posted by poppo at 6:54 AM on March 24, 2006
poppo: if you are talking about OS passwords, you are correct, but if the poster used a BIOS & hard drive password, his data should be somewhat safer.
posted by reverendX at 7:00 AM on March 24, 2006
posted by reverendX at 7:00 AM on March 24, 2006
reverend, you are also correct, but as you know very few people would be security-conscious enough to set up or even know of such a thing.
in any case, i wanted to correct what ppl above had said regarding passwords...to me, it was a bit misleading
posted by poppo at 8:07 AM on March 24, 2006
in any case, i wanted to correct what ppl above had said regarding passwords...to me, it was a bit misleading
posted by poppo at 8:07 AM on March 24, 2006
disillusioned writes "Still, a Windows password is frustratingly difficult to crack without certain tools and know-how"
Yep, but it's not that hard to change. Just yesterday I used a boot disk and a utility I found with 30 seconds of googling to log on and change the admin password of a Windows box in a classroom, because nobody remembered the old password (common occurrence in the hand-me-down systems our labs seem to end up with).
The BIOS boot password is your best option, because you never get to the point at which a boot disk becomes useful. What with the BartPE disk I used, or a Knoppix or other live Linux build that can read NTFS, anyone with boot access can get your data.
Hell, if they're determined enough they will bypass a boot password by simply yanking out your HDD, dropping it into a USB enclosure and reading it from another system. The boot password just makes the rest of the hardware unusable for them.
If you're totally paranoid, go for the boot password + encrypt files with the Windows password. Of course you will want to make a password recovery disk, otherwise if you forget your password you're screwed.
As for myself, I freely admit that my laptop is insecure and always will be. I'm reasonably careful with it, but like many people I find that the added security measures are more of a pain in the ass to me than they are worth. My system remembers website passwords and does an auto-login on boot. The illusion that a password protects my data from someone physically sitting at the keyboard doesn't hold any water for me. I see it as akin to those who leave the car door unlocked, because replacing a stolen radio is better than replacing both a stolen radio and a broken window.
Not much help on the current issue, sure. All I can say is don't treat it as a safe place for your data, back up regularly, and keep a hard copy of the records that are stored only on the drive (and of places that can easily be accessed using the info the computer remembers for you).
posted by caution live frogs at 10:52 AM on March 24, 2006
Yep, but it's not that hard to change. Just yesterday I used a boot disk and a utility I found with 30 seconds of googling to log on and change the admin password of a Windows box in a classroom, because nobody remembered the old password (common occurrence in the hand-me-down systems our labs seem to end up with).
The BIOS boot password is your best option, because you never get to the point at which a boot disk becomes useful. What with the BartPE disk I used, or a Knoppix or other live Linux build that can read NTFS, anyone with boot access can get your data.
Hell, if they're determined enough they will bypass a boot password by simply yanking out your HDD, dropping it into a USB enclosure and reading it from another system. The boot password just makes the rest of the hardware unusable for them.
If you're totally paranoid, go for the boot password + encrypt files with the Windows password. Of course you will want to make a password recovery disk, otherwise if you forget your password you're screwed.
As for myself, I freely admit that my laptop is insecure and always will be. I'm reasonably careful with it, but like many people I find that the added security measures are more of a pain in the ass to me than they are worth. My system remembers website passwords and does an auto-login on boot. The illusion that a password protects my data from someone physically sitting at the keyboard doesn't hold any water for me. I see it as akin to those who leave the car door unlocked, because replacing a stolen radio is better than replacing both a stolen radio and a broken window.
Not much help on the current issue, sure. All I can say is don't treat it as a safe place for your data, back up regularly, and keep a hard copy of the records that are stored only on the drive (and of places that can easily be accessed using the info the computer remembers for you).
posted by caution live frogs at 10:52 AM on March 24, 2006
The BIOS boot password is your best option, because you never get to the point at which a boot disk becomes useful. What with the BartPE disk I used, or a Knoppix or other live Linux build that can read NTFS, anyone with boot access can get your data.
No, there's always a way to reset/flash the BIOS (and the password).
I second the above comments that the thief was probably stealing your laptop to resale, and wasn't trying to commit identity theft (seriously, if you're going to commit identity theft with computer hardware, its 10 times easier to just go buy old hard drives at garage sales and undelete data).
As for the 'phone home' software, yes this exists. Try googling PC phone home.
posted by onalark at 11:28 AM on March 24, 2006
(sorry, the BIOS boot statement should have been italicized, I was trying to refute the point)
posted by onalark at 11:29 AM on March 24, 2006
posted by onalark at 11:29 AM on March 24, 2006
I've been robbed before, and it *sucks*. I feel for you.
As for keeping your home safe, make sure the exterior is well lit, so the burglar won't have privacy while breaking in. Get an alarm so once they're in, there'll be a ruckus and they'll only have a few minutes (rather than a few hours) to grab stuff.
Document everything you own. I do this in a fairly sloppy way, by occasionally taking photos of all of our stuff, and shoving them onto a private web site. If I didn't already have a ton of stuff, I'd make a spreadsheet with acquisition date, description, value, and a digital snapshot of each thing (and possibly a snapshot of the receipt).
posted by I Love Tacos at 11:29 AM on March 24, 2006
As for keeping your home safe, make sure the exterior is well lit, so the burglar won't have privacy while breaking in. Get an alarm so once they're in, there'll be a ruckus and they'll only have a few minutes (rather than a few hours) to grab stuff.
Document everything you own. I do this in a fairly sloppy way, by occasionally taking photos of all of our stuff, and shoving them onto a private web site. If I didn't already have a ton of stuff, I'd make a spreadsheet with acquisition date, description, value, and a digital snapshot of each thing (and possibly a snapshot of the receipt).
posted by I Love Tacos at 11:29 AM on March 24, 2006
You can place a fraud alert at the 3 credit bureaus. When you write to them (and a letter is best) you can include a 50 word statement to be included on your record.
When you ask for the fraud alert, make sure you request that any new accounts/requests for credit call you first before authorizing or establishing any new credit. Even if they have all your personal data, they can't be at your house to field that final phone call to open the fraudent account, so it does offer you some protection. The alert doesn't last too long, though, you will probably have to renew it. Good luck!
posted by 45moore45 at 2:29 PM on March 24, 2006
When you ask for the fraud alert, make sure you request that any new accounts/requests for credit call you first before authorizing or establishing any new credit. Even if they have all your personal data, they can't be at your house to field that final phone call to open the fraudent account, so it does offer you some protection. The alert doesn't last too long, though, you will probably have to renew it. Good luck!
posted by 45moore45 at 2:29 PM on March 24, 2006
Response by poster: I have had (as you might imagine) sporadic internet access today, but I want to thank everyone for their very helpful words, and will respond at more length when I get home later. (The boyfriend's computer was on him at the time, thank God.)
I have called the credit bureaus and yes, apparently they can put a fraud alert on your SSN without actual fraud having occurred yet. So that's a comfort. I've closed all the bank accounts and credit cards. Beginning to feel better. (Brave smile.)
posted by catesbie at 4:24 PM on March 24, 2006
I have called the credit bureaus and yes, apparently they can put a fraud alert on your SSN without actual fraud having occurred yet. So that's a comfort. I've closed all the bank accounts and credit cards. Beginning to feel better. (Brave smile.)
posted by catesbie at 4:24 PM on March 24, 2006
Response by poster: Again, thanks to everyone for your advice. Yes, the police were called immediately. Made a claim with insurance. The cops now have the serial number as well - but to be honest, getting the computer back is the least of my worries. To respond to several of you, according to the cops, right - the thief was probably just a crackhead looking for a quick resale. But it's the guy the thief knows he can sell to who's the real problem, and apparently they're quite a highly organized little underground economy.
"Damn internet banking" refers to the fact that I agreed to have all of my bank statements delivered to me electronically rather than mailed.
As for the password issue, let's just say that I'm a moron. But poppo is correct - the password issue is probably immaterial on a Mac.
So if I have placed a fraud alert with the credit bureaus, nobody can get away with using my SSN? That seems awfully simple, but that's the impression I'm getting.
Thanks for the sympathy, everyone - and I promise the question wasn't an elaborate way to get everyone to feel sorry for me.
(An only-moderately-related aside: USAA rocks. If any of you have any family connection whatsoever with the US military, USAA needs to be your insurer. It's almost like dealing with people rather than a corporation. I want to marry my insurance company - which may be the first time those words have ever been typed in that order.)
posted by catesbie at 5:13 PM on March 24, 2006
"Damn internet banking" refers to the fact that I agreed to have all of my bank statements delivered to me electronically rather than mailed.
As for the password issue, let's just say that I'm a moron. But poppo is correct - the password issue is probably immaterial on a Mac.
So if I have placed a fraud alert with the credit bureaus, nobody can get away with using my SSN? That seems awfully simple, but that's the impression I'm getting.
Thanks for the sympathy, everyone - and I promise the question wasn't an elaborate way to get everyone to feel sorry for me.
(An only-moderately-related aside: USAA rocks. If any of you have any family connection whatsoever with the US military, USAA needs to be your insurer. It's almost like dealing with people rather than a corporation. I want to marry my insurance company - which may be the first time those words have ever been typed in that order.)
posted by catesbie at 5:13 PM on March 24, 2006
« Older One provider for cellphone internet services in... | I want to be healthy and happy again. Newer »
This thread is closed to new comments.
Can't really give you any advice other than the itunes - afraid it's all lost, afaik they won't let you redownload (up to you to keep backups). You could send a nice email and see what they say though
good luck!
posted by twistedonion at 5:21 AM on March 24, 2006