By Heather Engel, Sera-Brynn, Executive Vice President
As security professionals, we at Sera-Brynn know how challenging it is to keep information secure.
A hacker only has to be right once, IT Security has to be right every single time, thousands of times in a single day.
As consumers we have a right to information protection, but after all the breaches, all the times your credit card has been replaced, and all the times we unthinkingly hand over personal information in a single day (frequent buyer card anyone?) we can’t rely on companies to keep our data secure.
Anthem suffered a massive data breach this year that affected up to 80 million records. They reported that data lost included names, home address, home phone number, home e-mail address, date of birth, health plan identification number, and Social Security numbers for some members. Credit Card information and confidential health information was NOT taken and investigations are continuing. Email scams with links to malware and attempts to capture more personal information are already widespread.
As a consumer, what should you do now? Here are the answers to some questions I’ve been asked in the last three days:
My data is gone, what will happen to my information?
Data is typically sold on the Internet Underground. Social Security Numbers are worth about $1, complete medical records can fetch $50 or more. The more information in a record, the more it will cost on the black market.
With the information lost in the Anthem breach, it would be easy for someone to get a new credit card, open a cell phone or utility account, file a fake tax return, or get a government issued ID like a driver’s license. In the case of health plan information, insurance could be used to obtain medical services. Often, insurance fraud is an attempt to get legitimate prescriptions for drugs with a high street value like Xanax, OxyContin, or Vicodin.
So what should I do?
If your information was taken, you should have been notified by Anthem already, and credit monitoring and identity protection is available at no cost. I recommend you go a step further and personally notify one of the big three consumer credit reporting agencies (Equifax, Experian, and TransUnion). While you’re at it, request a free credit report and actually look at it. Make sure there are no discrepancies. Track down anything you don’t recognize.
Is that it?
Nope. Big data breaches have become the norm, and like it or not as consumers our behavior has to change to take responsibility for our data. Is it fair? No. Is it a pain? Yes. Is it necessary? Absolutely.
Here’s your to-do list regardless whether you are or were an Anthem customer:
- File your tax return ASAP. ASAP means now. In 2013, the IRS paid out $5.2 billion in refunds filed with fraudulent identities. Last week, TurboTax suspended e-filing of state tax returns because of an increase in suspicious filings. All the information necessary to file a fraudulent tax return was stolen in the Anthem breach.
- Change passwords and challenge questions. Email addresses were stolen and with all the other info taken, it would be easy to reset the password, and then use that to reset other accounts. Even if you weren’t an Anthem customer, your password probably isn’t as strong as it could be, or you are using the same password across multiple accounts.
- Stay on top of your financial health. We recommend reviewing bank accounts and credit card accounts at least weekly if not daily. Most have text or email alerts that you can set up for unusual charges, for example those that exceed a limit you set or charges made online.
- Don’t Give Out Your Info Just because Someone Asks For It. I recently took my kids to an indoor bounce place, and the waiver asked for my SSN and driver’s license number. I declined, but all around me were parents handing over that data without a second thought. Every time I shop I’m asked for my phone number, email, or to sign up for a shopper’s card. Decline, decline, decline! Choose carefully and don’t be afraid to say “no thanks”.
- Don’t panic. If you stay on top of things, you’ll be much more likely to catch suspicious activity. Be careful when opening emails related to the breach – carefully check links before you click and scan any attachments.