Best ID Theft Protection? Pay Attention!
When it comes to choosing the best ID theft protection strategy, the smartest move anyone can make is, simply, to pay attention. While that recommendation might seem obvious and even appear to be limited in value, the last thing you want to do when confronted with even the possibility of identity theft is to bury your head in the sand.
By paying attention to who has your personal information and how you can help protect it, you put yourself way ahead of those who don’t. Here’s why: Your information is “out there,” just waiting to be exposed. That exposure doesn’t have to be the result of a major data breach by, say, a healthcare or financial services company. It could come from an unintentional move on the part of someone who has possession of your data—or even you.
In this article, we’ll examine the personal information that’s at stake and what you can do to help safeguard it—whether you want to take a do-it-yourself approach or enlist outside help.
ID theft protection basics
Let’s start with what’s at stake. Each of us has a slew of what’s known as PII—personally identifiable information. These are pieces of data that identify who we are. Here’s how the U.S. General Services Administration defines PII:
“Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.”
That definition covers a lot of ground. Here’s a pretty good list of different types of PII, as spelled out by the University of Pittsburgh. As you look at this, think about how the items apply to you.
- Name: full name, maiden name, mother’s maiden name, or alias
- Personal identification numbers: Social Security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
- Personal address information: street address or email address
- Personal telephone numbers
- Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
- Biometric data: retina scans, voice signatures, fingerprints, or facial geometry
- Information identifying personally owned property, such as a vehicle identification number, or title number
- Technology asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
Quite a list, huh? And that’s not everything that makes up PII—just some good examples. Also, as the University of Pittsburgh spells out, there’s still other information that, alone, isn’t PII, but “when linked or linkable” to other PII, it can be used to identify a person:
- Date of birth
- Place of birth
- Business telephone number
- Business mailing or email address
- Geographical indicators
- Employment information
- Medical information
- Education information
- Financial information
How ID theft can hurt you
You should strive to protect the items in these lists and any other similar data that an identity thief could use to pretend to be you. What they can do with it may boggle your mind. It’s pretty incredible unless you think like a criminal. Here’s a worst-case scenario:
A Florida woman I spoke with, Priscilla, first realized she was a victim in 2013 when she attempted to file her income taxes. Turned out, someone had filed them a month earlier—in her name, using her Social Security number. And that was just the beginning.
Authorities later notified Priscilla that she owed fees for driving on toll roads in a different part of the state from where she lived. The problem was, she didn’t own the vehicle. Turns out, an identity thief had taken out an auto loan, purchased a vehicle, and registered and bought car insurance for it—all in Priscilla’s name. The thief had also racked up moving violations and parking tickets. The thief even renewed Priscilla's driver’s license and opened multiple credit cards and cable and satellite TV services in her name. Oh, one more thing. The thief had an accident in a car rented in Priscilla’s name, prompting the car rental company to sue—Priscilla, not the thief.
What does it mean to the victim when something like this occurs? Well, in addition to the headaches and lost sleep, in this instance, Priscilla said her credit score plummeted, the state suspended her driver’s license, and, because of the suspended license, she almost lost her job. The impact lasted for years—from the 2013 income tax fraud to the rental car fraud in 2016.
What happened to Priscilla offers a few noteworthy examples of what identity thieves can do with someone else’s personally identifiable information. And that’s just one victim. Thieves can also open bank loans, obtain medical treatment, and more. So, clearly, there’s good reason to pay attention to what’s going on with your PII.
My annual credit report
You might wonder where credit protection services and your credti report fit into identity theft protection. To be sure, knowing what’s going on with your credit report is important. If someone uses your personal information to open a new line of credit in your name and without your knowledge, you might never know until that account is in default for non-payment, thus negatively affecting your credit history and credit score.
After considering such risk, you might say, “I want to get my credit report.” It’s relatively easy to do so. You’re entitled to a free copy of your credit report annually from each of the three major credit agencies, Equifax, Experian and TransUnion. To do so, visit AnnualCreditReport.com. Our articles on credit reports and credit scores provide additional information on these important topics.
Your personal information—who has it?
Have you thought about who has access to your personally identifiable information? No doubt, a lot of folks. In this era of online accounts, smartphones, and apps, we share our PII in ways that weren’t even possible a decade ago. Consider everyone from your doctor’s office and healthcare company to government agencies and your favorite retailers. What kinds of information are you giving them, and how well are they protecting it?
Take your doctor’s office or hospital, for instance. When you fill out their paperwork—with your full name, birth date, Social Security number and more—you’re handing over critical PII. Do they need it? It may pay to ask. Some healthcare providers ask for your Social Security number, so they have it for debt-collection purposes, but that doesn’t mean you have to give it to them. After all, if you have health insurance, the doctor’s office will use your subscriber number to submit claims. On Medicare? Then you’re out of luck for now. Your Medicare ID includes your Social Security number. That begins to change in 2018, when the government agency starts mailing replacement cards with a “Medicare Beneficiary Identifier.”
To be sure, most medical office employees are law-abiding people, but it just takes a few bad apples to illustrate what can happen. In 2017, a grand jury indicted a hospital secretary in Florida on several counts, including possession of patients’ personal information—birth dates and Social Security numbers. The indictment said the secretary stole the information and gave it to accomplices who used it to file fraudulent tax returns.
Large healthcare companies aren’t immune either as we’ve seen in recent years. And the healthcare hits just keep on coming. In 2016, according to the website hipaajournal.com, there were 329 healthcare data breaches, exposing more than 16 million records.
Of course, data breaches go well beyond healthcare to virtually every other industry. According to the Identity Theft Resource Center, there were over 1,000 breaches in 2016. Those breaches spread across multiple sectors, including educational, government, financial services, and, of course, medical and healthcare.
Protecting your personal information
Given the potential exposure of your personally identifiable information, what can you do? It helps to limit that exposure as much as possible. There’s little you can do if an entity with possession of your PII suffers a data breach, but you can be very careful with the kind and number of entities with whom you share your information. How? Here’s one example: When shopping online, stick with companies you know and trust. They’re more likely to implement the cybersecurity measures to help protect customer data. That doesn’t mean they won’t suffer breaches, but the right security measures may minimize the impact. Plus, a well-known, well-respected business is more likely to “do the right thing” to ensure minimal damage to its reputation following a breach. A fly-by-night retailer has much less at stake. You may pay more for the known-and-respected business’s products, but the additional cost could be worth it—if your PII is safer.
7 tips to help protect your identity
As you go about your life, it pays to be as careful as possible with your personal information. Here are some tips to keep in mind:
- Before throwing away any paperwork that contains personal information, shred it. Believe it or not, dumpster diving remains a popular means of stealing PII.
- Secure your mailbox with lock and key, or use a mail slot. Like digging through trash cans, grabbing mail from an unsecured mailbox is also a popular identity theft tactic.
- Protect your online accounts with complex passwords, which include upper- and lowercase letters, numbers, and special characters.
- Don’t use the same password on more than one account. You don’t want a breach on one account to lead identity thieves to your others.
- Don’t carry your Social Security card with you. You don’t want such an important piece of your PII to be at risk if you lose your wallet.
- Just say no. Don’t hand over your PII just because someone asks for it. Ask questions to determine whether they need it—and how they’ll protect it.
- Don’t make purchases or financial transactions or sign into accounts while on public Wi-Fi. An identity thief, armed with special tools and software, may also be on the same Wi-Fi network, monitoring your actions.
It also makes sense to keep an eye on the news, looking for information about new data breaches. If they affect businesses with whom you do business—retailers, banks, even email providers—you’ll want to know. And if they don’t, you can breathe a sigh of relief, knowing your personal information wasn’t affected—this time.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.