After Equifax disclosure, victims of data breaches talk of initial terror, then vigilance
The New York Times
One man said his name had been used to set up a fraudulent company that processed payments made with stolen credit cards. A woman said her bank had told her she was being sought by a collections agency — her Social Security number had been used to open a wireless account that was never paid off.
In the wake of the disclosure Sept. 7 by Equifax that hackers had compromised its collection of private information, potentially affecting 143 million Americans, The New York Times asked readers to tell their own tales of being hacked. Some previous victims of data breaches have also taken to Twitter.
David Anderson said his personal information had been stolen four times in four years.
During the 2013 holiday season, hackers gained access to personal and financial detailsfor as many as 110 million Target customers, including Mr. Anderson. The next year, a breach at the University of Maryland, where Mr. Anderson earned his doctorate, affected309,000 people.
In 2015, an intrusion into computer systems for the government’s Office of Personnel Management affected 21.5 million people. Mr. Anderson, a business school professor in New York, was one of them.
And then there was the breach at Equifax, one of the country’s three major credit monitoring agencies. Social Security numbers, driver’s license numbers and other sensitive data for 143 million Americans were in the mix, the company said.
But Mr. Anderson was lucky: The thieves have not used his information so far.
Many people can’t say the same. The consequences of cyberattacks can be devastating and take years to untangle, at great financial and personal cost. Last year, 15.4 million American victims of identity theft lost $16 billion, an increase in both victims and losses from the previous year, according to Javelin Strategy & Research.
But hackings often go unnoticed — at first.
One man said the thieves had so ruined his credit, he was unable to secure a needed mortgage refinance.
Janis Barbour said her Social Security number was used to fraudulently file taxes in Ohio. She and her husband live in Berkeley, Calif.
They learned of the theft only when the IRS confronted them for not declaring a tax refund as income. And that was just one problem.
Her credit card details were stolen in data breaches at Target and Home Depot, she said. A digital attack at her health insurance provider made more private information vulnerable.
She said she had spent nine months trying to get the IRS to agree that her identity was stolen. She had to report the intrusion to local police, then file an affidavit, then contact the credit bureaus and then the Ohio government.
Ms. Barbour, a retired marketing researcher, said she has never had a physical credit card or Social Security card stolen. Several years ago, she and her husband locked their credit reports from activity from outside parties.
Then on Sept. 8, she learned she and her husband were included in the Equifax breach. “It feels like there’s nothing you can really do to protect yourself,” she said.
In the first half of 2017, there were a record 791 data breaches in the United States, up 29 percent from the same period a year earlier, according to the Identity Theft Resource Center. From Jan. 1, 2005, to Sept. 5 of this year, more than 907 million records were exposed in nearly 8,000 attacks.
Asa result, consumers like Kate Fairweather feel that they cannot prevent their information from leaking into theshadows of the internet.
“I thought, ‘Well, here we go again,’” said Ms. Fairweather, an employee of the Federal Emergency Management Agency, who found out two weeks ago that the Equifax attack made her data vulnerable two years after it was stolen in the Office of Personnel Management hacking.
Michael Harwood, an engineering manager in Melbourne, Fla., said his informationwas stolen two years ago.
“Initially, it’s really terrifying, especially having your Social Security number taken,” said Mr. Harwood, who noticed a mysterious attempt to transfer $1,000 from his bank account. “You’re worried about the tremendous implications this could have and the possibility of it goingon for years.”
He said he had managed to trace the transaction through his PayPal account to his eBay profile, where he discovered an intrusion that laid bare a trove of personal information.
He spent the next month trying to repair the breach. He went to the local police station, set up a program to screen for suspicious activity stemming from his Social Security number and financial data, changed his eBay password and created a new bank account.
That meant a long wait for new credit and debit cards, a temporary freeze of his assets and a hold on withdrawals and transfers while the bank handled the move.
“That was a major pain,” Mr. Harwood said, adding that his original account and routing numbers had been linked to a slew of automated payments and shopping sites, including Amazon and travel booking sites. “It ends up being fairly farreaching and inconvenient — you’re still making discoveries months later that there’s another account you have to correct.”