After Equifax dis­clo­sure, vic­tims of data breaches talk of ini­tial ter­ror, then vig­i­lance

Pittsburgh Post-Gazette - - National - By Tif­fany Hsu

The New York Times

One man said his name had been used to set up a fraud­u­lent com­pany that pro­cessed pay­ments made with stolen credit cards. A wo­man said her bank had told her she was be­ing sought by a col­lec­tions agency — her So­cial Se­cu­rity num­ber had been used to open a wire­less ac­count that was never paid off.

In the wake of the dis­clo­sure Sept. 7 by Equifax that hack­ers had com­pro­mised its col­lec­tion of pri­vate in­for­ma­tion, po­ten­tially af­fect­ing 143 mil­lion Amer­i­cans, The New York Times asked read­ers to tell their own tales of be­ing hacked. Some pre­vi­ous vic­tims of data breaches have also taken to Twit­ter.

David An­der­son said his per­sonal in­for­ma­tion had been stolen four times in four years.

Dur­ing the 2013 hol­i­day sea­son, hack­ers gained ac­cess to per­sonal and fi­nan­cial de­tails­for as many as 110 mil­lion Tar­get cus­tomers, in­clud­ing Mr. An­der­son. The next year, a breach at the Univer­sity of Mary­land, where Mr. An­der­son earned his doc­tor­ate, af­fected309,000 peo­ple.

In 2015, an in­tru­sion into com­puter sys­tems for the gov­ern­ment’s Of­fice of Per­son­nel Man­age­ment af­fected 21.5 mil­lion peo­ple. Mr. An­der­son, a busi­ness school pro­fes­sor in New York, was one of them.

And then there was the breach at Equifax, one of the coun­try’s three ma­jor credit mon­i­tor­ing agen­cies. So­cial Se­cu­rity num­bers, driver’s li­cense num­bers and other sen­si­tive data for 143 mil­lion Amer­i­cans were in the mix, the com­pany said.

But Mr. An­der­son was lucky: The thieves have not used his in­for­ma­tion so far.

Many peo­ple can’t say the same. The con­se­quences of cy­ber­at­tacks can be dev­as­tat­ing and take years to un­tan­gle, at great fi­nan­cial and per­sonal cost. Last year, 15.4 mil­lion Amer­i­can vic­tims of iden­tity theft lost $16 bil­lion, an in­crease in both vic­tims and losses from the pre­vi­ous year, ac­cord­ing to Javelin Strat­egy & Re­search.

But hack­ings of­ten go un­no­ticed — at first.

One man said the thieves had so ru­ined his credit, he was un­able to se­cure a needed mort­gage re­fi­nance.

Ja­nis Bar­bour said her So­cial Se­cu­rity num­ber was used to fraud­u­lently file taxes in Ohio. She and her hus­band live in Berke­ley, Calif.

They learned of the theft only when the IRS con­fronted them for not declar­ing a tax re­fund as in­come. And that was just one prob­lem.

Her credit card de­tails were stolen in data breaches at Tar­get and Home De­pot, she said. A dig­i­tal at­tack at her health in­sur­ance provider made more pri­vate in­for­ma­tion vul­ner­a­ble.

She said she had spent nine months try­ing to get the IRS to agree that her iden­tity was stolen. She had to re­port the in­tru­sion to lo­cal po­lice, then file an af­fi­davit, then con­tact the credit bu­reaus and then the Ohio gov­ern­ment.

Ms. Bar­bour, a re­tired mar­ket­ing re­searcher, said she has never had a phys­i­cal credit card or So­cial Se­cu­rity card stolen. Sev­eral years ago, she and her hus­band locked their credit re­ports from ac­tiv­ity from out­side par­ties.

Then on Sept. 8, she learned she and her hus­band were in­cluded in the Equifax breach. “It feels like there’s noth­ing you can re­ally do to pro­tect your­self,” she said.

In the first half of 2017, there were a record 791 data breaches in the United States, up 29 per­cent from the same pe­riod a year ear­lier, ac­cord­ing to the Iden­tity Theft Re­source Cen­ter. From Jan. 1, 2005, to Sept. 5 of this year, more than 907 mil­lion records were ex­posed in nearly 8,000 at­tacks.

Asa re­sult, con­sumers like Kate Fair­weather feel that they can­not pre­vent their in­for­ma­tion from leak­ing into the­shad­ows of the in­ter­net.

“I thought, ‘Well, here we go again,’” said Ms. Fair­weather, an em­ployee of the Fed­eral Emer­gency Man­age­ment Agency, who found out two weeks ago that the Equifax at­tack made her data vul­ner­a­ble two years after it was stolen in the Of­fice of Per­son­nel Man­age­ment hack­ing.

Michael Har­wood, an engi­neer­ing man­ager in Mel­bourne, Fla., said his in­for­ma­tion­was stolen two years ago.

“Ini­tially, it’s re­ally ter­ri­fy­ing, es­pe­cially hav­ing your So­cial Se­cu­rity num­ber taken,” said Mr. Har­wood, who no­ticed a mys­te­ri­ous at­tempt to trans­fer $1,000 from his bank ac­count. “You’re wor­ried about the tremen­dous im­pli­ca­tions this could have and the pos­si­bil­ity of it goin­gon for years.”

He said he had man­aged to trace the trans­ac­tion through his PayPal ac­count to his eBay pro­file, where he dis­cov­ered an in­tru­sion that laid bare a trove of per­sonal in­for­ma­tion.

He spent the next month try­ing to re­pair the breach. He went to the lo­cal po­lice sta­tion, set up a pro­gram to screen for sus­pi­cious ac­tiv­ity stem­ming from his So­cial Se­cu­rity num­ber and fi­nan­cial data, changed his eBay pass­word and cre­ated a new bank ac­count.

That meant a long wait for new credit and debit cards, a tem­po­rary freeze of his as­sets and a hold on with­drawals and trans­fers while the bank han­dled the move.

“That was a ma­jor pain,” Mr. Har­wood said, adding that his orig­i­nal ac­count and rout­ing num­bers had been linked to a slew of au­to­mated pay­ments and shop­ping sites, in­clud­ing Ama­zon and travel book­ing sites. “It ends up be­ing fairly far­reach­ing and in­con­ve­nient — you’re still mak­ing dis­cov­er­ies months later that there’s an­other ac­count you have to cor­rect.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.