It is a harrowing place to find yourself. The only way a credit account can be opened in your name is if someone has your name, Social Security Number (SSN) and date of birth. If that's the case, then you have be on your toes for the rest of your life. With your SSN, taxes can be filed in your name, credit can be opened in your name, insurance and medical benefits can be purchased in your name, etc.
In this case, my friend's data had been disclosed through the Premera Blue Cross breach of January 2015. It was not his fault.What do you do if this happens to you?
Your first four tasks:
- Contact all three credit bureaus to put fraud alerts on your credit and freeze your credit with all three bureaus. It is a good idea to freeze the credit of your spouse and children, as well.
- File a report with the Federal Trade Commission (FTC). All of the help you need to report identity theft and get a recovery plan together is at the FTC site https://www.identitytheft.gov/. Here is a great summary document to guide you through all the steps: Taking Charge: What to Do if your Identity is Stolen.
- Call your local police and make a report. Obtain a copy of the report.
- Call the bank where the scammer opened an account in your name and report it to the fraud department.
Afterward, as an extra precaution, change your user names and passwords on all your sensitive accounts everywhere (banking, insurance, retirement, brokerage, credit bureaus, IRS.gov, TurboTax/Intuit, benefits, payroll, personal email, etc.). It is imperative that you employ unique, strong, long passwords. If two-factor authentication is available, use it.
Remember this forever: The fraudster has your SSN and may sit on that information for years before using it. This is why, in an earlier blog posting, I recommend that you freeze your credit, regardless of whether or not you think your SSN is in someone else's hands. For most of us, I suspect it's only a matter of time before we become victims too.
In addition to freezing your credit, file your taxes early every year and, I repeat: do not use weak passwords on any online accounts. Make sure your passwords are unique, and don't share them with anyone.