What to do if your identity is stolen

Yesterday a co-worker discovered that he'd been the victim of identity theft when he determined that an American Express card had been opened in his name and charges were run up to $20,000. He came to me for help.

It is a harrowing place to find yourself. The only way a credit account can be opened in your name is if someone has your name, Social Security Number (SSN) and date of birth. If that's the case, then you have be on your toes for the rest of your life. With your SSN, taxes can be filed in your name, credit can be opened in your name, insurance and medical benefits can be purchased in your name, etc.

In this case, my friend's data had been disclosed through the Premera Blue Cross breach of January 2015. It was not his fault.What do you do if this happens to you?

Your first four tasks:

• Contact all three credit bureaus to put fraud alerts on your credit and freeze your credit with all three bureaus. It is a good idea to freeze the credit of your spouse and children, as well.

• File a report with the Federal Trade Commission (FTC). All of the help you need to report identity theft and get a recovery plan together is at the FTC site https://www.identitytheft.gov/. Here is a great summary document to guide you through all the steps: Taking Charge: What to Do if your Identity is Stolen.

• Call your local police and make a report. Obtain a copy of the report.

• Call the bank where the scammer opened an account in your name and report it to the fraud department. 

As for calling the bank involved, know that you may not get very far with it because the perpetrator opened the account with your name and SSN but with different contact information (address, phone, email, etc.). The bank cannot discuss the account with you if they can't validate you as the account holder. Be prepared for this and don't let it frustrate you.

More tips:

Afterward, as an extra precaution, change your user names and passwords on all your sensitive accounts everywhere (banking, insurance, retirement, brokerage, credit bureaus, IRS.gov, TurboTax/Intuit, benefits, payroll, personal email, etc.). It is imperative that you employ unique, strong, long passwords. If two-factor authentication is available, use it.

Remember this forever: The fraudster has your SSN and may sit on that information for years before using it. This is why, in an earlier blog posting, I recommend that you freeze your credit, regardless of whether or not you think your SSN is in someone else's hands. For most of us, I suspect it's only a matter of time before we become victims too. 

In addition to freezing your credit, file your taxes early every year and, I repeat: do not use weak passwords on any online accounts. Make sure your passwords are unique, and don't share them with anyone.