Some advice needed

[brutus]

Let's face it. 2024 was a bitch. Especially in the personal privacy aspect for me. Here's the rundown:

March 2024 - I receive notification that my healthcare supplier (or a third-party clearinghouse company) was hacked through some software that was less than totally secure. Data stolen includes name, address, date of birth, possibly medical ID number for health insurance and/or social security number.

August 2024 - I read about the National Public Data data breach. Go to a site to check if my data was involved in this breach. Yes, it was. Name, addresses (including past addresses), DOB, phone number (past, but not sure about the present one), SSN. Frankly, this info has probably been on the dark web for years through other data breaches.

At about the same time as I'm finding out about NPD, I was informed by the company that ran the pharmacy that I used (now in Chapter 11 bankruptcy) that they had a data breach and I might be involved in that. In October I get confirmation that I was a part of that breach when my bank and credit card company - that also offers identity protection services - informed me that my driver's license number had turned up on the dark web.

After finding this out I started to take action. I put a fraud alert on all three credit bureaus. Two days later I added a credit freeze to all three as well. I thought about filing a report with IdentityTheft.gov, but I think that is only done when you have evidence that your identity was actually stolen, not just when the information is out there. I also plan to apply for an ID number with the IRS so someone can't try to get tax refunds in my name.

I've been checking out the best ID Theft Protection services. The best ones seem to be Aura, LifeLock by Norton, IdentityForce, Zander, Identity Guard, IDShield, IdentityIQ and Experian IdentityWorks. The first two listed seem to be the best rated services. Aura also seems to be one of the best values for their service.

Now for the part where I could use some advice. Has anybody had to use any of these companies who could comment on customer service or other strengths/weaknesses with them? Do I need investment/retirement account monitoring? Note here, I am 60 and still working, have been investing and saving for retirement for a long time. Am I fine if I just use the identity protection service offered by my credit card company? They offer $1 million in insurance but I'm not certain yet what they offer for identity restoration.

Is there anything that I might have missed?

[Craiglxviii]

If you don’t already use it, Microsoft Authenticator is a must. Ensure two-factor authentication is enabled on all your devices and accounts, and ensure that login for all or as many accounts on as many platforms as possible goes through it.

I suffered a serious data breach 2 years ago, lost a big chunk of money and ended up as you have discovering this the hard way.

[brutus]

I have two-factor authentication enabled on every account I can think of. That I can think of is the part that can come back to bite me in the butt, though. I'm hoping that I haven't forgotten to change one. I've always used strong passwords on my accounts, but in the last couple of years I've started using more difficult to guess usernames (somebody would have to know me rather well to guess those). I figured an obscure username increases my security as much as a strong password - real names or e-mail addresses as usernames just make things that much easier for hackers.

I am probably overreacting a little. While talking to my sister last fall she said that her identity had been stolen twice since she moved to California 15 years ago. I had e-mailed a link to a site that would allow her to check her info from the NPD breach. I told her that I had found three addresses in our town and one in another town about 60 to 90 minutes away that had her name and SSN attached even though she had never lived at any of them. So that makes three times for her.

Part of me feels like I should overreact a little, though. The data is out there, but as far as I know nobody has attempted actual identity theft yet. If I'm lucky, it might not ever happen. I'm just not one to trust to luck on something like this. If it did happen and someone was able to clean out the investment and retirement accounts, the one million dollar insurance probably wouldn't cover it. Accept some risk but try to be as careful as possible might be the best course available for me.

Thanks for the help.

[Craiglxviii]

Yes. Absolutely DO overreact. I use two of the ID theft protection platforms you’ve mentioned, I have my credit profile locked and I make regular checks on all my login activity. MS Authenticator will show you any login activity (successful or not) from any accounts you have lodged there too, which can be eye opening.

[Nightwatch2]

I’ve been using Norton and Lifelock. Happy with both.

Beyond that my advice is to

“Drink heavily”

[jemhouston]

Check with credit card / groups you have membership with to see if they have free / discounted services.

[Belushi TD]

I’ve been using Norton and Lifelock. Happy with both.

Beyond that my advice is to

“Drink heavily”

"You should listen to him. He's in pre-med."

[brutus]

Craig, I took your advice and downloaded MS Authenticator. I'll see what that reveals when I finish setting it up.

I’ve been using Norton and Lifelock. Happy with both.

Beyond that my advice is to

“Drink heavily”

The more I think about it, between my bank and credit card company monitoring services (plus I still have time on the monitoring service that was provided after the medical service hack last year), I should be well covered on that front. So I should find a service with good restoration services in case things do hit the fan. I will be looking into that shortly.

Check with credit card / groups you have membership with to see if they have free / discounted services.

My credit card (the one with the cashback bonus) monitors quite a few things (vital info, phone numbers, e-mail addresses, credit card numbers, bank accounts, health insurance card & passport numbers) and they send me a copy of my credit report from all three credit bureaus each quarter.

I’ve been using Norton and Lifelock. Happy with both.

Beyond that my advice is to

“Drink heavily”

"You should listen to him. He's in pre-med."

As a former resident of Alaska, you of all people should know the danger of waking up with a hangover that could kill a bear. At this point in my life it would be easy to do that.

Are there any other precautions or steps that I might have missed?

Thanks to all of you.

[kdahm]

Are there any other precautions or steps that I might have missed?

Thanks to all of you.

Be sure you drink plenty of water with your booze, so you stay hydrated.
Drink higher quality booze in slightly lower amounts to reduce impurities.
Don't mix different fruity drinks.
Hide the keyboard and phone before drinking. Drunk posting can cause terminal embarrasment
Have a sober friend. Have a sober friend present.
Put the firearms away. Be wary of strong drink. It can make you shoot at tax collectors....and miss.

[JBG]

And avoid the grain and the grape…

Jonathan

[Michael]

And avoid the grain and the grape…

Jonathan

So mead is still OK then?

[Craiglxviii]

And avoid the grain and the grape…

Jonathan

So mead is still OK then?

Always! But- only if you want wobbly legs for a while afterwards!

[rtoldman]

excellent topic - my "data" has been stolen so many times Ive lost count. So far Ive never had a problem but it worries me. I have two factor authorization on everything that supports it. There are so many accounts that require email as the login. I think Ill look into the authenticator application.

There are ai scams out there now that try to get you to talk on the phone so they can replicate your voice. Scary.

[Jotun]

In October, somebody bought an iPhone, an IPad and one set of those ridiculous Apple in-ear headphones along with a mobile phone contract with my bank data. Under my name, but at an address where I never lived. Due to numerous issues, I only realized four weeks ago that 140 Euros were deducted from my bank account monthly since October 2024, along with sundry related deuctions totaling just slightly more than 1200 Euros.
I called the mobile provider, managed to convince them that it hadn't been me who had ordered the phones and the contract, they gave me the phone number the contract was callec in with, the phone number given out with the contract, the delivery address and other data, which I compiled into a nice little package and filed charges against "unknown" for fraud. The criminals were not very smart, that much is clear.
My bank has already begun the process of re-deducting the money from the phone service provider, who are absolutely on board with this, and the money should be back in my account by next week or so.

Since the delivery address was in Kiel and I last lived there thirteen years ago, I guess the bank account information has been siphoned off literally over a decade ago.

[Craiglxviii]

In October, somebody bought an iPhone, an IPad and one set of those ridiculous Apple in-ear headphones along with a mobile phone contract with my bank data. Under my name, but at an address where I never lived. Due to numerous issues, I only realized four weeks ago that 140 Euros were deducted from my bank account monthly since October 2024, along with sundry related deuctions totaling just slightly more than 1200 Euros.
I called the mobile provider, managed to convince them that it hadn't been me who had ordered the phones and the contract, they gave me the phone number the contract was callec in with, the phone number given out with the contract, the delivery address and other data, which I compiled into a nice little package and filed charges against "unknown" for fraud. The criminals were not very smart, that much is clear.
My bank has already begun the process of re-deducting the money from the phone service provider, who are absolutely on board with this, and the money should be back in my account by next week or so.

Since the delivery address was in Kiel and I last lived there thirteen years ago, I guess the bank account information has been siphoned off literally over a decade ago.

I found out a few years back that someone opened up credit accounts in my name, at my student address from 1999.

Luckily they weren’t approved!

[brutus]

excellent topic - my "data" has been stolen so many times I've lost count. So far I've never had a problem but it worries me. I have two factor authorization on everything that supports it. There are so many accounts that require email as the login. I think I'll look into the authenticator application.

There are ai scams out there now that try to get you to talk on the phone so they can replicate your voice. Scary.

As I said earlier, I've known for some time that my data has been out there, too. The news about the driver's license made me realize that I would be far better off dealing with this. The earlier the better. I think that there is a point where so much data can become available that it becomes too easy or too tempting for them to resist.

Do whatever you feel needs to be done.

. . . Since the delivery address was in Kiel and I last lived there thirteen years ago, I guess the bank account information has been siphoned off literally over a decade ago.

Not necessarily. It could have been only a few months ago. Nobody ever deletes information. In December, a letter showed up in my mailbox. It was addressed to my father. It was from a medical imaging company and said that they had a data breach several months earlier and his information was compromised. My father died 16 years ago. They didn't need to keep his information for this long. But it never goes away.

In late November I hit a deer. It ran out in front of my truck. Totaled it. The insurance company wanted to send an electronic payment to settle the claim, they just needed my bank routing and account number. Since this was just after finding out about the DL being on the dark web I told them to send me a check because I didn't want my bank information on their computers where it could scooped up in a data breach in the future. They complied.

[Belushi TD]

Every few months, my wife gets junk mail addressed to her first name and her married name from her first marriage.

That marriage ended in 1998, and my wife changed her name back to her maiden name on EVERYTHING.

We got married in 2005, so she's not gone by her maiden name since then. We've also lived in 3 or 4 different addresses since then. NONE of them was she living at under her name from her first marriage.

The marriage was very abusive and she goes into a funk for a while every time she gets one of these pieces of junk mail.

NONE of the companies who are advertised on the junk mail seem to give a shit that the ad company they're paying is using names and address that are obvious bullshit and they are not getting their money's worth for the ad campaign. They ARE, of course, losing money by being jerks to either myself or my wife when we try to point out the problem with their ad company because we stop using them, and get our family to stop using them.

Belushi TD

[David Newton]

No one ever deletes information. In December, a letter showed up in my mailbox. It was addressed to my father. It was from a medical imaging company and said that they had a data breach several months earlier and his information was compromised. My father died 16 years ago. They didn't need to keep his information for this long. But it never goes away.

Hence the GDPR and earlier data protection legislation requirement that data is kept only for as long as it is needed for the original purpose it was collected for until and unless further permission or necessity comes into place (and no marketing wanting to run a campaign is NOT an exception to getting rid of the data unless originally collected for marketing purposes).

[rtoldman]

I still get spam mail for my deceased father

[kdahm]

Got an insurance letter for the previous owner of my house the other day. That I've been living in for more than two decades. Considering they were retired when they sold, they're probably ded by now. At least the magazines for the wife of the pair have stopped coming, because they were for crystal woo and chakra doodads and healing essences.