How data breaches go beyond financial theft

Security breaches are nothing new. We learned this back in 2013 when Target lost data, again in 2014 when the White House was hacked, and back in 2017 when Equifax fell victim to a cyberattack. And here we are again, years later, with Capital One acknowledging their security breach of personal information.  

For this latest breach, there is some good news though... no credit card account numbers, nor login credentials were obtained. Only names, addresses, credit scores, credit limits, and account balances, along with approximately 140,000 social security numbers, were among the data points that were compromised. Let me repeat that...only names, addresses, credit scores......well, you get the idea. 

Following in Equifax’s prior footsteps, Capital One will likely offer some form of credit monitoring service for those one million account holders that were affected. The problem with this generous offering is that identity theft comes in more forms other than just financial theft. 

In fact, financial identity theft that can be monitored pretty easily. You can change your passwords regularly. You may also consider using a password aggregator, like LastPass. Some vendors offer a two-step verification processFor example, Amazon (and many financial institutions), provide a One-Time Password (OTP). It is a unique 6-character code that can only be used once and is sent only to your registered mobile number. After entering your user ID and password, you will also be required to enter the correct OTP to complete the login process. While it is burdensome, it’s worth it.  
Be sure not to click or respond to unsolicited or suspicious emails or texts, and be wary of emails and phone calls asking for personal information, especially from Capital One right nowThis is the perfect time for nefarious people to target those most vulnerable. Hang up the phone and call the company or financial institution directly if you feel your account information has been compromised.  

Monitor your bank and credit card accounts regularly. Some financial institutions have “alerts” you can set up to notify you of activity over a certain dollar amount on your account. Example: ALERT: $25 at Walmart.  

Monitor your credit reports using AnnualCreditReport.com. You can pull all three (Equifax, Experian, and Transunion) at once, or space them out and do one every four months. This will allow you to catch fraud much quicker versus only viewing it once a year and limit the potential damage. 

Monitor your credit score through your credit card. Many financial institutions offer this free service, but if yours doesn’t, Credit Journey through Chase offers the service to everyone.

You can establish a “Fraud Alert through the credit bureaus.  A fraud alert is good for 90-days.  You will need to set the alert on each of the three bureaus. If someone tries to apply for a loan, you will receive an alert notifying you of the attempt. 
You can also set a “Credit Freeze” on your reports. A freeze is just like it sounds...it will freeze all access to your credit reporting information. It prohibits the credit rating company from disclosing your personal information, effectively preventing anyone from opening a credit card or loan in your name. You'll need to lift the freeze if you want to open a line of credit yourself. Just like an alert, you will need to request the freeze from each of the three bureaus.   

What a Fraud Alert or Credit Freeze can’t do is protect your identity in areas like Medical ID theft, Criminal ID theft, and Tax ID theft. These are a bit more difficult to provide oversight for. The sad, and frightening, issue is that other than reducing your exposure, along with a bit luck, your personal information is at risk. 

Remember all of those (“only”) names and addresses that were exposed? Those are now subject to the risk of medical and criminal identification theft, and these thefts can have some startling ripple effects. 

Medical ID theft: This happens when someone presents themselves as you when obtaining medical treatment.  

Let’s say someone shows up at the hospital emergency room, whether injured or sick, seeking medical treatment. They provide your name and address; the same name and address they purchased for, let’s say $25 online. They run up thousands of dollars in medical charges in your name. Now, prove it wasn’t you… 
Criminal ID theft: Maybe even a bit worse, someone presents themselves as you when they’re arrested or cited for a crime. You may end up with a warrant. You may wind up in jail. This information may even hinder your background check for security clearance with your employer.

Living in a military base town, extensive background checks and security clearances are common practice. Not being able to pass the background check, or being denied a security clearance could cost you your job, along with the medical insurance that comes with it. 

Trying to clear your name may end up costing you thousands of dollars, the money you may not be able to afford without the job. 

Monitoring services like LifeLock, Identity Force, and ID Watchdog offer assistance in the aftermath of an identity theft incident, but none have been able to prevent the theft altogether. These thefts often happen across different systems that aren’t connected. So, while the companies attempt to monitor your information, it’s difficult to cover all of the ways you can be targeted.  

It will be interesting to see what all Capital One comes up with to compensate for their cybersecurity vulnerability.  

These are the things that keep me up at night-