–Or at least our bank was, and that’s pretty creepy, don’t you think?
The letter from the bank about this turn of events seemed ominous. First, it was dated November 3 and arrived on November 9. That meant, we suspected, that the evil-doers had had nearly a week to do their evil without our knowledge. Why was our bank so lackadaisical?
But a check of our accounts showed no questionable activity during the past week.
Said letter also was murky about what had happened. As the bank hastened to note in the first sentence, it “values and respects the privacy” of our information. So the bank people thought it was a good idea to advise us of “a recent incident that may have involved” some of our personal information.
Specifically what information? Well, our social security numbers (SSNs), of course. Specifically how was that information exposed? In “one email account.”
But my spouse and I are diligent about never supplying our social security numbers to anyone via emails. Oh, wait! For an appointment with a new doctor, I’d recently signed on to a medical “Mychart” that had requested my social security number. When I tried to continue registering without it, the instructions were that if I didn’t add it, I couldn’t register. I had reluctantly added the info. Could that massive medical organization have been compromised? Well, sure.
Turns out that wasn’t what happened either. A follow-up phone call to the bank clarified what the poorly worded letter hadn’t–or maybe the bank’s legal counsel thought that murky verbiage was the safe approach?
The email was not, in fact, ours: it was the bank’s internal email. And our names and SSNs may not have been in an email at all. Though an “unauthorized third party gained access to one email account,” no one’s sure what that unauthorized third party saw or didn’t see.
But since our social security numbers (and apparently all the bank’s other customers’ SSNs) had potentially been visible through this antisocial data derring-do, the bank was offering “guidance on what you can do to protect yourself, should you feel it is appropriate to do so.” (As in, “if you don’t do this, you’re a real dope, and don’t blame us…”)
*A complimentary one-year membership to Experian IdentityWorks Credit 3B. Choosing this option entitles us to an immediate credit report. Other features include monitoring our credit, restoring our identities if compromised (!), continued Identity Restoration support even after the year’s membership has expired, and up to $1 million Identity Theft insurance covering some costs and unauthorized electronic fund transfers.
*An Additional Important Information Sheet that seemed to be for those who didn’t want the Experian offering. It included enough info to turn protecting our personal identities and credit ratings into a full-time job.
We can obtain a free copy of our credit report once every 12 months from each of the three credit reporting agencies–Experian, Equifax, and TransUnion.
Or if we’re really worried, we can purchase a copy of our credit report from any of these agencies (contact info helpfully included).
We could place a fraud alert on our credit report so that creditors inform us if anyone tries to establish a new account in our names.
Or we can put a credit or security freeze on our credit file so that a PIN must be given to access our info. We’d have to do that for each of the three credit companies.
And we can review the Federal Trade Commission’s tips on how to avoid identity theft. (Might one of these tips be: “Find another bank”?)
For starters, I just activated my free membership to Experian IdentityWorks Credit 3B. To qualify, I had to enter my social security number online. Sure hope nobody hacks them.
What Would Annie’s Readers Do? Have you gone through something like this? If so, how did you have to respond, and how did everything turn out?
Annie
annieasksyou... 
The most recent institutional hack we’ve experienced was of our hospital. That was a huge deal. No one could get records, or X-rays, or make an appointment, or cancel one, or attend their cancer screenings . . . No one could get blood tests, or prescription refills, or see their PT, and all nonessential services were halted. Tell that to the migraine sufferers, or the so-called optional hip replacement people, or the elective plastic surgery folks, or, or. Not even the dialysis folks could get in to see a doc. As I have a few friends in the system, I heard how the FBI roamed the halls and prowled the vast record offices, the old school paper files and the digital. Accounting, the C-suite, the wards . . . they were even spotted in pediatrics. (Pediatrics? Really?) We got long letters from the chief administrator that at first I read, and then I didn’t. Honestly, brevity is a gift if you’re truly trying to communicate tough stuff. The local news suspected a ransom situation which I believe turned out to be correct, but I don’t know the amount or if it was paid. That information was never made public. The Russians were blamed, and I believe that, too, was correct, but again, I couldn’t swear to it. Our hack, it turned out, was one of many hospitals across the country. SSN? They had everyone’s along with everything else about us, the lowly patients. And the personnel files of the docs. And the department notes, and budget projections and so on and so forth. It was a mess. Glad you’re done with yours and glad we are too. These are complicated times. As for Experian, I don’t know if I could find the energy for it. Let us know how it works out.
LikeLiked by 1 person
Oh, my! That was a terrible ordeal. Our brief encounter seems paltry indeed.
Thanks very much, Denise.
LikeLike
Annie, it’s unfortunate they didn’t give more details so you could evaluate the level of risk involved, but on the plus side they did offer some security solutions for the worried, none of which I’ve ever heard of here. I’ve never experienced anything like that, but last week the whole health care system/computer in Newfoundland (our smallest province) got hacked, the largest hacking job in Canada so far. They were after ransom, but if they knew anything, they might have realized that Newfoundland is practically bankrupt and has no money to pay out!
LikeLiked by 1 person
Wow, Joni! That story sounds like “Revenge of the Hackees.” Kinda like a bank robber finding an empty safe. Some rough justice there. Thanks for providing that information.
LikeLiked by 1 person
I have a doctor friend who works in Nfld – she said it was a nightmare going back to paper. I think it was down for five days. Well they say the next war will be technology based and you can already see how easy it is to cripple key systems.
LikeLiked by 2 people
It is a potential nightmare.
LikeLiked by 2 people
I put a freeze at all three credit agencies and it must work because twice I’ve tried to open a local department store credit card and it was not allowed. I would have had to unfreeze them, which I needed up not doing.
But nothing is foolproof anymore..
LikeLiked by 1 person
Thanks, Mary. Good it works; too bad it’s so inconvenient! And of course you’re right. If all these behemoths can be hacked, who’s invulnerable?
LikeLike
The world in which we live which includes data breaches, I guess. Earlier this year I was informed by the CFO of my company that someone had filed an unemployment claim in my name. She gave me a list of things to do which I did. I filed a report with the state to let them know it wasn’t me who filed that claim. I checked everywhere and didn’t see any nefarious activity. I check periodically anyway. Next up: hubby received a phone call from a police station in a nearby suburb. Someone tried to cash a Citibank check in his name? That same day he received in the mail information from the District Attorney of the county that suburb is in. He spoke to the investigator at the police station and she said she would keep him informed. This was several months ago and we haven’t heard anything more. I know that for myself I have checked various lists of breaches and my information was in at least one of those lists over the years but, so far, nothing bad has happened. Thank goodness! I never found my husband’s SSN though. I too never give out my Social Security number and especially not in emails. The one who filed an unemployment claim in my name really puzzles me though. That was a new one!
LikeLiked by 1 person
Wow, tobyo! Those are both vexing problems. And yours is indeed puzzling. I would think that person would have left an address to get the fraudulent checks. Is it possible it was a technical error? Anyway, thanks for sharing your experiences. Hope you’re both spared further troubling incidents.
LikeLike
Well, so far neither has been an issue. Thank goodness! I continue to be on the lookout however, just in case.
LikeLiked by 1 person