–Or at least our bank was, and that’s pretty creepy, don’t you think?
The letter from the bank about this turn of events seemed ominous. First, it was dated November 3 and arrived on November 9. That meant, we suspected, that the evil-doers had had nearly a week to do their evil without our knowledge. Why was our bank so lackadaisical?
But a check of our accounts showed no questionable activity during the past week.
Said letter also was murky about what had happened. As the bank hastened to note in the first sentence, it “values and respects the privacy” of our information. So the bank people thought it was a good idea to advise us of “a recent incident that may have involved” some of our personal information.
Specifically what information? Well, our social security numbers (SSNs), of course. Specifically how was that information exposed? In “one email account.”
But my spouse and I are diligent about never supplying our social security numbers to anyone via emails. Oh, wait! For an appointment with a new doctor, I’d recently signed on to a medical “Mychart” that had requested my social security number. When I tried to continue registering without it, the instructions were that if I didn’t add it, I couldn’t register. I had reluctantly added the info. Could that massive medical organization have been compromised? Well, sure.
Turns out that wasn’t what happened either. A follow-up phone call to the bank clarified what the poorly worded letter hadn’t–or maybe the bank’s legal counsel thought that murky verbiage was the safe approach?
The email was not, in fact, ours: it was the bank’s internal email. And our names and SSNs may not have been in an email at all. Though an “unauthorized third party gained access to one email account,” no one’s sure what that unauthorized third party saw or didn’t see.
But since our social security numbers (and apparently all the bank’s other customers’ SSNs) had potentially been visible through this antisocial data derring-do, the bank was offering “guidance on what you can do to protect yourself, should you feel it is appropriate to do so.” (As in, “if you don’t do this, you’re a real dope, and don’t blame us…”)
*A complimentary one-year membership to Experian IdentityWorks Credit 3B. Choosing this option entitles us to an immediate credit report. Other features include monitoring our credit, restoring our identities if compromised (!), continued Identity Restoration support even after the year’s membership has expired, and up to $1 million Identity Theft insurance covering some costs and unauthorized electronic fund transfers.
*An Additional Important Information Sheet that seemed to be for those who didn’t want the Experian offering. It included enough info to turn protecting our personal identities and credit ratings into a full-time job.
We can obtain a free copy of our credit report once every 12 months from each of the three credit reporting agencies–Experian, Equifax, and TransUnion.
Or if we’re really worried, we can purchase a copy of our credit report from any of these agencies (contact info helpfully included).
We could place a fraud alert on our credit report so that creditors inform us if anyone tries to establish a new account in our names.
Or we can put a credit or security freeze on our credit file so that a PIN must be given to access our info. We’d have to do that for each of the three credit companies.
And we can review the Federal Trade Commission’s tips on how to avoid identity theft. (Might one of these tips be: “Find another bank”?)
For starters, I just activated my free membership to Experian IdentityWorks Credit 3B. To qualify, I had to enter my social security number online. Sure hope nobody hacks them.
What Would Annie’s Readers Do? Have you gone through something like this? If so, how did you have to respond, and how did everything turn out?