Eva Velasquez, chief executive of the nonprofit
Identity Theft Resource Center, says government agencies have much more personal data than a retailer usually has, therefore the potential impact of a breach is greater.
You should be prepared to move quickly if your data is compromised, and you should arm yourself against the fraud, said the head of the 15-year-old group that provides free assistance to consumers.
Crain's Wealth: How can people better protect themselves when it comes to vulnerable data?
Ms. Velasquez: There are two things they can do. First, find out about organizations like mine and know how to get in touch with the
Federal Trade Commission and have these resources available. Second, with many financial accounts, depending on the institution, there are levels of protection, detection and notification that consumers can ask to have proactively turned on. For instance, you can have alerts put on your credit card so that every time there is a charge where the card isn't present you get a text or an email. They're worth the small inconvenience factor.
CW: Should Americans be more worried about data breaches from government organizations like the IRS than corporate hacking incidents like Target?
Ms. Velasquez: The focus should be on understanding what information has been breached, because not all breaches are created equal. With the Target breach, which got so much attention, it was payment card theft. That's an inconvenience and it can have a particularly big effect on people if the payment card is a debit card, but that type of fraud and identity theft can be stemmed rather easily because you simply change that account. It's much more complex when you have your social security number and other types of personally identifying information compromised. That allows the thieves to actually open new lines of credit and commit other types of identity theft by using your information. The government data breaches are worrisome because often times the government has much more information than just your payment card, and consumers should be paying attention.
(More: Get ahead of the worsening news on the IRS data breach )
CW: What's the first step someone should take if they get a letter from the IRS or any other entity that says their data may have been compromised?
Ms. Velasquez: They need to verify that it's legitimate. As soon as there is a legitimate breach, the scamsters come out and start reaching out to people. They usually will send an email and build a fake website. The second thing is to understand what information has been comprised. Until you know what information of yours is out there, you can't build a plan on how to remediate that. Depending on whether it's a Social Security number or payment card information, they require different actions from the consumer.
CW: Should everyone have their credit frozen by the credit rating agencies and just 'thaw' it when they make big purchases or need a loan?
Ms. Velasquez: Credit freezes are the most robust protection an individual consumer can put in place to protect themselves from financial identity theft. However, they really aren't for everyone because you need to consider how often your credit is used. If you are in the middle of trying to build credit, or purchase a home, or maybe you have security clearances, you will need to thaw it every time, and there's a fee involved every time you thaw it and refreeze it. And you have to freeze it with all three credit agencies.
There's definitely a convenience versus security factor. Additionally, you're given a PIN on the letter from the credit reporting agency, and if you lose that PIN, it can be very, very difficult to then get it back.
CW: What's the biggest mistake consumers make that leads to identity theft?
Ms. Velasquez: When they engage with someone online and they don't verify who they are talking to. For instance, they get an email that says it's from their IT department and they just assume that it is.
CW: What's the solution to that?
Ms. Velasquez: Verify. For example, if you get a note from your bank asking for your password and PIN number, rather than responding to that email or calling the phone number in that email, go to your bank's website and call the customer service number and say, “Are you trying to reach me?”
