Identity Theft

Are you one of the 145 million affected by the eBay Breach?

Here is what you need to know and what to do about it.

 

What Do I Need to Know About the eBay Data Breach

In early May, eBay, working with the FBI and an outside security firm discovered that hackers had stolen the credentials of several employees and infiltrated their corporate network. According to Alan Marks, and reported by the New York Times, eBay’s senior vice president of global communication, that once inside these criminals were able to copy a database of all of eBay’s 145 million customers. The breach occurred as early as late February prompting many to wonder why it took eBay so long to detect.

According to David Wenig, President, eBay Marketplaces,these cyber criminals now have names, email addresses, birth dates, physical addresses and phone numbers of 145 million people and all that information in unencrypted. They also have 145 million encrypted passwords.

It has not been announced how long these criminals have had this information but one should expect the encryption to be broken shortly if it has not been already.

The size and scope of this breach rivals some of the biggest data breaches ever including the recent Target breach which exposed the personal information of 110 million people including some financial details on 40 million. eBay has consistently stated that no financial information has been exposed and that PayPal data is stored encrypted on a different server which was not breached.

You can get official updates from eBay here.

What Do I Need to Do

First of all, if you used your eBay password for PayPal it is imperative that you immediately change your Paypal password in addition to your eBay password. In fact, this should be standard practice for all sites where you used the same password as you did on eBay.

This may seem obvious to some but its worth repeating since, according to a survey initiated by Software Advice, 67% of internet users haven’t changed passwords after Heartbleed.

You need to change your password on all sites that had the same password as your eBay account.

Also, if you don’t already have identity theft protection then today is a good day to consider this insurance as explained here.

Next, be aware of phishing attacks which could become more sophisticated with all the details hackers are gaining on Americans. You know those poorly written emails, the obvious phishing ones we see all the time, well those work, that’s why you keep seeing them. No, they don’t work on the majority of people, and certainly not our readers, but they’re not intended to work on us. Only the people who fall for them could be taken in the subsequent fraud that results from the reply. In other words people are qualifying themselves as gullible so the perpetrators aren’t wasting their time on people who will not fall for the scam.

The easy to spot, go after the gullible people, phishing attacks could quickly change. With a well written email and demonstration of already known personal information the criminals may gain the trust of non-suspecting people who would not normally fall for a phishing attempt. Combine this with the fact it is easy to copy the look and feel of a site or just copy the whole site exactly as is and you have a recipe for disaster. The website may look exactly like your banks except the URL is one letter off and the information you send or password you change doesn’t really go to your bank.

Phishing is increasingly becoming more sophisticated. This is why credentials, or personal information, is now traded for more money on the black market then credit card details, though this has possibly been enhanced due to the large number of credit cards dumped there from the Target data breach.

Speaking of which, reports that information exposed in the eBay breach has reached the black market have not been confirmed. The breach was so large that one would obviously find eBay customer details on the black market even before the breach. In other words, if you took any sample of 145 million people you would find some of their information for sale in those illegal channels. Hopefully the FBI will nail the culprits before our personal information exposed in this breach is released en masse.

Finally, please start to consider what information a company truly needs from you.

As Hugh Boyes, from the Institution of Engineering and Technology, told the BBC, “The Information Commissioner makes the point that organizations should keep the minimum information necessary so why do eBay need to hold and store dates of birth and addresses?”

“As an occasional eBay user, I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth.

“This is serious from an identity theft perspective. The only item they are missing is the mother’s maiden name and they have sufficient information to impersonate an individual when dealing with many financial organizations.”

In summary, your information is not safe, never has been never will be. We wrote a series of articles about this over 6 years ago and things have only gotten worse since.

It’s time Americans and the whole world wake up to the new reality of identity theft and start protecting themselves.

Think about it, only 1/3 of Americans changed a single password after the Heartbleed incident. I think we have become far to complacent with our personal information and it is going to bite those people in the butt one day.

Don’t be one of them. At least start by changing all your passwords at all sites that used the same password as your eBay account. I beg of you, start now with eBay and PayPal and keep going or at the very least buy identity theft insurance of some sort. We cannot just sit idly by hoping things are going to be alright. Please take action.

 

Again in my travels down the road of life I have experienced a personal bout with identity theft that gave me pause. Somehow, my debit card got hacked, and I found out about it due to a call from my bank. A woman on the phone asked me – while I was sitting in my friend’s home in Seattle – whether I had just been in North Carolina purchasing over three thousand dollars in athletic equipment. While I would love to have the money to make such a purchase, the benefactor of such products was certainly not me.

Luckily, my bank was able to reverse the charges before the money was pulled from my account, which can be very difficult to recover with a debit card. I hadn’t entered my debit card information online, and I had my wallet on my person, so I have absolutely no idea how an identity thief was able to get my information.

Sometimes it does happen that way. You’re doing everything right and you simply get blindsided by the behavior of others. This is one of the worst ways to be victimized, when you know that there is pretty much nothing you could have done to prevent it.

Thankfully, if you have someone looking out for you, you will still be all right. In my case, it was my bank, but in your case it could be an identity theft protection plan. I have no doubt that some companies, like LifeLock for example, would have caught that funny activity and asked me about it too. I may not have caught it on my own since I was traveling and not regularly checking my bank statements. Well, I would have noticed it when I tried to pull money and suddenly realized that I didn’t have any.

The lesson, always have someone on your side that can help you to make things right. This is true not only in identity theft but in life. Remember that anyone can be a victim of someone elses irresponsible behavior. This is my third time as an identity theft victim and I write about identity protection for a living.

My advice to you is to take the threat of identity theft seriously and make sure you are doing all you can to protect yourself and your family.

Borrowing money can be stressful. When you do so you are making a guarantee that you will pay the funds back according to the agreed-upon terms, or you face certain consequences. As if this wasn’t trying enough, things can be a lot worse if you borrow from a lender of ill repute and it ends up using your personal information.

Unless you’re borrowing money from a friend or relative, you will have to provide some details about yourself in order to take out a loan. Most likely, the lender will ask for your name, address, Social Security number and some of your financial information to prove that you are qualified to take out the loan. This is to be expected. The problem arises when the lender is not who it seems to be.

Lenders to be especially wary of are those who advertise solely over the Internet, specialize in payday or car title loans, or have ads posted places like fliers on light poles. No matter how badly you need cash now, you have to be very careful where you borrow it from. The safest places are national or community banks and credit unions. Credit unions often have better loan rates, but they also have barriers to membership, such as a certain town of residence.

A good practice to take before working with a lender you haven’t heard of is to check its rating with the Better Business Bureau. But be careful. A lot of the scammers will change the company name pretty frequently, so if a company isn’t listed at all, it should raise a red flag.

Your best bet in finding a lender if you’re having trouble is to speak with a trusted friend or family member; someone who has your best interests at heart. It’s best to prevent having your identity stolen instead of having to do damage control after it happens.

Also, if you borrow from a bad lender, you may not end up getting the money you need to pay your bills. You could end up with a check that bounces and be in even more financial trouble than you were before.

 

While anyone can become a victim of medical identity theft, which is a type of identity theft that occurs when a person uses your information to get healthcare or file for payments through your insurance company, it can be especially prevalent among seniors, especially those on the Medicare program. With this in mind, the Department of Health and Human Services released a new brochure late last year outlining steps people can take to protect themselves.

Some of the tips were fairly obvious, such as not giving your Social Security number out over the phone, while some of them may be new information regarding scams that specifically target older Americans. For instance, the brochure mentioned that sometimes thieves will approach people in a shopping center and offer them free items or services if they give them their Medicare account numbers. If people don’t know that thieves engage in this practice they may consider doing so. Other tips in the brochure include:

*Hang up if someone calls claiming to be administering a health survey in which they need your Medicare number.

*Never lend your Medicare card to anyone, even friends or family. It’s illegal and it could lead to ID theft.

*Check all of your medical bills to ensure there aren’t any unfamiliar services or dates on them.

*Look at your credit report to see if there are any unpaid medical bills on record.

*Contact the Federal Trade Commission at 1-887-IDTHEFT and the Department of Health and Human Services at 1-800-HHSTIPS if there are any discrepancies on your payment records you cannot resolve simply by speaking with your healthcare provider.

Seniors can also contact their local SMP, which is an organization that works to help them combat health care fraud. The number is 1-877-808-2468.

According to Price Waterhouse Coopers in a 2011 Healthcare Report, medical identify theft was the fastest-growing form of identity theft in 2010 and affected 1.42 million Americans.

People over 65 make up 6% of the identity theft victims in the United States each year according to the Identity Theft Data Clearinghouse. Considering that there were over 8 million victims in 2011, this adds up to about 500,000 separate cases. This definitely makes the case for identity theft protection pretty strong for people that fall into this age group.

Some may think that if they are retired they are at a lower risk for identity theft. But this crime is often not tied to employment, but rather to financial transactions and other sharing of personal information. Medicare has a huge database of personal information that is vulnerable to a data breach. It happened at the Department of Veterans Affairs in May of 2007, when 250,000 Medicare and Medicaid records released.

Our site, IdentityTheftLabs.com, offers lots of information on available identity theft protection plans. There is a plan catered to pretty much everyone’s needs, regardless of age or employment status. Take the time today to find the right protection for you and your family.

 

I’ve written before on the subject of tax-related identity theft and how common it is that it happens during tax time. I’ve also told you that you need to contact the IRS if you find out that an identity thief filed a return in your name. I’ve never followed up on what happens after you do this, though. A recent presentation by J. Russell George, Treasury Inspector General for Tax Administration (TIGTA) shone some light on the subject.

George told Congress that there are several problems with the way the IRS handles identity theft. These include:
Resolutions take too long, sometimes more than a year.
 New returns for those who have had theirs compromised are not processed quickly. 
Guidelines for what to do are conflicting, confusing, and incomplete. 
Data is not used properly for noting trends to prevent future crimes.

This doesn’t mean that the IRS isn’t doing anything to help prevent identity theft. Its deputy commissioner, Steve Miller, attested that the agency stopped over 325,000 fraudulent returns from going through, saving taxpayers from $1.75 billion in fake refunds, by using filters in its software. It’s also public knowledge that the agency is working on more ways to prevent thieves from using the tax information for deceased persons.

However, according to TIGTA, the number of victims of tax-related identity theft more than doubled between 2010 and 2011. The 2011 number is more than 650,000 individuals. While tax time is over for the year, unless you have filed an extension and are taking your time, or you are fighting with the IRS because you are a victim of identity theft – it is not too early to think about protecting your identity from fraud for next year. Why not sign up for an identity theft protection plan? It’s better than counting on the IRS notifying you of a crime or racing to try to file your return before the identity thief does.  Even that may not protect you. It’s better not to find out the hard way.