I have often written about security concerns in this column and worry that I will start to sound like a broken record (remember records?) or become the Tech Boy Who Cried Wolf. I certainly don’t want to be a party poop or come off as a scold! That said, today’s topic is as serious as it gets, so hold on to something: it has recently come to light that hackers have stolen the Social Security numbers of everyone in America!
Say what now?
According to this recent LA Times article, “… about four months after a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker, a member of the group has reportedly released most of it for free on an online marketplace for stolen personal data. The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Interest Research Group.
‘If this, in fact, is pretty much the whole dossier on all of us, it certainly is much more concerning’ than prior breaches, Murray said in an interview. ‘And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.’”
I could write another column on how angry I am about this and the various factors that made something like this possible, which aren’t all technical; some are political. However, this is not the time for the Blame Game — trust me, I will be pointing some fingers in future posts. Instead, it is paramount that you first grasp the gravity of the situation and then take some of the actions I will suggest.
Not Your Typical Breach Notice
We’ve become so inundated with the boilerplate “we’re letting you know of a recent incident” letters and emails we receive with increasing frequency that we’re becoming accustomed to them. This one, however, is much different and even more frustrating because — other than some news stories — it’s not getting nearly the traction it should in the public consciousness. So let me say this as plainly as I can:
Thanks to this enormous breach of public trust, The Bad Guys now have access to your name, Social Security number, date of birth, mailing address and more.
As the LA Times points out, “A fraudster could create fake accounts in your name or try to talk someone into resetting the password on one of your existing accounts… the possibilities are endless.” As horrible as identity theft is, that’s just the tip of the iceberg.
Once Again, It’s Up To Us To Fix This
In a perfect world, a government agency would be all over this, cooperating with the financial sector to stop the chaos before it starts. That is not the world we live in. As with previous incursions, we are the ones who will have to deal with this mess. Frustratingly, it will require more than merely changing a password here and there — although this shines an even brighter light on why passkeys are more desirable than passwords.
Also, in the plus column, if you use a password manager like iCloud or 1Password that supports 2-factor Authentication, you are more protected if someone tries to log in as you. And yes, if you couldn’t figure it out already, my next column will be about passkeys! Anyway, back to the mayhem.
The situation is so severe that the first thing you should consider doing—which I immediately did after hearing the news—is freezing your credit at all three major credit agencies. Do this as soon as you can; don’t put it off. Thankfully, you can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name. The only downside is that you’ll need to remember to temporarily lift the freeze if you are applying for something that requires a credit check.
Freezing In Summer
You can initiate a credit freeze over the phone or via each agency’s website. Do not respond to an unsolicited text, email or call purporting to be from such an agency: that is yet another scam currently being circulated. When you freeze your credit online, the credit agency in question may ask you to create a free account first, which is fine; remember to create a complicated, random jumble of letters, numbers and symbols for the password. Also, be aware that they will try to upsell you on services you don’t need, so ignore any ad screens they throw at you until you get to the free credit freeze screen.
To freeze your credit at Equifax, click here
To freeze your credit at Experian, click here
To freeze your credit at TransUnion, click here
If you are married or with a significant other, each of you will have to create an account and then request a freeze; there is currently no “family plan” available from any of these agencies.
Next Steps
A credit freeze—and diligent monitoring of your financial accounts for felonious activity—is an excellent first step. However, you may want to consider going further and using a “monitoring” service that watches over all your accounts (and I mean all of them) to prevent identity thieves from getting a foothold in the first place. I researched several and chose Aura, which has a stellar reputation and offers a comprehensive plan for couples currently on sale for $180 a year. I’m unsure how long that will last, so jump on that if this interests you. Go to Aura’s website for more info on what the company provides and how it works.
If you go with a service like Aura, be prepared to spend at least one to two hours setting everything up, as the more info you give them, the more comprehensive their protection will be. You might wonder, “What if THEY get hacked?” That hasn’t happened yet, primarily because the people who run Aura know what they are doing regarding security, unlike so many public and governmental agencies that still use decades-old software. (I’m looking at you, IRS. And Southwest Airlines.)
That’s A Wrap!
I look forward to writing future columns about Fun Tech Stuff — the things that make me smile. This wasn’t one of them, but sometimes, that is what being an adult is all about. Which reminds me of my favorite Facebook meme this week: “I understand being a responsible adult … but every day? Every single day? That seems excessive.”
Your friendly neighborhood Tech Daddy
Tech Daddy Substack Founding Members
Leigh Adams Edgar Johnson
There is actually an online market place for stolen personal data? How depressing is that?
Thanks for the heads up Tech Daddy.
Question: We have been using 1Password for many years now per your instruction. How important is it to use those long passwords within 1Password?