Another day, another disheartening news story about a data breach, this time compromising T-Mobile customers’ personal information, including Social Security numbers, addresses, and birthdates. Apparently hackers stole the information from Experian, the credit bureau that T-Mobile uses to check consumers’ credit records when they apply for phone plans or financing to buy phones.
It’s a hassle when your credit card number is stolen – though you aren’t going to be held responsible for fraudulent charges, you still have to get a new account number from your card issuer, change your profile wherever it includes your old credit card information, and notify anyone who automatically bills to your card. But the information that was stolen in this breach can’t be changed, and someone could use it to open new accounts in your name, steal your tax returns, apply for employment or government benefits, and even to claim to be you in court!
There is some controversy about whether T-Mobile should provide victims with free credit monitoring provided by Experian, where the breach occurred in the first place, but no matter what credit monitoring service is used, it’s not enough. Credit monitoring can help you find out if someone has used your personal information to open a new account, but it won’t necessarily detect all new-account fraud, and it won’t detect other kinds of uses that don’t show up in credit reports, such as tax ID fraud. And the problems that can result from a breach involving these types of data can be difficult to resolve. In this case, victims may need a service that provides more than advice about how to resolve them.
They may also benefit from freezing their credit reports, which can help to actually stop fraudsters from opening new accounts using their data. While many states have laws entitling consumers to put security freezes on their credit reports for free under certain circumstances, it would be great if data breach victims had a universal right to request free freezes.
Speaking of free, there’s plenty of free advice for ID theft victims available from good sources such as the Federal Trade Commission and the Identity Theft Resource Center. CFA’s www.IDTheftInfo.org website provides links to these and other resources.
But the question remains, what are we going to do to make consumers’ personal information more secure? How can we prevent these breaches, and how can we ensure that if hackers get the data, it’s in a form that makes it unusable? Until we act to ensure that data is better-secured, we’ll continue to have another day, another disheartening news story about a data breach.