Introduction
Imagine your personal data as a website is constantly under attack, with cybercriminals looking for any weakness to exploit. As Jim Walker, The Hack Repair Guy, I’ve seen how a single vulnerability can lead to a full-scale breach. Today, I’m shifting gears from website security to personal data protection because they’re more closely linked than ever.
What We Know About One of The Largest and Latest Data Breaches
We’ve recently learned more about a massive data hack that exposed an astounding 2.9 billion pieces of data. That’s a billion with a B! This leak included millions of mailing addresses, driver’s license numbers, and, most worryingly, Social Security numbers.
A cybercriminal group started selling these massive data troves on the dark web in April 2024. This data reportedly included 2.9 billion records, impacting people in the US, Canada, and the United Kingdom. One of the primary data sources is reported to have been a company called National Public Data, a large consumer data broker. Now, you’ve probably never done business directly with them, but chances are, a company you’ve interacted with has.
If you’d like to learn more, check out the Krebs on Security article, “National Public Data Published Its Own Passwords.”
Are You a Victim? Here’s A Quick Way to Check
If you’re curious whether your data has been part of any leaks, there’s a website called “Have I Been Pwned” that can help. I tried it myself—I put in my personal email address and found out my data has been leaked over a dozen separate times! While most of these leaks may only result in some extra junk email in your inbox, in some cases, it can lead to much more serious consequences.
What Can I Do About It?
With every security expert I’ve spoken to believe that “everyone’s personal data has likely been compromised,” I recommend we focus on what we can do today to help reduce the impacts of personal data theft.
Let’s Start With a Few Basic Personal Data Safeguards
- Update your bank and other financial-related passwords at least once a year.
- Enable Two-Factor Authentication (2FA) wherever possible. This extra layer of security can dramatically reduce account compromise.
- Watch for Suspicious Activity: Regularly check your bank statements, credit card transactions, and online accounts for any unauthorized charges or activities.
- Monitor your accounts by using credit monitoring services.
I recommend that you sign up for credit monitoring services with Experian, TransUnion, or Equifax (how-to’s below). These services can alert you to any unusual activity on your credit report, such as new accounts being opened in your name.
How to Sign Up for Credit Monitoring Services
Below are the steps to sign up with each of the three major credit bureaus (Experian, TransUnion, and Equifax):
Experian
- Visit the Experian Credit Monitoring page.
- Click on “Start your free trial” or choose a paid plan.
- Create an account by providing your personal information, including your name, address, and Social Security number.
- Verify your identity by answering security questions based on your credit history.
- Set up your account preferences and alerts.
TransUnion
- Go to the TransUnion Credit Monitoring page.
- Select “Get Started” under the plan you prefer.
- Fill out the enrollment form with your personal details.
- Verify your identity through a series of questions about your credit history.
- Choose your alert preferences and complete the setup process.
Equifax
- Visit the Equifax Credit Monitoring page.
- Click on “Get Started” for the plan you want.
- Create an account by providing your personal information.
- Verify your identity by answering questions based on your credit file.
- Set up your monitoring preferences and complete the registration.
Note: While these services can be helpful, they often come with a cost after the free trial period. Always read the terms and conditions carefully before signing up.
Additionally, you’re entitled to one free credit report from each bureau annually through AnnualCreditReport.com, which can be another cost-effective way to monitor your credit yourself.
Protecting Your Social Security Information
Let’s start with protecting your Social Security information. The Social Security Administration has created some tools to help us, but it does require a bit of work on your part.
1. Create a My Social Security Account
This makes it harder for someone else to create an account in your name. Here’s how to do it:
- Visit the Social Security Administration website.
- Click on “Sign In” and then choose “Create an Account.”
- Follow the prompts to verify your identity and create your account.
2. Consider Using a Social Security eServices Block
An eServices block prevents anyone, including you, from seeing or changing your Social Security information online.
While a drastic step, this can provide significant protection against unauthorized access. Here’s how to set it as an eServices Block:
- Log into your My Social Security Account.
- Navigate to the “Security Settings” section of your account.
- Look for the option to request an eServices block. It may be listed under “Block Electronic Access.”
- Read the information provided about the implications of this block.
- If you decide to proceed, confirm your request.
Important Notes:
- Once the block is in place, you won’t be able to access your Social Security information online, even with your username and password.
- To remove the block or access your account, you’ll need to contact the SSA directly at 1-800-772-1213 (TTY 1-800-325-0778) or visit a local Social Security office.
- The SSA will require you to verify your identity in person or over the phone to lift the block.
For more information about eServices blocks and other Social Security online services, visit the SSA’s Block Electronic Access page.
Note: While an eServices block provides strong protection, it’s important to weigh the convenience of online access against the additional security. Do consider your personal circumstances and risk factors when deciding whether to implement this measure.
3. Direct Deposit Fraud Prevention Block
The Direct Deposit Fraud Prevention Block prevents unauthorized changes to your direct deposit information. This extra layer of protection ensures that your Social Security benefits are safely deposited into your designated account. Here’s what you need to know:
- Purpose: This block prevents anyone from enrolling in or changing your direct deposit information online, even if they have access to your My Social Security account.
- How to Set It Up: You’ll need to contact the Social Security Administration directly to request this block. You can:
- Call the SSA at 1-800-772-1213 (TTY 1-800-325-0778) Monday through Friday, 8 a.m. to 7 p.m.
- Or visit your local Social Security office in person.
- Verification Process: The SSA will verify your identity before placing the block on your account.
- Making Changes: If you need to change your direct deposit information in the future, you’ll need to do so in person at a Social Security office or by phone after going through identity verification.
Be sure to visit the SSA’s Account Security & Personal Information page for more information.
Note: While this block provides strong protection against online fraud, it’s still crucial to monitor your bank accounts regularly and report any suspicious activity immediately to both your bank and the Social Security Administration.
Guarding Against Tax Refund Theft
Another growing scam involves the theft of tax refunds. I know no one wants to contact the IRS voluntarily, but fraudsters can use your personal information to file a fraudulent tax return and have your refund sent to their bank account.
To protect yourself, the IRS recommends getting an Identity Protection PIN (IP PIN).
How to Request an IP PIN:
- Visit the IRS IP PIN Portal:
- Go to the IRS website and search for “Get an IP PIN.”
- Click on “Get an IP PIN” to be directed to the login page.
- Verify Your Identity:
- If you have an existing IRS account, log in using your credentials. If not, you’ll need to create one by clicking “Create an account.”
- Follow the prompts to verify your identity, which may include answering security questions or providing documents like your Social Security card and tax return information.
- Request Your IP PIN:
- Once your identity is verified, the system will generate your IP PIN.
- Note the IP PIN, which you will use when filing your taxes. The IRS will issue a new IP PIN each year, so you must repeat this process annually.
Freezing Your Credit
Just as we use firewalls to protect websites, freezing your credit acts as a barrier against identity thieves. This is a recommendation from the Consumer Financial Protection Bureau (CFPB). A credit freeze restricts access to your credit file, making it much harder for identity thieves to open accounts in your name.
How to Place a Credit Freeze:
- Contact the Credit Bureaus:
- Visit the websites of the three major credit bureaus: Equifax, Experian, and TransUnion.
- Search for the option to “Place a Credit Freeze” or “Security Freeze.”
- Submit Your Request:
- Follow the instructions on each site to submit your request. You may need to provide personal information such as your Social Security number, date of birth, and address.
- You may be asked to create a PIN or password to lift the freeze in the future.
- Confirm the Freeze:
- After your request is processed, you will receive confirmation that the freeze is in place. This can happen instantly or within one business day if requested online or by phone.
- Keep the confirmation details safe, as you will need them if you ever wish to lift or permanently remove the freeze temporarily.
- Lifting the Freeze:
- If you need to apply for new credit, visit the credit bureau’s website where you placed the freeze.
- Enter your PIN or password to lift the freeze temporarily. The bureau is required to lift the freeze within one hour of your request.
Digital Hygiene Practices
Now, let’s talk about some basic digital hygiene practices that can help protect you from data theft. These are similar to the best practices we use to keep websites secure, and I promise to break them down in simple terms.
1. Spotting Phishing Emails
Phishing emails are like digital con artists trying to trick you into giving away your information. Here’s what to look out for:
- Unexpected emails asking for personal information
- Urgent requests for action
- Suspicious links or attachments
If you’re unsure, don’t click! Call the company directly using a number you trust.
2. Safe Browsing Habits
When you’re surfing the web, think of it like walking down a busy street. Stay on the well-lit paths:
- Look for “https” at the beginning of website addresses
- Be cautious about entering personal information on public Wi-Fi
- Use bookmarks for your important sites instead of clicking on links in emails
3. Keeping Software Updated
Think of software updates like getting a flu shot—they protect you from the latest threats. Set your devices to update automatically if you can.
Mobile Device Security
Many of us use smartphones and tablets these days, and they need protection too. Here are some simple steps:
1. Use a Strong Passcode
A four-digit PIN is like a flimsy lock. Use a longer passcode or, if available, fingerprint or face recognition.
2. Enable Find My Device
Find My Device can help you track, lock, or erase your device if it’s lost or stolen. This easy-to-use feature can be set up on most devices. I can’t stress enough how important this feature is for protecting your devices and personal information, so I’ve laid out the setup steps for you below. Now you have no excuse to procrastinate on this one…
For Android Users:
- Enable the Feature:
- Go to Settings > Google > Security > Find My Device.
- Turn on “Find My Device”.
- Use the Service:
- Visit android.com/find and sign in with your Google account.
- You can then locate your device, play a sound, lock it, or erase its data.
For iPhone Users:
- Enable the Feature:
- Go to Settings > [your name] > Find My.
- Turn on “Find My iPhone” and “Find My network”.
- Use the Service:
- Use the Find My app on another Apple device, or visit iCloud.com/find.
- Sign in with your Apple ID to locate your device, play a sound, put it in Lost Mode, or erase it.
Pro Tips:
- Keep Location Services On: For the most accurate location tracking, ensure your device’s location services are turned on.
- Enable Offline Finding: This allows your device to be found even when it’s not connected to Wi-Fi or cellular data.
- Set Up Family Sharing: This feature allows family members to help locate each other’s devices.
- Regular Backups! Since we are on the topic of securing our devices, please-please ensure your device is regularly backed up to iCloud (for iOS) or Google (for Android) so you don’t lose important data if you need to erase your device remotely.
Third-Party Options?
While built-in options are excellent, check out these third-party apps for additional features:
- Prey Anti-Theft: Works across multiple platforms and offers features like geofencing and remote file retrieval.
- Cerberus Anti-Theft: Provides advanced features for Android, including secret picture-taking of the thief.
- Samsung Find My Mobile: A specialized service for Samsung devices offering unique features like retrieving calls/messages.
Of course, the key to making Find My Device effective is to set it up before you lose your device. I know. Duh! But so few people take advantage of the free Find My Device built into their devices that I feel the need to reiterate how important and easy this is to set up—possibly saving you a great deal of stress and data loss in the future.
3. Be Careful with Apps
Only download apps from official stores like Apple’s App Store or Google Play. And be wary of apps that ask for too many permissions.
Identity Theft Steps to Recovery
Despite our best efforts, sometimes the bad guys still get through. If you become a victim of identity theft or fraud, here’s what to do:
- Act Fast: The moment you suspect something’s wrong, take action. Time is of the essence.
- Contact Your Financial Institutions: Let your bank and credit card companies know immediately.
- File Reports: Contact your local police and file a report with the Federal Trade Commission at IdentityTheft.gov.
- Consider Identity Theft Protection Services: Services like LifeLock or Identity Guard can help you recover and monitor for future issues.
- Keep Detailed Records: Document all your calls, letters, and interactions related to the theft. This will help in resolving potential issues or disputes with your service providers as well.
Tech Tools for Personal Data Protection
Just as we use various tools to secure websites, there are great, user-friendly tools designed to help protect your personal data and monitor your accounts. Here are a few I recommend:
- Password Managers: Tools like LastPass or 1Password can generate and store strong passwords for you. You just need to remember one master password.
- Identity Theft Protection Apps: Apps like Identity Guard or IdentityForce can monitor your personal information and alert you to potential threats.
- Secure Browsing Extensions: Browser add-ons like HTTPS Everywhere can help ensure you’re always using a secure connection when available.
- Two-Factor Authentication Apps: Google Authenticator or Authy can add an extra layer of security to your accounts.
Conclusion
As we wrap up, let’s circle back to where we started: imagining your personal data as a website. Just as a website needs constant maintenance and vigilance to stay secure, so does your personal information. The strategies we’ve discussed—from creating strong passwords to freezing your credit—are like the firewalls, encryption, and security protocols we use to protect websites.
Think of it this way:
- Your Social Security number is like your website’s admin password; guard it closely and use additional protections like an eServices block.
- Credit freezes act as your personal firewall, blocking unauthorized access to your financial information.
- Two-factor authentication is your digital bouncer, adding an extra layer of security to your accounts.
- Regular credit checks are like running security scans on your website—they help you spot and address issues early.
I know all of this might sound like a hassle. Believe me, as someone who’s been in the website security business for over 10 years, I understand the temptation to skip these steps. But just as neglecting website security can lead to embarassing hacks, overlooking personal data protection can result in identity theft and financial fraud.
With the latest rise in personal data breaches and fraud, including breaches at government agencies and their contractors, I’m convinced that the extra effort is worth it. Remember, keeping your information safe is an ongoing process, just like maintaining a secure website. It’s not about achieving perfect security—that’s impossible in today’s world. Instead, it’s about making yourself a harder target and, most importantly, being able to respond quickly if something does go wrong.
Thank you for your attention today. If you have any questions about how to apply these website security principles to your personal data protection, don’t hesitate to ask.
>> For more insights into my services, read what my clients have to say about my services here.
Frequently Asked Questions
As The Hack Repair Guy, I’ve received many questions from my older clients about data protection. Here are some of the most common ones:
Q: I’m not very tech-savvy. Do I really need to worry about all this?
A: You bet! Look, I know all this tech stuff can seem overwhelming, but here’s the thing: cybercriminals often target folks who aren’t as comfortable with technology, especially seniors. The FBI has a whole page dedicated to this issue. But don’t let that scare you! The steps I’ve laid out are designed to be simple and effective, even if you’re not a computer whiz.
Q: I don’t use the internet much. Am I still at risk?
A: I hate to say it, but yes, you’re still at risk. Even if you’re not online much, companies you do business with might be, and if they get hacked, your information could be compromised. The Federal Trade Commission has found that older adults are often hit hardest by fraud losses.
That’s why I’m recommending steps like freezing your credit and keeping an eye on your accounts. It’s like locking your front door—you do it even if you’re not expecting visitors, right?
Q: What if I forget my passwords?
A: Ah, the dreaded password problem! Trust me, I’ve been there. That’s why I’m a big fan of password managers. Think of them as a super-secure digital safe for all your passwords. You only need to remember one master password to access it. It’s like having a master key for all your locks. The National Institute of Standards and Technology has some great tips on creating strong, memorable passwords if you want to dig deeper.
Q: Is it safe to use public Wi-Fi?
A: Great question! As a general rule, I’d say treat public Wi-Fi like a public bathroom—okay for casual use, but not for anything private or sensitive. If you absolutely must use public Wi-Fi for something important, like checking your bank account, use a VPN. It’s like a secure tunnel for your internet traffic. The Cybersecurity and Infrastructure Security Agency has some handy tips on using public Wi-Fi safely.
Q: How often should I check my credit report?
A: You know how you go to the doctor for a check-up once a year? Well, think of checking your credit report as a financial check-up. You’re entitled to a free report from each of the three major credit bureaus once a year.
I like to spread these out, checking one every four months. That way, you’re keeping an eye on things year-round. You can get these free reports at AnnualCreditReport.com—it’s the only official site for this, so don’t fall for imitators!
Q: What should I do if I suspect I’m a victim of identity theft?
A: First off, don’t panic! But do act quickly. Remember those recovery steps I mentioned earlier? That’s your game plan. Contact your bank and credit card companies right away, file reports with the police and the FTC, and consider using an identity theft protection service.
Quick action can really limit the damage. The FTC’s IdentityTheft.gov website has a great step-by-step recovery plan. Think of it as your first-aid kit for identity theft.
Q: Are paper documents still a security risk?
A: Absolutely! In fact, some identity thieves are old-school and aren’t above dumpster diving for your information. Always shred documents with personal info before tossing them. It’s like digital hygiene but for your physical documents.
Remember, if it has your name and any other personal details, it’s best to shred it.
Q: How can I protect myself from phone scams?
A: Ah, phone scams—the digital equivalent of a door-to-door salesman, but potentially much more dangerous. Here’s my rule of thumb: be wary of any call you weren’t expecting, especially if they’re pushing you to act quickly. Never give out personal information over the phone unless you initiate the call. If you’re unsure, hang up and call the company back using a number you trust. It’s like verifying the ID of someone at your door. The Federal Communications Commission has some great advice on avoiding these pesky and potentially dangerous phone scams.
Remember, there’s no such thing as a silly question when it comes to protecting your personal data. If you’re ever unsure about something, it’s always better to ask. That’s what I’m here for! Stay curious and stay safe!
I hope you’ve found this article helpful. Before you move on, I’m hoping you may consider buying Jim a cup of coffee. It takes a good bit of time to put together helpful articles (without paid or affiliate links).
“Data breaches loom
Protect your personal world
Vigilance is key”