Data Breaches: Protective Actions for Seniors and Family Caregivers

Data breaches likely have touched most US families in the last few years, even though we may not know if our data is in the hands of identity thieves.

Hundreds of millions of personal records have been taken from the data files of the retailers, health insurance providers, utilities, financial companies, social networks and more with whom we do business.

While that is frightening enough, what we don’t know is how many companies have experienced breaches and don’t know about it yet. We won’t even think about the possibility some have discovered a breach but aren’t disclosing it.

How could a company not know there has been a breach? It could be their systems aren’t being monitored for improper access (it sounds like too many are not) or the data loss isn’t the result of hackers but employees using their own access to profit at the expense of customers and the company.

It might be time to accept as fact that our data and that of our senior loved ones WILL be stolen, if it hasn’t already, and take protective actions.

Potential Harm from Data Breaches

It’s important to know that not everyone’s data will be used in a manner that harms them when it is stolen. Fortunately, the stories we have heard about identities being stolen as a result of breaches is just a small percentage of the total records taken.

If one of those identities stolen was yours or that of a senior loved one, though, you know it can be a very stressful situation, taking a great deal of time and even money to resolve.

What can happen if your data gets into the hands of criminals as the result of a breach?

  • Credit ratings can be damaged or even ruined, making it impossible to get a loan, because identify thieves have gotten credit cards or loans using the stolen data.
  • Charges to your credit cards or withdrawals from your bank accounts can result when your account information is part of the breach. While your financial liability may be little or none, it can take time to clear up the records and you may encounter issues in the meantime.
  • Issues in filing your taxes and getting your refund. Identity thieves have filed returns claiming refunds using stolen Social Security numbers, leaving a mess for the legitimate taxpayer to unwind.
  • Arrests can be made of you or a loved one. There have been many stories of crimes being committed using stolen identities and the investigation leading to the arrest of those whose identities have been stolen. This can be painful and have lingering impacts, even if cleared up quickly.
  • Takeover of financial, social media, cell phone and other accounts because the thieves are able to use the stolen data to authenticate requests to change your passwords.

Unfortunately, these are just a some of the ways you or a senior loved one can be harmed as a result of a data breach, even if you don’t know your data has been stolen.

In an earlier article on Senior Care Corner­®, we discussed some actions to consider if your senior loved one’s, or your own, identity has been stolen. Fortunately, there are also actions we can take to protect ourselves before the criminals have a chance to act.

Protective Actions You Can Take

We can’t stop data breaches from happening and even those not active online can’t keep personal data out of all the databases. Anyone who works (or worked), has seen a doctor, has financial accounts, pays taxes, has a cellphone (not even a smartphone) or uses utility service at home has data in a database that could be stolen.

We can take steps to protect ourselves and our senior loved ones to make harm less likely if that personal data is stolen, though.

Credit Freeze

Consider placing a credit freeze, also known as a security freeze, on the credit bureau accounts of each individual is a step recommended by many experts. A credit freeze stops anyone from accessing the credit file. It is inconvenient for many people because you must unfreeze your credit report if you want to take out a loan or get a new credit card, but you may find the peace of mind to be worth the inconvenience.

Credit freezes should be made at each of the major credit reporting agencies, Equifax, Experian and TransUnion. In many states there is a one-time charge for placing the freeze if there has been no evidence of identity theft already, but you may find it a small price to pay.

File Tax Returns Early

We might not be able to stop someone from filing a tax return using our identity but we can reduce the likelihood of it delaying our refunds or creating other problems if our legitimate returns are filed as early as possible. While many not getting refunds traditionally wait and pay taxes as close as possible to the deadline, even electronic filings without refunds have been refused because someone had already filed using the same identity.

The IRS is taking additional action to protect filers from fraud, but it’s not yet available for most filers. Under a program launched in 2011, the IRS will issue a specific number (an “IP PIN”) for those who have experienced identity theft or in whose accounts the IRS has seen unusual activity. For the 2014 tax year, some taxpayers in Florida, Georgia and Washington, DC were offered the opportunity to request an IP PIN, meaning their federal return would not be accepted if it didn’t include that number. Hopefully this program will be seen as successful and made available nationwide and catch on at the state level, too.

Protect Online and Account Passwords

Because our personal data can often be used to obtain or change account passwords — how often have you been asked for the last four digits of your Social Security number — it’s important to insulate our passwords and those of senior loved ones as much as possible from such changes. While no one method is likely to work for all passwords, these will add a layer of protection.

  • Use unique passwords for each account. Many people use the same, or variations of the same, password for each of their accounts. That means an identity thief who is able to learn a password from the account provider by having the right personal information is able to access other accounts. Don’t let a small problem become a big one by making it easy for them.
  • Use two-step verification when it is offered by an account provider. Usually this involves the provider sending a text message or voice call with a special code to a phone number you designate before a password can be changed or the account accessed from a new device.
  • Don’t use personal information that is part of databases as your password or answer to a challenge question that has to be answered to gain access to your password. Using your Social Security number, street name or spouse’s name might make a password easy to remember but it also makes it easy for someone with your personal data to access your accounts.

Until passwords are replaced with something more secure, such as biometric account access, these steps will help keep our accounts more secure.

Monitor Financial Accounts Closely

Even if we haven’t been told our data has been stolen as part of a breach, it’s important to monitor checking, savings, credit card, and other financial accounts closely so we can catch any unusual activity as early as possible. The sooner we see and report activity that doesn’t belong there, the more likely it is we minimize the damage and hassle of fixing it.

You should consider looking in on each of your accounts as close to daily as practical and suggest senior loved ones do as well, even offering to help them do so. Most financial entities offer mobile apps, which can be used to quickly review accounts during a few minutes of downtime, and offer web access. Many also offer email or text notifications that are useful as well.

Living in a World of Online Data

We are living in a world in which much of our data is stored online, even for those who are not active online.

With smart people working on both the data protection and data theft sides of the law, it seems inevitable there will be breaches that impact our data and that of senior loved ones.

Let’s do what we can to keep a company’s data breach from becoming a theft of our identity or that of loved ones.