Of course John didn't actually blackmail anyone, but he made a valid point that sometimes the only way for things to get done is for Congress to feel the problem actually affects them. To prove his point of how vile and dangerous unregulated data-brokering is, he used completely legal and commonly used techniques to get data about several members of Congress with a vague threat that if they were worried about what he found, they really ought to consider passing laws to prevent the kind of data gathering he used.

This video should be required watching for every US Citizen because data brokering is dangerous. If you need any proof, well… that's what the video is for (but you can also look at the ID Theft crisis which was almost entirely caused by data brokering). Tags: Congress, Identity Theft, John Oliver

Goodbye Identity Theft. This course will make you tangibly safer from ID Theft today than you were yesterday.

Identity theft is a huge problem, but a bigger problem is how little responsibility the large data brokers and perpetrators of negligent breaches are doing about it. Though you didn't ask to be put at risk, companies profit from credit and data-sharing practices and aren't motivated to put you first.

For the past 13 years, I've written articles, done podcasts, consulted, spoken at conferences, and tried to raise awareness in any way I can. Now, I've put together an online course containing the experiences of more than a decade of ID Theft education. I've watched the rise of the "monitoring services" and insurance scams and "dark web scanning" nonsense and now, I will show you how to apply valid risk-analysis (in an easy-to-understand way) to determine if you are throwing your money away on "security theater".

Most importantly, I will give you solid tips, tricks, and strategies for actually protecting your information based operations risk assessment skills cultivated from more than a decade of working for the Department of Defense. That combined with making you aware of your legal right to force credit reporting companies to stop selling your data to anyone they please (creditors and ID Thieves alike) make this one of the best classes you will ever take.

I will give you information that will make you tangibly safer from ID Theft today than you were yesterday. Click here to see pricing.

How do they get your information

Where is all this data leaking from!?

(Image is in the Public Domain)

You should still be careful where you store documents in your house (because of family ID Theft) and what you throw away (dumpster-diving), but, thanks to the practice of Data Brokering, you have a much bigger threat to deal with. Most of the big-name companies do secondary trading in customer information making their database a trove of information on millions of potential victims at once!

There's no time in this course to explain how bad the problem really is and the potential consequences. for now, just understand that every time you shop, browse, or otherwise interact with companies like Google, Facebook, or Amazon, they silently watch and record your actions into personal profiles that they use to:

• Guide their business strategy – The trends and patterns they see in profiles can help them understand their customers and figure out what's popular and why. By itself, not such a terrible thing…
• Bin and Label Customers – Are you a savvy shopper? Companies are watching. They'll track who makes them money and who costs them and use that to determine what deals you get, prices you see, and services you quality for.
• Sell to marketers – There's a responsible and acceptable way to market to people, but I say that attacking people's fears and poor self-image isn't it.
• Give to ID thieves…

The last bullet isn't literally something they do, but it's not that far off. Companies have been caught selling profile information directly to ID Thieves and sometimes forget to make sure their employees aren't selling your data on the sly. Oops.

Even if we make the generous assumption that companies are diligently working to reduce those risks, we still have the data breach problem.

Data Breaches – The short version

Every data breach I have ever seen or heard of was due to gross negligence and not "clever hackers".

If you were an identity thief, why bother trying to build or even buy profiles yourself if you can just steal them en masse instead?

I'd bet you've heard of some of the more newsworthy breaches, but the rate and scope of data breaches is far higher than most people realize – enough that one might think we're in some kind of hacker Armageddon… if you buy into the rhetoric that the problem is hackers.

It's not.

Like a scene from a bad comedy, companies will lie on the floor coughing and bruised. They'll tell you a story about how they tried to stop them from breaking in and taking everything, but the hackers were just too strong (cue dramatic fainting scene). Quite the act.

The truth is that every data breach (that I know of anyway) including the big ones like TJX, the Office of Personnel Management, and Equifax were due to gross negligence and not "clever hackers".

It's a frustrating problem and I will teach you concrete steps and techniques to lower your risk a little bit later in this course, but for now just remember:

Building and selling detailed profiles on people is immensely profitable. There are not nearly enough legal restrictions on how data is collected and used. There is almost no accountability for breaches, even if they're caught losing your data. Basically, rampant data-brokering is the #1 reason you're at risk from ID theft today.

How they use your information

It wasn't me! It was my evil twin!

(Image used under: Fair Use doctrine)

So how does a thief use your data? Have you ever seen the "evil twin" cliche in a movie or TV show? Where someone who looks just like the main character gets into a ton of trouble, but everyone keeps blaming them? ID Theft is basically the same.

Here are some of the things your twin might be up to:

Account Theft

Think of all the things you can access online. Banking, gaming, social pages. What happens if I have enough of your private information to convince some Facebook administrator that I'm you and they unlock the account for me? What could I post that might anger your friends and family… or your boss? It's no joke… Have you heard of the "Facebook fired" stories? Where someone was fired for the things they supposedly said online?

Fun fact: there are a number of "Facebook fired" stories out there. Saying "my account was hacked" is a common excuse… but that's easier to say than prove

An ID Thief isn't likely to mess with your Facebook profile, but take that example and expand it to bank accounts, investments, or online gaming service (you'd be surprised how much digital content can be worth)? Now that you're more aware, the next time you call customer service, take note of how little of your information they require before deciding it's you.

Credit ID Theft

When I worked for retail stores, we were expected to push people to open in-store credit because:

• You are more likely to shop at a store you already have a credit card for.
• It gives them another hook to get you in the store and shopping (no-interest periods, free add-ons, etc.).
• The combination of interest and sneaking "gotchas" in the terms bring the store massive profit.

There are no consequences to store employees if the sale turns out to be fraudulent, but there is if they don't make their "numbers" for the day. Would it surprise you to know that I had managers directly look at and handle IDs that clearly had the photo replaced and fake credit cards with the ink from printing still tacky to the touch and say "looks fine, ring it up!" (spoiler alert: I didn't "ring it up").

Pro money tip: always get credit through a trusted credit union (or bank if you must) and not in-store or at the car dealer. It is possible to get a good deal, but the odds are always against you.

Employment ID Theft

If someone is out there making money, but using your name, you can be liable for taxes or fees they're not paying. If they get fired or commit a crime on the job, your name might be flagged at that company making it hard to get a job with them (which for bigger companies with lots of subsidiaries can mean a lot of closed doors!). It's also pretty hard to draw unemployment benefits when the system shows you're out there making money somewhere!

Criminal ID Theft

Bad guy is arrested. They use your information, get out on bail, then disappear. Vacationing gets a lot more fun when you have a surprise warrant for your arrest in a state you've never visited in your life.

In case you thought I was exaggerating, check out this story of a poor woman who faced both employment and criminal ID Theft.

Medical ID Theft

In one of the scariest of all, if someone uses your information to get medical services, there can be serious medical and legal consequences. What if they were treated for gunshot wounds or drug overdose (where hospitals are required to contact authorities in many states)? What happens if the wrong allergies or blood type are recorded and mixed with your records?

Bottom line

With enough information about you at my fingertips, the ways I can make your life miserable is limited only by my imagination. To prevent this, we need to cripple the ID Theft process by blocking the thieves from getting and using your information.

/home/jeremyd1/public_html/thegeekprofessor/graphics/courses/gid/ID_check.jpg not found!

When I worked for retail stores, part of my job was to convince customers to buy things on credit under terms that were carefully designed to cost you as much as possible. It was a bad deal even when you agreed to it, but it's even worse if some thief gets the goods while you get the debt

That's why I was always careful to look at ID cards and watch for signs of fraud. Like that one time I thought something wasn't right so I went to the back room to call the customer's home phone number. Guess who was at home right then and NOT at our store applying for credit?

Because of my effort, I stopped more instances of fraud and identity theft than every other store employee combined… which is frightening if you think about it. Why was I so much better? Was it because the fraudsters always came to me? Did I have some special talent for spotting issues? I don't think so. In almost every case, it was simply a matter of making an effort.

In my days of commission sales, you can bet it hurt to spend an hour helping a customer only to have to put a careful of high-profit stuff back on the shelves. Even as an hourly employee, turning away a sale was likely to bring down the wrath of management. You might think you could just explain the situation or show them the fakes, but I quite literally handed a manager a "credit card" that had been printed so recently the ink was still tacky. He handed it back and said, "looks fine to me!" ring it up!

What this has to do with fraud alerts

Imagination: Stop right there, criminal scum!

(Image is in the Public Domain)

Fraud alerts are supposed to work like this:

• You place the alert.
• Any new credit applications in your name are flagged.
• SWAT teams and angels and angel SWAT teams descend from the heavens upon any criminal who dares to try anything funny with your identity.

Reality: Code 10? I should check their identity more carefully, but meh...

(Image is in the Public Domain)

Here's how it actually works:

• The person running the credit sees the "alert" when they put in the application.
• They're bored, apathetic, under pressure from management, or not trained well enough so they push the application through.
• The thief walks out with cash and prizes

Of courses, this assumes they even notice the fraud alert at all. When I worked retail, it was a tiny flag near the bottom of the screen and easy to miss. But let's be really generous and say that all of this works exactly as intended. Thieves are scumbags, not idiots. Obviously they'll wait until after 90 days to use any identity they got from a data breach.

A fraud alert might be a little better than nothing at all, but it relies random strangers to have both the training/desire to protect you AND thieves that aren't smart enough to wait out the preposterously tiny fraud alert period. Fraud alerts are a joke and a fraud.

I'm an ID Theft Victim. Now What?

It's sad for me to hear the actual stories of the victims especially since it could have been so easily prevented in most cases if the lawmakers and the agencies who are supposed to protect you would just get their acts together.

Blame aside, the question is: what do you do? I wish I could help everyone, but every situation is different. What I will post here are the most common, basic steps you will take to handle the current situation and prevent further ones.

Stop the Hemmoraging

Most of ID Theft is a result of someone else gaining access to your credit reports. Things like getting a bank account, getting a job, getting a lease, turning on utilities, and getting a cellphone all require a credit check. The very first thing you need to do is cut off access to your credit files to prevent the problem from getting worse or re-occuring in the future.

1. File a police report with your local police and/or the Federal Trade Commission. All you need to do is say "I want to file a report of identity theft" and let them lead you through their process. They may or may not actually provide you much help or guidance, but that's ok. All you really need is a case number. You'll need this for several of the later steps.
2. Most of ID Theft activity is hinged on access to your credit report which is protected only by a combination of your personal information much of which can be accessed freely on the Internet. This needs to stop. Take your police report or case number and contact each of the three Credit Reporting Companies. Tell them you want to put a "Credit Freeze" on your file and make sure they don't try to charge you any fees (credit freezes should be free for ID Theft victims).
3. While you're on the phone with them, have them send you a copy of your current credit report. If the won't, use your "free coupon" granted by federal law by going to AnnualCreditReport.com (the ONLY legitimate site to get them). You are entitled to one free report per year from each of the three companies. The site will lead you through the process, but some of the companies will try to sell you add-ons like credit monitoring services or similar. Don't do it. Get your free report and nothing else. If you see a spot to enter a credit card, you did it wrong.

Repair the Damage

Now you're going to start fixing the damage they caused.

1. With your credit report in hand, you should be able to get an idea of what companies the scumbag opened accounts with or dealt with. You might even get some phone numbers and address information that's clearly not yours. Make a list of all of these and provide them to the police referencing your previous case number.
2. Contact each company and explain the situation. Provide the case number or a copy of the police report if necessary, but make sure that they conduct an investigation or remove your information from the account records. Your goal here is to make sure that they no longer contact you or report you in relation to the debt/account.
3. For each company you successfully do this with, follow the challenge process with the Credit Reporting Companies whose reports show that debt. They have 30 days to contact the creditor themselves to verify the item. If they can't (which they shouldn't because you just had the creditor remove your name from their records), they must remove that item from your report by law (based on the Fair Credit Reporting Act).

Shut it All Down

Someone is getting some benefit from your identity in the form of goods and/or services. You might have information of what those are and you might now. It may be worth hiring a private investigator to dig up information about yourself so you can figure out what kinds of records are in your name that shouldn't be.

Even if it didn't impact your credit report, take care of them. If you find out that the DMV for a state you've never lived in has records in your name, work to have them expunged. If someone activated a phone service for a house somewhere in your name, have it shut off. Follow every lead you have and stamp it flat. Best case scenario, you get enough information to identify the theif.

What next?

The above links are good resources to learn more about the issue, but if you want the biggest bang for the buck to learn quickly and clearly about the ID Theft problem and concrete steps you can take to prevent it in the future, please check out my Goodbye Identity Theft crash course Tags: ID Theft, Identity Theft

Surprise, surprise. A company has giant data breach due to negligent security, but not to worry! They'll protect you by offering you credit monitoring for one year free!

Credit monitoring is a waste of your time and is likely only offered to make it seem like they're doing something for you when they probably don't. I wouldn't be surprised to find out that the credit monitoring companies have a "data breach plan" where companies can get a bulk discount by offering monitoring to all their victims.

It's a classic win-win-lose. The breach company wins PR points, the monitoring companies continue to make money for not providing any real service, and we all lose.

If you're worried about id theft, just freeze your credit reports!

(Image used under: Fair Use doctrine)

Todd Davis didn't post his social security number publicly because he thought his company could protect it. He did it as an advertising gimmick that netted him almost 2 million paying customers. At least, I have to assume that's what Todd's motivations were because I'm guessing he's not an idiot and knew his service wouldn't actually prevent ID theft. Even if he were, there have been so particularly telling clues recently such as:

1. Having his own identity robbed 13 times since the stunt began.
2. The 12 million dollar settlement with the FTC over false advertising relating to their gross misrepresentation of being able to prevent ID theft.

That's why when an employee's sensitive data showed up online, they worked to have it removed. No one should have their social security number posted publicly because the risk is too great. Unless of course you're the CEO of a company that charges $10/month to almost 2 million people and can afford any amount of ID theft you're hit with.

For those that are bad at math, that's 20 million a month income. Makes that $12 million settlement seem kind of inconsequential doesn't it?

(Image used under: Fair Use doctrine)

I'm not surprised about the fine, just that it took this long. Of course, they'll just shrug it off and any other lawsuit so long as they make more money than they spend.

Sadly, by the time someone actually shuts Lifelock down (if ever), the people responsible for it will be so rich that it won't make any difference. But until then, we can feel a little happier knowing that there are some organizations that are making them pay for their dishonesty; although 12 million dollars is less than one month of Lifelock's income on their almost 2 million reported customers.

This totally made my day:

A Wisconsin college student filed a class-action complaint against Experian this week, claiming that the company's ubiquitous ads for FreeCreditReport.com led her to believe she could use the site to get a no-cost credit report.

Go figure! Someone believed that FreeCreditReport means you can get a free credit report? What are the odds!?

How this has gone on this long I'll never know. Even after 11,000 Better Business Bureau complaints the most that's been done to date was the very cool FTC spoof videos making fun of FreeCreditReport's TV ads where they did everything short of calling them crooks.

It's such an exquisite pleasure to watch this bogus company go down; let's hope this suit sticks.

Update June 2010:

It's probably been a month or two (or three or four) since this happened, but as a result of the lawsuit, the FTC has required them to put a giant banner on the top of their website saying essentially that they're full of it. Granted, the site should just have been shut down, but it's still nice to see.

Hard to sell your supposedly free reports now isn't it?

Looking back from 2019:

The FTC filed their own lawsuit and won, but the measly ~1 million fine was so much less than the $72 Million they could afford just for theirdeceptive ad campaign, it just goes to show that founding a company in fraud is a solid business strategy. But I suppose it's not all bad… there was brand new legislation passed as a result of their scam:

The advertising practices of FreeCreditReport.com were specifically addressed in the Credit CARD Act of 2009. Now any company who advertises a 'free credit report' on TV or radio must include the statement: "This is not the free credit report provided for by Federal law." The law also calls for the Federal Trade Commission to issue new rules that will force free credit report advertisers to inform consumers that the only place for a free credit report is AnnualCreditReport.com.

On a lighter note, the Federal Trade Commission was so fed up with Freecreditreport.com, they made these awesome spoof videos: