I feel like every six months I get notification of some data breach, or of my information showing up on the dark web, or etc. The most recent was Change Healthcare…
…which led to me receiving a dense thicket of pages that began “We are sorry to tell you about a privacy event.” A privacy event. Well then.
Every time I get one of these letters they come with some sort of remediation opportunity, in this case the ability to sign up with some service called “IDX”. I did the thing for once, which gave me access to a dashboard of sorts, but that dashboard is limited in scope unless I give them my SSN, and really? I mean, I 100% get it technically, but emotionally I’m not there.
I wasn’t going to post about this, but then another IDX packet came for my daughter, who is in no sense technically or financially literate, and I’m sitting here looking at it thinking about whether to sign her up.
How do you manage all this? Do you just check your credit occasionally (which is what I had been doing), or are you more active? [or am I the only one getting these bi-annual notifications]
I’ve been in so many data breaches I just assume at this point that it’s all out there somewhere on the dark web.
I keep my credit frozen with all three credit agencies (note that depending on what state you live in, it can unfreeze after 7 years, which seems really stupid to me). I use an IRS PIN when filing my taxes to try to prevent someone from filing a fraudulent return. I’ve got two factor authentication turned on for financial websites such as bank, credit cards, 401k, etc.
And perhaps one of the most important things to do - use a password keeper and never reuse a password. I used to work with someone who used the same password across all of his accounts, maybe adding or changing some numbers at the end. A hacker got into one account and it very quickly spiraled from there. The hacker was able to get into the associated email and then went through his emails to find other accounts they could get into. At one point, they had access to his email, his credit cards, his bank account and his cell phone account. It took him months to get everything secured and all of his money back.
I proposed in another thread that if there were a statutory penalty like $1000 per person per breach, companies might actually take data security seriously.
Bottom line, this happens continuously, your info has been stolen at least dozen times over the last 20 years and for 99.9% of us nothing has happened. So nothing is what you should do about it.