Recently, we wrote about a significant cyber attack on Excellus Blue Cross Blue Shield. The health care company, based in upstate New York, was hit hard, and had the personal information belonging to as many as 10 million clients exposed — including names, dates of birth, addresses, phone numbers and Social Security Numbers.
At the time, there was no evidence that any of the information released in this breach had been used to commit identity theft. However, we warned that such things can take time, and anyone who was affected would be at risk for the foreseeable future.
Recent reports suggest that our caution was well placed.
According to a report by CNY Central, police in Batavia, New York say they have begun to receive identity theft complaints that may be tied to the Excellus data breach. Police are investigating to see if a more concrete link can be established.
Given the type of information that was taken during the breach, it is hardly a surprise that some consumers believe that they have become victims of identity theft as a result. As the months go buy, it is increasingly likely that more reports such as this one will continue to trickle in.
For this reason, it is important for everyone to be more vigilant about their identities.
While all of the information exposed during the Excellus breach is sensitive and can be used to commit identity theft, of particular note is the loss of millions of Social Security numbers. This has always been a weak spot for Americans seeking to protect their identities. Since we lack any other readily-accessible form of national identification, we tend to use our Social Security numbers for a whole host of tasks, such as paying our taxes, or taking out loans. These nine digits present a compelling target for those who wish to steal from us.
Recently, one Congressman has proposed a change in the law that will reduce the odds of Social Security numbers being exposed.
Rep. Vern Buchanan (R-FL) argues that his recently introduced Taxpayer Identity Protection Act will let companies use an alternative to Social Security numbers on W-2 tax forms. In theory, this would help protect the identity of taxpayers in the event of a data breach that compromises these forms.
“This bipartisan, common-sense measure will protect Americans from identity fraud by limiting the use of Social Security Numbers on the most popular tax forms, including the W-2,” Buchanan said in a statement. “We must be doing all we can to end this growing problem, which hits seniors especially hard.”
Obviously, this move is limited, and even if passed this bill will not immediately improve the security of the health sector. However, it may motivate organizations to find alternatives to Social Security Numbers and protect consumers from the obvious security weakness that such a reliance creates.
In the meantime, it is important for everyone who believes their data has been compromised to take action to prevent its misuse by identity thieves. For the best protection, consumers should consider signing up for a credit monitoring service that can alert you to certain activity on your credit file that may be indicative of fraud.