Q: What is identity theft?

A: Identity theft occurs when someone else uses your personal identifying information, or PII, for financial or personal gain.

Q: What is PII? 

A: PII is “personally identifying information “and it can encompass a variety of pieces of information about you.  Some PII is considered more sensitive, such as your Social Security number, driver’s license number, and financial account numbers.  It should also be noted that your online login credential, passwords, and credit card numbers are also considered PII.  The bottom line is that PII is information that is used to identify or authentic YOU and it can be used by a thief to commit identity theft.

Q: Are there different types of identity theft?

A: Yes.  The ITRC defines several different categories of identity theft: financial, criminal, medical, governmental, and child. 

Financial identity theft occurs when your information is used to open new financial accounts or takeover existing financial accounts.  This could include but is not limited to credit cards, home or auto loans, student loans, utility accounts or cell phone accounts.

Criminal identity theft occurs when an imposter provides another person’s PII to law enforcement during an investigation or upon arrest.  This includes the use of counterfeit documents using another person’s information.  The imposter may fraudulently obtain a driver’s license or identification card in the victim’s name and provide that identification document to law enforcement.  Or, the imposter, without showing any photo identification, verbally provides the name and personal information of another individual.

Medical identity theft occurs when someone uses your identity to obtain medical treatment. It could be anything from a simple office visit to an involved or lengthy treatment plan, although there are connections to patients who commit identity theft in order to gain high-volume prescriptions for controlled substances like narcotic pain medicines.

Government identity theft occurs when your PII is used by thieves to commit government tax fraud, employment fraud, or other types of government benefits fraud. It could include using another person’s PII to file a false tax return, receive unemployment payments, or even SNAP benefits.

Child identity theft is defined as any of the above, but using a child’s PII. Children’s PII is especially lucrative to identity thieves because there is less risk of the parent discovering suspicious activity on their criminal records or credit reports.

Q: If I’m a victim of a data breach, am I automatically a victim of identity theft?

A: No, not automatically.  If you receive a data breach notification it means that your information has been compromised.  It does not necessarily mean that is being used (yet) to commit identity theft.  You should continue to practice good identity hygiene in order to detect the misuse of your information as quickly as possible.  The sooner you detect it, the less time there is for the identity thief to do any damage.

Q: Can someone steal my identity with my just my credit card number?  How about with my driver’s license?

A: The reality is a thief can do a fair amount of harm to your identity even with limited information.  It is possible for a thief to present your driver’s license, or a phony license with your information but the thieves’ photograph, to law enforcement during the commission of a crime.  It’s possible for a thief to rack up charges on your existing credit card account as well.  It is not possible for someone to open NEW lines of credit without having your Social Security number.

Q: What makes someone more likely to be a victim of identity theft than someone else?

A:  ANYONE can become a victim.  It crosses all ages and demographics.  According to the FTC and the ITRC’s Identity Theft: The Aftermath study, all age ranges are affected somewhat uniformly.  Income level also doesn’t have an effect – people from all walks of life can become victims.  But everyone has certain vulnerabilities based upon who they are and how they live their lives.

Click here for tips on how to minimize your risk.

Click here for a list of warning signs for identity theft.  

 

 

 

 

 

The ITRC recognizes that no one is immune to identity theft.  However, there are some best practices that consumers can employ to help minimize their risk of becoming a victim.  One of those practices is to be aware and watch for any "red flags".  Don’t ignore these red flags or put off investigating potential red flags.  There is a direct correlation between discovering identity theft early, and spending less time mitigating the damage.  If you have questions about how to follow up on any of these red flags, contact the ITRC toll-free assistance line, or email us at: This email address is being protected from spambots. You need JavaScript enabled to view it.

Financial AND/OR Medical

  • Statements for unknown credit card account/s
  • Errors (misinformation) on credit report
  • Denials when applying for loans for credit
  • Denied on a utility or rental application
  • Turned down for employment (due to a bad background check)
  • Collection notices for unknown accounts or loans
  • Bills for goods or services you didn’t purchase
  • Increases in your rate of interest (APR) on credit cards (due to unknown credit activity)
  • Increase in your auto insurance rates (due to unknown tickets or accidents)
  • Missing mail - regular communication from your financial institutions ceases (bills, emails, statements)

Medical

  • Collection notices and bills
  • Explanations of Benefits (EOBs) for services not provided
  • Communication from unknown medical providers and/or facilities
  • Misinformation on medical records
  • Regular receipt of solicitations for treatment of specific health issues that you do not have

Tax or Wage Related

  • Tax returns are denied because a return has already been filed
  • Notifications from IRS or State Tax Board requesting the filing of a return for income not earned by you
  • Notifications from IRS or State Tax Boards indicating a dependent's Social Security number has already been claimed

Government

  • Denied benefits, EBT, unemployment, or other government benefits
  • Incorrect work history statements (Social Security Administration)
  • Summary/statement of benefits for things you did not receive
  • Inability to renew Driver's License

Note:  Many of the above-mentioned red flags are also applicable to fraudulent activity and accounts for both children and the deceased. 

The following information is based on recent statements and
notifications released by Target

New Alert:  E-Mail Offers Gift Card, 1/22/2014

Important Note:  This information was not disseminated directly from Target.

This alert was recently brought to the ITRC's attention courtesy of San Diego's ABC 10 News and Don't Waste Your Money's John Matarese.

 

Free Credit Monitoring and Identity Theft Protection, 1/13/2014

Target has announced they will offer free credit monitoring services through Experian's ProtectMyID program to customers who shopped at Target stores in the U.S. during the time period of the breach. Those who enroll will receive free credit monitoring as well as other services for 12 months. For more information on how to apply, please read Target's information page on this offering located on their website. CLICK HERE

New Details about the Data Breach Investigation, 1/10/2014

As part of Target’s ongoing forensic investigation, it has been determined that certain guest information—separate from the payment card data previously disclosed—was taken from Target. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.

Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped our U.S stores. Guests will have three months to enroll in the program. Additional details will be shared next week.

ITRC - What does this mean?

While this new information may give more consumers cause for concern, in reality the exposure of names, mailing addresses, phone number or emails does not pose a significant "risk of harm".  At this point, it is important for consumers to remember that there has been no indication that Social Security numbers have been compromised, therefore minimizing the potential risk of actual identity theft.  Please note that the ITRC will continue to monitor communications from Target while they conduct further forensic analysis. 

Also, while the additional information may help identity thieves develop profiles on individuals and use it to "socially engineer" other information about you, you would generally have to be an attractive (i.e. wealthy, public figure, or high profile) individual to warrant such effort. 

 The information below remains current as to the necessary actions which should be taken by consumers who may have received a breach notification. 

Target Statement, Update 12/27/2013:

"We remain confident that PIN numbers are safe and secure," said a statement issued Friday by Target spokeswoman Molly Snyder.

According to the company, Target does not have access to or store the encryption key within the company's computer systems. The data can only be decrypted when it is received by the company's external payment processor, Target said.

"What this means is that the 'key' necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident," the company said, adding "the most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken."

Although this latest statement explains that the encrypted data could not be unencrypted, more details continue to surface.  As a precautionary measure the ITRC is recommending that victims of this breach take the opportunity to change existing PIN numbers with their financial institution/bank as a precaution.  It is always a good practice to think of a PIN number like a password and change both of them on a regular basis.

What we Know:

• Unauthorized access of payment card data (credit or debit card) occurred on purchases made in U.S. stores between November 27 and December 15, 2013.
• Payment information included customer name, credit or debit card number, card expiration date, and CVV (the three-digit security code).
• Social Security numbers and PIN numbers have not been compromised.
• This access did not involve online purchases.
• Target will be offering free credit monitoring to those affected.

What this means to you:
• A compromise of payment information means that an unauthorized person(s) now has access to this information and could potentially use this information to make fraudulent purchases on the account(s) that were used when you shopped at Target.
• Social Security numbers were not compromised: This is a key component required in order for thieves to be able to open fraudulent new lines of credit in your name.  Since these were not compromised, they cannot open new lines of credit in your name.
• PIN numbers were not compromised.  This means that if you used a debit card, the unauthorized person(s) do not have the PIN number and therefore cannot use the card at an ATM for cash.  If your debit card has a Visa or MasterCard logo on it, then the card number could be used to make credit card purchases.
• Target will be offering free credit monitoring services.  Credit monitoring can be helpful when the information that can be used to open new lines of credit has been compromised.  Since this is not the case with the Target breach, this action will not be useful in preventing fraudulent charges on the existing account that was compromised.

What you can do:
• Monitor your credit and bank statements closely and look for any unauthorized activity.  Review each item, and keep an eye out for small dollar transactions, including amounts as small as 99 cents. 
• If you notice any fraudulent charges on your credit card or debit card, contact your financial institution (bank or credit card issuer) immediately.  Inform them that the charges are fraudulent and they will walk you through their remediation process.  Each financial institution has a different process.

If Target is the credit card issuer:
• Monitor your statements for fraudulent activity.  If possible, go online and monitor the accounts as often as possible. 
• If you discover fraudulent charges, you will have to notify Target directly.  Please be patient. Many people are attempting to contact Target all at once.  If you are unable to get through (as many people have been experiencing difficulty), continue to note the fraudulent charges and monitor the statements.  Keep trying to get through to Target.  Understand you will not be held liable for these charges, even if you are not able to get through right away.

If you used a Target REDCard:
• You don’t need to call Target unless you believe there are suspicious charges to your Target REDcard.
• Target already has fraud alerts in place and is actively monitoring REDcard accounts that may have been impacted. The banks that issue non-Target credit and debit cards also have been notified and have similar processes in place. You too, should keep a close watch on your account by reviewing your credit or debit card statements.
• You should call your card’s issuing bank if you discover any suspicious, unusual or fraudulent activity.

Why do you keep telling me to contact my financial institution?
• The banks are well aware of this situation and many have taken additional steps to ensure that their customers are not victims of fraud.  The banks have sophisticated fraud monitoring tools in place and many have implemented additional protocols based upon the breach. 
• Once you notify your bank of any fraudulent charges, you will not be held liable for those charges.  It is important that you contact your financial institution as quickly as possible once you notice any fraudulent activity.  In most cases, you have limited time available to report the fraud. Target has indicated that victims will "absolutely not" be held liable for fraudulent charges. 

Beware of scammers impersonating Target
• Whenever there is an issue that affects large numbers of consumers, the shady scammers will come out of the woodwork.  Scammers (not necessarily those who gained the unauthorized access) will undoubtedly try to victimize consumers by contacting them and saying they are from Target.  This contact could come in the form of an email, a text, or even a phone call. 
• If you receive an email that appears to be from Target that asks you for any personal information, such as your Social Security number, do NOT provide it.  Rather than click on any links in an email or text, go directly to the website you need access to by typing the website URL into your browser.  This will help to ensure that you are interacting with the actual entity.
 If you receive a phone call from someone reporting to be from Target, do not give out any personal information over the phone.  Hang up and call the number on the back of your Target card, or the number that Target has posted on its official website.

Disclaimer:
The Identity Theft Resource Center® (ITRC) is in no way affiliated, associated, authorized, endorsed by, or in any way officially connected with Target Corporation. All information pertaining to this breach is taken from Target Corporation’s breach notices available to the general public.  The original notices are A message from CEO Gregg Steinhafel about Target’s payment card issues and Target’s Payment Card Issue FAQ.  All tips and recommendations are based solely on the information that Target Corporation has released to the public. All tips and recommendations are solely the opinion of the ITRC and do not reflect Target Corporation’s opinion or instructions to affected consumers.

 

Best Practices for Safe Mobile Device Usage

ITRC Fact Sheet 144 - Smartphone Safety
 
bestpractices

A Smartphone is a mobile phone with enhanced capabilities.  Many of these new functions are similar to those found on a PC.  With the increased abilities of the Smartphone, come built-in risks for exposure of personal information. This information, carried on and transmitted through the device, is highly desired for use by identity thieves.  There are steps Smartphone users can take in order to reduce the risks associated with using these handy devices.

 



 

ITRC Fact Sheet 145: Smartphone Threats 

The increasing use of Smartphones for daily activities is a growing concern when it comes to personal information that is stored on your device.   This information may be in danger of accidental exposure.

 

 


ITRC Fact Sheet 146: Privacy and Security


Ever thought of how well you know the functions of your phone? Now, ever thought of how much your phone knows about you? The increasing use of Smartphones for daily activities, such as emailing, banking, web browsing, shopping, bill tracking, social networking, file storage, and entertainment gives your mobile device the ability to know everything about you. Your Smartphone’s knowledge, if not protected, is a potential risk to your security and privacy.  The ultimate question to ask: Is my privacy and security at risk?

 

 


 

ITRC Fact Sheet 147: Risks of Mobile Applications

 

There is so much you can do on a mobile phone these days!  Many tasks you would do on a computer can now be done while on the go with a Smartphone.  However, with all of that accessibility comes a price.  That price may be diminished safety and privacy. Mobile Applications help users do everything from order a pizza to deposit checks. The dark side of this convenience is the risk users may have when the security of the mobile

 

 

These ITRC Fact Sheets and Best Practices for Safe Mobile Usage were developed and funded by a grant under the California Consumer Protection Foundation's Community Collaborative Fund.

 

Centro de Recursos Para Victimas de Robo de Identidad®


El Identity Theft Resource Center ® (ITRC) es una organización sin fines de lucro, respetada a nivel nacional dedicada exclusivamente a la comprensión de robo de identidad y otras cuestiones relacionadas. El ITRC proporciona apoyo a las víctimas y a los consumidores, así como educación pública. El ITRC también asesora a organizaciones gubernamentales, legisladores, la ley, y las empresas sobre el problema de evolución y crecimiento de robo de identidad.

El robo de identidad es un delito en el que un impostor obtiene piezas clave de información de identificación personal (PII), como números de Seguro Social y números de licencia de conducir y los utiliza para su propio beneficio personal. Esto se llama robo de identidad. Se puede comenzar con carpetas perdidas o robadas, hurtadas por correo, una violación de datos, virus informáticos, phishing, scam, o los documentos en papel tirado por usted o un negocio (basurero de buceo). Este delito es muy variable, y puede incluir el fraude de cheques, fraude de tarjetas de crédito, robo de identidad financiera, robo de identidad criminal, robo de identidad gubernamental, y el robo de identidad médica.
El robo de identidad puede ser un delito muy adverso para una víctima.  Su vida se va a ver alterada, y se enfrentara a tareas que pueden resultar confusas y situaciones que no sepa cómo afrontar.  De golpe, se dará cuenta de que en casos de robo de identidad, la carga de demostrar la inocencia recae en la víctima. 

Comuníquese con nosotros
Telefono: (888) 400-5530
Correo electrónico:This email address is being protected from spambots. You need JavaScript enabled to view it.

Casos Más Comunes de Robo de Identidad

Financiero

Alguien obtuvo tarjetas de crédito, un préstamo bancario, un teléfono, cable, internet, etc. usando mi información personal

Gubernamental

Alguien está trabajando con el número de seguro social mío o de mi hijo/hija.

Criminal

Alguien fue arrestado usando mi nombre e información personal

Medico

Alguien está usando mi información para atención médica

Robo de identidad de un menor

Alguien utiliza la información de un menor para obtener empleo o para líneas de crédito

Fraude bancario o de cheques

Alguien obtuvo cheques o cuenta bancaria usando mi información personal

El ITRC sigue creando abundante información para ayudarlo.  En el Centro le explicarán los pasos que debe dar en diversas situaciones. De hecho, tal vez utilice varias de las soluciones y/u hojas de datos.  Éstas se actualizan con regularidad y cuando se da parte de nuevas clases de delitos de robo de identidad, se redacta nuevo material para ayudar a las víctimas. 

En algunos casos, usted no podrá dedicarse a limpiar su nombre con la celeridad que desearía. Las compañías actúan lentamente, en parte para protegerlo.  Jamás se encuentra, y mucho menos arresta, a la mayoría de los impostores.  A menudo, esto no es culpa de los cuerpos policiales sino de la naturaleza del propio delito.  Por tanto, colabore con la policía mientras usted se encarga de limpiar su buen nombre.  No obstante, limpiar su buen nombre sólo será posible siempre que siga los pasos adecuados. 
Si se siente frustrado u agobiado, nuestro personal está aquí para ayudarlo, sin costo alguno.  Puede contactar con nuestras oficinas por teléfono o correo electrónico para recibir ayuda directa para víctimas.  Si bien no somos abogados ni psicólogos, hemos trabajado con miles de víctimas de robo de identidad y sabemos cómo guiarlo a través del proceso de recobrar su identidad.

Y recuerde: No está solo.  El ITRC está aquí para ayudarlo.  Tenemos personal que habla y escribe en español para ayudarlo.

Health Insurance Exchanges -
Beware of imposter websites, phishing, and smishing scams!

 
A Message from the CEO of the ITRC
Eva Velasquez
Eva Velasquez ITRC CEO

The ITRC wants to assist consumers and small business in avoiding scams, fraud, and imposter websites when the open enrollment period for health insurance exchange websites goes live on October 1, 2013.  It was our experience that research results and resources were confusing and inconsistent when we ourselves attempted to local legitimate insurance exchange websites. 

In fact, when we used the search term “health insurance exchange official websites,” the various state websites populated the first screen but not the official federal site that provides comprehensive information.  Because of this experience, we believe there is a potential for consumer harm.  Imposter websites could be easily confused with the legitimate ones.   

Each state had the ability to determine how to best meet the needs of its uninsured residents.  This has resulted in 17 states opting to have individual exchange URLs with the remaining states all using www.healthcare.gov.Medical Identity Theft

Because there are multiple websites, we originally wanted to help consumers by listing each state’s website on our interactive map.  However, we don’t want to add to the confusion.  We want to keep it simple.  Instead of giving you the list of websites which you can find on www.healthcare.gov, we want to issue a warning:  BEWARE OF IMPOSTER WEBSITES, PHISHING, AND SMISHING SCAMS.

If you need to locate the authentic insurance exchange URL for your state, visit https://www.healthcare.gov/marketplace/individual

Share your id theft storyIf you receive an email or text purporting to be from your exchange, from the federal government, or asking you for your personally identifying information, do not respond to the email or text.  Instead go directly to www.healthcare.gov.

There will very likely be bugs in this process and if everyone floods the websites on the first day of enrollment they could be faced with overloaded servers timing out, or even crashing.  Don’t start looking elsewhere to get the services you need, or you could fall victim to an imposter website that at best will be a real business using misleading advertising, and at worst a full on scam just trying to get you to part with your personally identifying information.  Stick with www.healthcare.gov and the official state exchange websites it refers you to.  Be patient and be safe.

California Residents

calpirgguide

 

So, You Need Health Insurance. Now What?
California Health Insurance 101

Having the facts can make all the difference when it comes to health insurance. To make the most of new choices, protections and financial help, you need good information. This guide can help you find quality coverage that won’t break the bank.

 

Medical ID Theft

The definition of medical identity theft is the fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and/or medical insurance identity number to obtain medical goods or services or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity. Unfortunately, the definition of MIDT and the consequences that are associated with the crime are not common knowledge to the general public. Medical identity theft (MIDT) is a crime that has profound consequences for patients, insurance providers, and health care providers.

In order to minimize the effects of MIDT, we must better understand the nature of MIDT.   For this purpose, the ITRC created and released a new video - What is Medical Identity Theft?. This video is part of an ongoing campaign to educate the public about the many issues surrounding this topic.  The video was shot as part of an ongoing program to increase awareness about this issue.  The campaign was made possible through financial support provided by The Rose Foundation.

The ITRC has several Fact Sheets, Solutions and Letter Forms listed below to assist victims facing medical identity theft and to heighten consumer awareness of medical identity theft issues.  Additional information on medical identity theft issues is provided in our ITRC Medical Identity Theft blogs.

The ITRC knows it is important to assess how consumers’ identities are stolen, how they find out they have fallen victim to this crime, and how difficult it is to resolve once discovered. The ITRC believes this information can be used to educate and make aware the general public as to what MIDT is and how they can minimize their risk or mitigate the cost once they become a victim.  If you believe you are a victim of identity theft and would like our assistance please send us an email at This email address is being protected from spambots. You need JavaScript enabled to view it. or call the ITRC Victim Assistance Center Toll Free (888) 400-5530.  

MIFA

Medical Identity Theft Fraud Alliance

The ITRC is proud to announce that it is a founding member of the Medical Identity Fraud Alliance (MIFA) - the first cooperative public/private sector effort created specifically to unite all stakeholders in jointly developing solutions and best practices for the prevention, detection, and remediation of medical identity fraud.

Medical identity theft and fraud constitute a major societal problem exerting pressure on our healthcare and financial ecosystems. The MIFA membership is dedicated to building focused direct prevention and resolution mechanisms.  MIFA aims to manage the impact of medical identity theft through stakeholder-coordinated research, increasing education and awareness, developing focused tools and procedures, promoting best-in-class strategies, technologies and practices and influencing government regulations, policies and laws.

MIFA is also dedicated to helping its members better protect their organizations and consumers from medical identity theft and the resulting financial, physical and emotional damage it can cause.

Medical Identity Theft Knowledge Survey

The ITRC recently conducted its Medical Identity Theft Knowledge Survey. The ITRC fielded this survey to determine consumers’ knowledge and understanding of medical identity theft. Specifically, the survey was designed to test consumers’ existing knowledge of the definition and characteristics of medical identity theft, how to detect an incident of medical identity theft and how to remediate one’s medical identity theft case after becoming a victim.

 

Subcategories

Article Archives

 

ITRC Sponsors and Supporters 

 

 

 

 

Go to top

 

The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.