by Dave Moore, CISSP
02/04/2024
Last week, we looked at placing “fraud alerts” at various federal agencies, financial institutions, creditors, real estate concerns and public utilities. Those were the next steps to take after placing account “freezes” at all four major credit bureaus.
These actions are all taken in response to how patients of both Integris and SSM St. Anthony hospitals have been victimized by Internet criminals hacking the hospital’s poorly-secured computer networks, creating a full-on bona fide identity theft crisis that cannot be minimized or ignored. The personally identifiable information (PII) of millions of people has been stolen, the type of information criminals use to steal tons of money.
This week, we examine more areas that need attention, including collection agencies, data brokers and law enforcement. Do all of these things in writing, Certified Mail. Phone calls and emails are good, but not enough.
Stop debt collectors from harassing you over bogus accounts. Notify them within 30 days of receiving a notice, and inform them you are an identity theft victim and that you do not owe the debt. Instruct them to stop reporting the debt to credit bureaus and collection agencies.
If someone opened a bogus account in your name, ask for a copy of the application and the applicant’s signature. Ask for a detailed report about the debt and how it happened. They are required to provide details under the Fair Credit Reporting Act. There are sample letters on the Federal Trade Commission (FTC) website at identitytheft.gov.
Clear your name of criminal charges. If someone is caught and arrested using your name and/or information, contact the arresting law enforcement agency and file an Impersonation Report. Contact the court, also. Provide proof of your identity, such as fingerprints, photograph, and identifying documents. Ask the law enforcement agency to compare your information to the imposter’s and remove your name from all records. Ask the prosecuting attorney for records to help you clear your name. Ask for a “certificate of clearance” or “certificate of release” to declare your innocence, and keep it with you at all times.
Ask the law enforcement agency that arrested the thief which information brokers buy their records. Write to the brokers. Demand they remove errors from your file.
File a complaint with local police. Supply your FTC Identity Theft Report, along with a government-issued ID with photo, and additional proof of address (mortgage statement, utility bill, any other reports or notices you may have). Many law enforcement personnel will not understand what you are trying to accomplish. It is your job to inform them.
If bogus utility accounts have been opened (water, gas, cable, electric, etc.), contact them and ask that those accounts be closed. For more help, contact the state utility commission.
Contact the National Consumer Telecom and Utilities Exchange and request your NCTUE report at www.nctue.com. Review the report for problems. If a service provider won’t resolve a problem, file a complaint with the FCC.
Next week, we will wrap up our “damage control” to-do list.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org