More identity theft damage control

by Dave Moore, CISSP

10/29/2023

For the past few weeks, we’ve been looking at what to do about the identity theft catastrophe brought on by the “MOVEIt” private information on-line robbery. The bad guys have already used this information to steal tons of money, and are set to steal a whole lot more.

So far, we’ve discussed Damage Control Step One (moving your funds to unaffected financial institutions), Step Two (freezing credit bureau accounts), and Step Three (notifying various government agencies of the situation). This week, we finish Step Three, examining the chore of filing identity theft and fraud alerts. We left off with Part Twelve, and will pick up with Part Thirteen.

13. Get a free copy of your ChexSystems Report from chexsystems.com. If you discover fraudulent activity, get the accounts closed and report the fraud to the Check Verification system, so businesses will be alerted to refuse the checks. Contact any businesses that have taken the bad checks quickly, before they start collection actions against you.

14. Look for bogus bankruptcies filed in your name. Write the U.S. Trustee for your area and describe the situation. Provide proof of your identity. Consider hiring an attorney familiar with identity theft and bankruptcy cases to help you with this.

15. File a Better Business Bureau Scamtracker report at www.bbb.org/scamtracker.

16. File a complaint at the Federal Bureau of Investigation’s Internet Crime Complaint Center at www.ic3.gov/.

17. If you believe a bank or other financial institution’s behavior or policies have helped facilitate a scam or identity theft, (i.e., you received a letter from your bank saying your information was “compromised”), file a complaint with that state’s banking regulatory agency. For example, in Oklahoma, that would be the Oklahoma Banking Department, at http://banking.ok.gov/complaints. Also consider filing a complaint with the state’s consumer protection agency. For example, in Oklahoma, file with the Attorney General’s Consumer Protection Unit at www.oag.ok.gov/consumer-protection.

18. Get a copy of your C.L.U.E. (Comprehensive Loss Underwriting Exchange) report from LexisNexis at consumer.risk.lexisnexis.com/request. Get a copy of your Early Warning Consumer Report at earlywarning.com/consumer-information. Examine both reports for any unusual or inaccurate activity. Use Google to find contact information for the four (4) major credit bureaus; it’s easy.

Remind everyone you request information from they are bound by federal law, Section 609(e) of the Fair Credit Reporting Act, to provide business records related to identity theft to victims within 30 days of receiving a written request. I guarantee you, many of them will give you the run-around or flat-out refuse to help. Don’t be bamboozled or intimidated. Insist they comply with the law; otherwise, you will take legal action against them. Be prepared to file complaints with the Consumer Financial Protection Bureau at consumerfinance.gov, the Federal Trade Commission at ftc.gov, and all appropriate state agencies.

Be prepared to sue in local, state, and federal court, if neccesary. If funds are tight, reach out to legalaidok.org/contact-us/ for help. Yours is a righteous cause; have the grit to stick with it. It’s amazing how quickly folks can become cooperative when attorneys get involved.

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org