Leaked info can turn your life and bank accounts upside down.
One man knows this all too well. Our NBC colleagues interviewed a consumer who we will call Stephen.
Watch NBC6 free wherever you are
WATCH HERE
We are not using his real name or location because crooks launched a repeated, all-out attack on his identity.
“I want to scream the message,” Stephen said. “I was so paranoid… I was, like, ‘How do they keep getting in?’”
Get local news you need to know to start your day with NBC 6's News Headlines newsletter.
SIGN UP
He says they hacked his email, drained his frequent flyer account, got cash advances from his credit card, and he couldn’t stop it.
“I couldn’t prove that I was me,” Stephen said.
Stephen says the con started when a corporate data breach leaked his social security number. A thief then called his bank.
Responds
Responding to every consumer complaint
“And successfully impersonated me, using my leaked social security number,” Stephen said.
If you watch the news daily, it sure seems like we are telling you about a new data breach almost daily.
But when it comes to how consumers are notified by a company that their information has been compromised, it depends on where they live. In Florida, a company has 30 days after they determined or believe the breach has occurred to notify you.
“I think the reporting needs to be done in days, not weeks,” said Sen. Mark Warner, D-VA.
Privacy experts told us there’s no effort to get data breach notices to you any faster.
So what can you do?
Quietly, but firmly, Stephen says he took steps to protect his identity.
“Before this, I had a credit freeze, I had two-factor, I had complicated passwords… and none of that mattered,” Stephen said.
So, what’s left to do? He says limit or clean up your online footprint. He even asked at work.
“I asked my employer to take my face and bio off the website… because I didn’t realize how much damage they could do,” Stephen said.
Stephen is convinced the ID thieves too easily answered his bank’s security questions after they got his breached social security number and looked him up online.
“It’s enough to steal your identity,” Stephen said.
Stephen also recommends asking about adding a spoken password to access your accounts over the phone. This adds another layer of security that might prevent another imposter from making the call that started his nightmare.
“Calling and putting a verbal password, a verbal PIN on every account -- because that is the way you will prevent them from getting hacked,” Stephen said.
You can also limit the amount of information you share with companies.
