Quoted:
Not sure if anyone here has followed the news on this, but hackers broke in to the South Carolina Department of Revenue, obtained access to millions of citizens' social security numbers, our childrens' numbers, and our bank account numbers and data. They essentially stole everything on the return.
So we are scrambling to come up with a plan to mitigate our own personal loss.
I am thinking that we need to close all bank accounts, and simply re-open new ones and ask if the credit union can assist with any costs associated with this (new checks printed, etc.)
We just had gotten the life lock service, but honestly it sounds hokey to me.
This may be one of the times I really need good advice from a collective of smart folks. There are many SC residents that post here, so you could potentially be helping us all with any advice I have overlooked.
THANK YOU IN ADVANCE.
I recently went through this exercise (false alarm, fortunately). Oh man it was horrible, my file with scans of SSN/bank statements/payroll/retirement/EVERYTHING financial about me was in there. It's a very exposed feeling when you learn your are compromised. I found it later in a corner of the file cabinet - thank God.
There are various levels of response depending on the compromise. Closing accounts, credit cards, etc. isn't needed if the thief doesn't know those accounts exist anyway. Opening new ones (which you have to) will have the same vulnerability of someone with your info. Think "Hello Bank of America? I forgot my account number, but here's my SSN, can you help me access my account?..." Well, if you do business with BoA, you're used to getting fucked regularly anyway, so maybe no difference. Plus a thief can still open new ones on their own.
The good news, is there are things you can do to prevent that.
First thing you do is contact 1 of the three credit agencies and fill out the on-line form which will freeze your credit access. Any one will do, they'll automatically tell the other 2. In that way, no one can open a new account anywhere in your name without them contacting you first to confirm. It's only good for 3 months, and then you have to do it again and again though. Or you can pay LifeLock to do it for you, but I don't see the point in that. It's just yet one more agency that gets all your personal information to later lose. http://ssa-custhelp.ssa.gov/app/answers/detail/a_id/329/~/identity-theft,-fraud-or-misuse-of-my-social-security-card (By the way, do a sniff test confirm any links you see on line for sensitive stuff like this. For all you know, I sent you a bogus link to a fake form.) In this case, go to ssa.gov and make sure it's legit, and has lots of legit Google hits and links to it. If it's fake, Google isn't going to give you 10,000 links to it.
Second, you can contact your bank, and they can put an elevated security level on your account. If you got direct deposit on your return from the State, then the thieves have your bank info. And they might sell it. And in that case, yea, you probably should close that account. When you open a new one, the bank can basically lock it, with extra protections that let you still use it, but ask lots of verification questions. For example, my bank has a deal where I get an alert when basically anything happens on my account. I log into my account to look at my balance: bing, I get a text message saying someone logged in. I like that.
Third, you can contact your financial agencies and let them know you have been compromised. They talk to each other, because one bank I hadn't gotten around to contacting went all high-security on me last time I called. Which is fine.
Fourth, watch your accounts. Log in regularly and make sure there's no funny business.
Fifth, watch your credit activity. You can get free credit reports from the aforementioned credit agencies.
Sixth, RELAX. You're going to be OK. Your money is FDIC insured. You're probably not that interesting. This really does happen everyday. Go make love to your wife, have a beer, watch the game - confident that you've done everything you can to make sure it's under control. Think of it this way, there are probably hundreds, if not thousands, of people who already touch your personal information (SSN/BDay) anyway - and you haven't been hit yet.