Note: this writing has been updated with new information August 25, related to the credit bureaus; August 29, 2024 relating to Login.gov, August 31 related to credit bureau fraud alerts.
After being notified by Have I been Pwned that my social security number and other information has been stolen yet again, it was time to up my game when it comes to securing who I am. Especially when using two online tools that checked my data in the NPD breach and discovering that the records contained my Social Security number, phone numbers, Date of Birth (not always accurate), and address for every address I have lived at for over 30 years.
All information that can be used to not only get a credit card or bank account, but that can be used to create an account at the major credit bureaus. Enough information to steal who I am.
My SSN had been stolen previously from an ATT hack, which I’ve still never forgiven ATT for. That came with a year of credit monitoring, which I am using. I also have alerts at Credit Karma, my banks, my credit cards, and so on so that any activity triggers a text or email.
I also set up two-factor authentication at every online site I access. My geeky sites, such as this weblog, my domain manager, and my server company, as well as my ID.Me login all require the use of an authenticator app. My bank, credit cards, insurance companies, and so on use token notification: either sending a code to may email, or sending a text message to my phone.
In the last week, I took the extra step I should have taken a while back, and froze my credit reports at the four credit bureaus.
Yes, four.
I’m covering all these steps I’ve taken the last few days so that folks can check their own security procedures.