News Articles

What Should You Do When Your Identity Has Been Compromised?

Source: Radware, 31/07/2020

In 2018, the trend of large data breaches continues with electronic toymaker Vtech settling for $650,000 after suffering a data breach that resulted in exposed personal information about millions of children. Just in the last few months, major breaches targeting payment processing systems at Chili’s, Rail Europe and Macy’s have occurred, resulting in the exposure of customers’ credit card details such as card numbers, CCV codes, expiration dates and in some cases additional information like addresses, phone numbers and emails.
For-profit criminals will move very quickly once they gain access to PII or payment information, so you will need to act fast. Harvester will target and launch a number of different attacks designed to obtain and steal your personal information from vulnerable or exposed databases. They are looking for a complete or partial set of information such as name, address, SSN, date of birth, mother’s maiden name, Personal Identification Number (PIN) used for credit and debit cards, passwords, bank and account numbers, credit report, investments, insurance, loan information or medical records so they can resell that information for a profit.
Aetna, CarePlus, Partners Healthcare, BJC Healthcare, St. Peter’s Surgery and Endoscopy Center, ATI Physical Therapy, Inogen, UnityPoint Health, Nuance Communication, LifeBridge Health, Aultman Health Foundation, Med Associates and more recently Nashville Metro Public Health, UMC Physicians, and LabCorp Diagnostics have all disclosed or settled major breaches in the healthcare vertical this year. Medical fraud can be one of the hardest to detect and is often only discovered after the victim receives a bill for a procedure that never took place. The reason why childrens’ records are highly targeted is often because they have clean credit and it takes longer for the parents to discover their child’s medical identity has been compromised.
Personal data is in demand and quite valuable on today’s black market. Criminals will normally sell the information obtained in bulk or in packages on private forums to other criminals who have the ability to quickly cash the accounts out or commit other types of fraud. Other data will also find its way to public auctions and marketplaces where the seller is trying to get the highest price possible for the data or attention for the hack.
Ultimately, the process of repairing your identity is not easy but it is a manageable process. Once you suspect that you have become a victim of identity theft, you should take immediate action.
How much does your data cost?
Stolen data can be found on both the clear and darknet. One is not exclusively better than the other. While public sites exist that sell this type of personal data, the more recent and sensitive data breaches are typically found on crime forums that are closed to the public.
When a criminal gets ahold of your Personal Identifiable Information (PII) such as banking account details or identification, they can use these types of data points to open phone contracts, loans, and create banking accounts.
Google Results for Stolen Data
In general, stolen credit card information is everywhere with the cost of a single card anywhere from $10 to $15 on average, depending on a number of factors such as card type, value and location. Normally this digital sell would include card number, expiration data, cvv2, cardholder name, zip, city, address and sometimes also email or phone number. Full bank account details can sell for $25 per record and includes first name, last name, phone, address, city, state, zip, date of birth, SSN, routing number, account number, and bank name.
Data for Sale
Physical cloned ATM cards with PIN numbers can be purchased as well and normally sell for $300 per card. Physical identification such as passports and drivers’ licenses can also be found and sold online. They can be customized to your preference. For example, if you had someone else’s identity you could duplicate their physical identification cards for a number of malicious activities. The price for a physical passport starts around $1,000 and can dramatically increase in price based on the country and information required on the document. Physical drivers’ licenses and identification cards sell for around $250 per card.
Data for Sale
Recently the more popular form of identification for sale in the marketplaces is digital passports and drivers’ licenses. These are fake digital copies designed to be used for account verification with websites like Coinbase or Facebook and sell for between $10 to $20.
In general, the price for data can dramatically vary. If you are looking for specific, one-off documentation on a target the price rises, but if you are buying in bulk the price per Fullz can drop to .50 cents per unit and below.
Sometimes the data obtained by the criminal is incomplete, but that data can be used as a stepping stone to gather additional information. Criminals can use partial information to design a spear-phishing kit designed to gain your trust by citing a piece of personal information as bait. If the target falls victim, they can end up disclosing enough details to complete the information required for the next step by the criminal.
How to check if your identity has been compromised
There are a few ways that you can check to see if your identity has been compromised. If you suspect that you may have been compromised, I would suggest that you first check your recent banking and credit card statements for any transactions you can’t explain, as well as reviewing your credit report. In the credit report you want to look to see if anyone has opened a new credit card or bank account in your name. You will also want to check your accounts to see if anyone has changed your billing address. One indication that someone may have stolen your identity is if you stop receiving your bills or other physical mail at your place of residence.
Other signs of identity fraud can include auto loans for a vehicle you do not own, medical bills for a service you haven’t received, maxed-out benefits, medical records showing a condition you don’t have, IRS notifications of multiple tax return files or a breach notification from a company you haven’t done business with.
What to do once it’s been compromised?
Once you notice or suspect that your identity has been compromised, you should immediately notify your creditors and banks that have been affected. The next step you should take is to place a fraud alert on your credit report. Contact one of the three credit-reporting agencies’ fraud department. This will prevent identity thieves from opening accounts in your name and will protect you from unauthorized charges made by the thieves. One you have reported the fraud to one credit agency, they will have to contact the other two.
Equifax Fraud Department
Call 1-800-525-6285

Experian Fraud Department
Call 1-888-397-3742

TransUnion Fraud Department
Call 1-800-680-7289
Continue to monitor your credit report. Victims of identity theft are normally entitled to a free credit report. I would personally suggest waiting 30 days until requesting an additional report so you can see suspicious activity on your account after placing the alert. When looking at this second report following your compromise, look for personal information that has changed, such as name, date of birth, SSN, address, employer and so on. Look for credit checks or inquiries from companies you didn’t contact, accounts and credit cards you didn’t open or charges on your account you can’t explain. You should also consider putting a freeze on your credit. At the very least you should contact your lenders, bank and insurance company and inform them about the situation. Ask to open new accounts with new personal identification numbers and passwords due to the breach.
You will also need to contact the U.S. Federal Trade Commission (FTC) and file an official report. You will find on the FTC website a number of resources for different types of identity theft and how to report them.
Report the identity theft to:
File a police report with your local precinct and send a copy of that report to your creditors. They will need this information to investigate fraudulent activity on your report.
If your social security number has been found to be compromised, notify the office of the inspector general at:
Additional steps you can take when facing identity theft are creating a new email account and updating all of your profiles with a new username and password. It also might be a good idea to get a new driver’s license depending on the degree of compromise, along with a new phone number.


  •    * *A draft law by the Gauteng provincial government seeks to ban foreign nationals from opening and operating certain businesses in the province`s townships. * * *The proposal sparked praise and criticism, with social media users expressing concern that it may help fan the flames of xenophobia.... Read more...
  •    A long list of countries will be red-listed by South Africa, ministers announced on Wednesday, including the USA and UK. • `Ordinary` travellers ` tourists without business in SA ` will not be allowed from those countries. • Risk levels for other countries will be determined relative to SA`s rate of infection spread and deaths: high-risk countries are those with higher levels than SA. • Everyone travelling to SA will be required to show a recent, negative test for the coronavirus, and must have travel insurance in place.... Read more...
  •    It has taken four years of legal battles ` but now, if you were born in South Africa to foreign parents, you can apply for citizenship. It has been an “agonizing journey” for those who consider South Africa to be their only home.The department of home affairs’ opposition to the court bid by five adults, representing others in a similar situation, for the vindication of their rights, was dealt a death blow by the Constitutional Court last week. The court simply ruled that it would not hear any further argument on the matter.... Read more...
  •    South Africa`s borders open for all foreign travellers on Thursday, and airlines already have flights lined up. But there is still no list of countries for which travel restrictions will apply, based on their level of coronavirus risk.... Read more...
  •    A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages.... Read more...
  •    A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages.... Read more...
  •    The Gauteng government has published the Gauteng Township Economic Development Draft Bill for public comment. First announced in the 2019 State of the Province Address, the bill seeks to enhance the regulatory management of the township economy to ease the regulatory burden on local enterprises.... Read more...
  •    Security experts have given an insight into how a targeted ransomware attack took down the network of a food and drink manufacturer after hackers took advantage of common security vulnerabilities. The crooks used a phishing attack and took advantage of a number of vulnerabilities ` from old hardware to default passwords ` to first deploy Emotet and Trickbot malware before delivering the Ryuk ransomware and attempting to extort a fee from the victim to restore the network.... Read more...
  •    Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it`s unlikely to stop being a menace any time soon.... Read more...
  •    The cabinet’s decision to open the country’s borders on 1 October 2020 to “most” countries is a significant milestone in placing the sector on the irreversible path towards full recovery, says Tourism minister Mmamoloko Kubayi-Ngubane.... Read more...

Get the latest Immigration News