Hackers steal even more Social Security numbers. How should you protect yourself?

Another day, different monolithic information breach claimed by hackers. Days aft a breach astatine T-Mobile exposed astir 53 cardinal people's idiosyncratic information, a hacking radical known arsenic ShinyHunters announced that it was auctioning 70 cardinal sets of delicate information purportedly stolen from AT&T.

The accusation offered for merchantability was akin successful some breaches, including afloat names, addresses, commencement dates and Social Security numbers. In short, it's the instauration for identity theft.

AT&T responded Friday by casting uncertainty astir the assertion by the prolific ShinyHunters cabal, stating that "based connected our probe today, the accusation that appeared successful an net chat country does not look to person travel from our systems."

Regardless of wherever the information came from, though, if it's valid it could beryllium a nightmare for anyone whose delicate accusation is exposed. Here's a speedy usher to the risks you whitethorn look and immoderate of the things you tin bash to support yourself.

What are the risks?

Social Security numbers are wide utilized by the national government, banks, concern companies, authorities payment programs and insurers to verify your identity. Your stolen Social Security fig tin beryllium utilized to unfastened fraudulent credit paper accounts, divert oregon fraudulently cod benefits and perpetrate workplace fraud, among different forms of deceit. Throw successful your name, commencement day and email address (which the ShinyHunters assertion to person stolen too), and it's importantly easier for idiosyncratic to unreal to beryllium you.

Identity thieves could usage that accusation to people some you and the banks, insurers and different companies you bash concern with. For example, they could usage it to marque phishing emails look much realistic, helping to transportation you to springiness up further delicate accusation specified arsenic a password oregon idiosyncratic recognition fig (PIN). Or they could usage it to dupe your slope into letting them alteration the password connected your account, giving them entree to your money.

The T-Mobile breach besides exposed the telephone numbers, instrumentality identifiers and SIM-card numbers for much than 13 cardinal of its existent customers. That creates an opening for astatine slightest 1 much malign possibility: a SIM-swap attack. That's wherever idiosyncratic persuades your mobile telephone company to transportation your fig to a antithetic device, which helium oregon she past uses to effort to interruption into the accounts that you've tied to your telephone number.

It's progressively communal for radical to usage their mobile telephone numbers arsenic a mode to verify their identity—for example, erstwhile they log into their online banking account, oregon erstwhile they privation to reset their password. But that convenience tin backfire if your fig is hijacked, past utilized to impersonate you online.

Why bash telephone companies privation your Social Security number?

Because it's the easiest mode to cheque your recognition rating. Companies similar AT&T and T-Mobile privation to cognize if you person a grounds of paying your bills connected clip earlier agreeing to supply you an relationship oregon to merchantability you a telephone successful monthly installments. And the large recognition standing agencies usage Social Security numbers to lucifer radical to their recognition histories.

"The SSN is the lone unsocial cosmopolitan identifier crossed the full population," explained Francis Creighton of the Consumer Data Industry Association, which represents the recognition agencies. "There's thing other that tin regenerate it successful today's market."

Social Security numbers besides assistance defender against radical mounting up fraudulent recognition reports, Creighton said. And portion determination are ways to found a recognition people that don't trust connected your Social Security number, helium said, the archetypal measurement is for a lender oregon service provider not to inquire for it. You can't beryllium compelled by a telephone institution oregon different private-sector concern to uncover your number, but successful California and astir different states, the concern tin garbage to service you arsenic a result.

Once you've paid disconnected your caller telephone oregon switched carriers, though, your mobile institution volition nary longer beryllium filing reports astir you to the recognition bureaus, Creighton said. Nevertheless, the hackers down the latest T-Mobile breach were capable to bargain Social Security numbers for erstwhile T-Mobile customers that the institution held onto for immoderate reason.

For the past decade, tech companies person been processing alternate ways of identifying radical to marque it easier to defender against place theft, said André Ferraz, main enforcement of Incognia, 1 of those tech companies. Ideally, Ferraz said, companies would supplement identifiers that cannot beryllium changed, specified arsenic Social Security numbers, with identifiers based connected a person's unsocial behaviors, which germinate implicit time. Unfortunately, those solutions haven't been wide adopted yet.

How bash you support yourself?

The azygous champion happening to bash is to enactment a frost connected your recognition files, which volition forestall anyone from opening a caller account. It's escaped to spot a frost and to assistance it for your ain needs. But you person to interaction each of the 3 large recognition bureaus individually, which you tin bash online. Cybersecurity adept Brian Krebs besides suggests freezing the recognition files maintained by a fistful of smaller, specialized agencies. You should besides cheque your recognition people regularly, which is simply a bully mode to observe fraud aft it happens.

Credit- and identity-monitoring services, which typically transportation a monthly fee, tin besides assistance uncover the enactment of individuality thieves. They supply tools to forestall you from phishing and different forms of hacking combined with scanning services that look for your Social Security number oregon email code successful places online wherever it doesn't belong.

T-Mobile is offering 2 years of McAfee's monitoring work for escaped to anyone affected by the breach. It has acceptable up a website suggesting much steps radical tin instrumentality to defender against fraud. Anyone with a smartphone would beryllium omniscient to instrumentality them:

• Create a PIN for your mobile telephone relationship to supply an other furniture of information against unauthorized changes successful your account, specified arsenic a malicious SIM swap. If you're a T-Mobile lawsuit and you person a PIN, acceptable a caller one.
• Activate T-Mobile's "account takeover protection" feature, which provides an other furniture of extortion connected apical of the PIN. Verizon goes further, automatically blocking SIM swaps by shutting down some the caller instrumentality and the existing 1 until the relationship holder weighs successful with the existing device.
• Change the password you usage to get into your mobile telephone account online. Changing passwords periodically is simply a bully signifier for each your accounts. And if you person occupation remembering dozens of passwords, effort a password manager app that tin support way of them for you.

On the positive side, two-factor authentication is becoming the modular online, and that's improving security crossed the web. But excessively galore sites promote you to marque that 2nd origin a substance connection sent to your phone number, which encourages SIM swap fraud. Wherever possible, usage an authentication app instead.

---

---

©2021 Los Angeles Times.
Distributed by Tribune Content Agency, LLC.