Lifelock’s CEO’s Identity Stolen…
An article in the Sun Times discusses the failure of the credit protection service, Lifelock, for protecting it’s very own CEO, Todd Davis, from the abuse it’s designed to protect. According to the article, there were 87 instances where people tried to use Davis’s social security number for dubious purposes. One of those times the person was successful, and was granted a $500.00 loan in Davis’s name.
Davis excuses this breach by saying the institution giving the loan didn’t run his social security number through any of the 3 credit reporting bureaus. But this infringement just goes to show that there are a whole bunch of use-cases for bad guys to steal your identity and do other very nasty things with it. The article points out a bunch of examples such as dealing with job applications, medical services and even when dealing with the law. Leave it to the imagination of a determined criminal and with the far reach of the internet and I’m sure the possibilities of wrong doing are limitless.
While the Lifelock service does have some merit, it’s certainly not the silver bullet of identity protection. Just like anything that has value, you must keep your identity information very close to you and only let it out when absolutely necessary. The responsibility of protecting one’s own identity is still belongs to that individual.
At BeenVerified we are super careful not to ask for our users’ social security numbers’ unless absolutely necessary and even then we only ask for the last 4 digits and never store it. We use it one time and it’s gone from our system. Additionally we have super secure systems. We use time tested best practices for locking our servers and keeping our code secure from attack.
Any user that is prompted for a social security number from a website must have extreme confidence in that institutions security measures. Read the security policies, privacy policies and do some research about the company. Even then, I would recommend rethinking the sharing of that information unless it was absolutely necessary.
As for website owners, I suggest to try and find other methods of achieving the same goals without using your user’s social security numbers or any sensitive information for that matter.
Also, to those who wish to get the benefits of Lifelock without paying for it, you can get the same service for free by contacting any of the 3 major credit bureaus.
According to the Transunion Fraud Page:
A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you. It also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting companies. As soon as that company processes your fraud alert, it will notify the other two, which then also must place fraud alerts in your file
Please make sure to contact each bureau individually to ensure that each one has placed the protection on your account as some people have reported that the sharing of information between the three are sometimes very slow.
