Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Articles / Sony Hackers Have Your Personal Information. What You Can Do.

December 14, 2014 by stan

Sony Hackers Have Your Personal Information. What You Can Do.

Work for Sony? Employee? Contractor? Writer? Cinematographer?

If your paycheck or your pension or your medical insurance has its origins at Sony, then you are at risk.

If Sony has your email address, then you are at risk.

  1. Financial Fraud. Cybercriminals use financial information about you to commit fraud, stealing money from your bank account or charging merchandise on your credit card.
  2. Identity Theft: Cybercriminals use your social security number and other financial information to open bank accounts in your name, take out loans that you have to repay, even sell your house out from under you.
  3. Medical Identity Theft: Cybercriminals sell your medical insurance identity to people in need of drugs, surgery, even transplants.
  4. Phishing Attacks: At its most benign, you may see an increase in ads for organ enlargement medicines. At its worst, these phishing attacks will be attempts to take over your computer, stealing your sensitive information while making your computer a part of a botnet used to commit computer crimes.

Fortunately there are several things you can do to lower your risk.

Financial Fraud and Identity Theft

The basics

  1. Monitor your credit regularly (AAA California offers members a free service)
    1. http://www.equifax.com
    2. http://www.transunion.com/
    3. http://www.experian.com/
  2. Regularly review your bank, credit card and investment accounts for fraudulent activity.
  3. Check your credit report regularly. You can get a free annual credit report from each of the 3 bureaus. https://www.annualcreditreport.com/index.action.

Place a free fraud alert on your credit.

Federal Trade Commission: http://www.consumer.ftc.gov/articles/0275-place-fraud-alert

  1. What it is: A fraud alert can make it harder for an identity thief to open more accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you.
  2. How to get it: Ask 1 of the 3 credit reporting companies to put a free fraud alert on your credit report. They must tell the other 2 companies. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days but you can renew it.
  3. Renew it every 90 days

Place an extended fraud alert on your credit.

Federal Trade Commission: http://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes

  1. What it is: When you place an extended fraud alert on your credit file, you can get 2 free credit reports within 12 months from each of the 3 nationwide credit reporting companies, and the credit reporting companies must take your name off marketing lists for prescreened credit offers for 5 years, unless you ask them to put your name back on the list. The extended alert lasts for 7 years
  2. How to get it:
    1. Create an Identity Theft Report. Follow the steps at http://www.consumer.ftc.gov/articles/0277-create-identity-theft-report.
    2. Contact each of the credit bureaus, fill out their paperwork and send them a copy of your Identity Theft Report.
  3. Renew it every 7 years

Freeze Your Credit

Federal Trade Commission: http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

California Attorney General: http://oag.ca.gov/idtheft/facts/freeze-your-credit

  1. What it is: A security freeze means that your credit file cannot be shared with potential creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts without first checking a consumer’s credit history. If your credit files are frozen, even someone who has your name and Social Security number would probably not be able to get credit in your name.
  2. Lifting the Freeze: You will need to lift your credit freeze whenever you want to open up credit such as buying a car or signing a lease.
  3. Costs: The cost of a freeze varies from state to state. It’s often free for identity theft victims with a charge of $10 or less per credit bureau for non-victims. Costs for lifting a freeze also vary by state.
  4. How to get it: Contact each of the 3 credit bureaus

Repairing Identity Theft

http://www.consumer.ftc.gov/topics/repairing-identity-theft

  1. Place an Initial Fraud Alert
  2. Order Your Credit Reports and Review
  3. Contact the FTC to report the crime
  4. Create an Identity Theft Report
  5. Freeze your credit
  6. Repair the damage: http://www.consumer.ftc.gov/articles/0290-repairing-your-credit-after-identity-theft

Medical Identity Theft

http://www.consumer.ftc.gov/articles/0171-medical-identity-theft

Detecting Medical Identity Theft

  1. Read your medical and insurance statements regularly and completely. They can show warning signs of identity theft.
  2. Read the Explanation of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment.
  3. Check the name of the provider, the date of service, and the service provided. Do the claims paid match the care you received?
  4. Other signs of medical identity theft include:
    • A bill for medical services you didn’t receive
    • A call from a debt collector about a medical debt you don’t owe
    • A medical collection notices on your credit report that you don’t recognize
    • A notice from your health plan saying you reached your benefit limit
    • A denial of insurance because your medical records show a condition you don’t have.

Correcting Errors in Your Medical Records

  1. Get copies of the fraudulent medical records from the listed health care providers
  2. Review the records, reporting errors to the health care providers
  3. Notify your health insurer(s) and all 3 credit reporting agencies

Phishing Attacks

  1. Be vigilant, be alert for Phishing Attacks.
  2. Don’t click on links or open attachments in emails unless the email is from someone you know AND you were expecting the email. When in doubt, don’t.
  3. Use an anti-virus program and make sure it’s up-to-date.
  4. Keep your computer workstation patched. Software developers issue ‘patches’ every week to fix security vulnerabilities.
  5. Subscribe to Citadel’s CyberSecurity Newsletter to receive our free weekly Vulnerability and Patch Report in your inbox every Sunday afternoon.
  6. Consider changing your email address.

Filed Under: Articles

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy