Experts say the 22,396 current and former University of Missouri System employees who are potential victims of personal data theft in Friday’s computer security breach should check their credit reports regularly for at least the next three years.
“The Social Security number can be a gift that keeps on giving to an identity thief,” said Travis Ford, consumer educator for the Missouri Attorney General’s Office. “They can take out a loan, make a credit card account, or take out an apartment in another person’s name.”
Ford said people should keep a steady eye on their credit report for signs that someone has tried to establish a new credit line. Thieves can use the information at any time.
UM spokesman Scott Charton said that the university is still contacting as many affected former employees as possible. The system sent out about 13,000 letters to potential victims who may not have been reached through the system’s e-mail alert, which was sent Tuesday morning.
“We’ve gotten a lot of addresses in cooperation with the alumni associations in order to reach these people as quickly as possible,” Charton said. “Whether it’s by e-mail or word of mouth, we are encouraging people to spread the word.”
Charton said that as soon as the MU Police Department was notified of the security breach Monday morning, a team that included Gary Allen, UM vice president of information technology, Beth Chancellor, MU chief information officer, law enforcement officers and university officials began to coordinate how to communicate the details of the security breach to the public.
“Monday was spent fully verifying the facts of the situation,” said Charton, who was part of the team. “We wanted to make sure that the information was completely accurate so as to not cause undue panic on an extremely large number of people.”
Ford says Social Security-related identity theft is much harder to identify and control than information stolen from existing accounts.
“With a Social Security number, I can take your personal information where I go and open up a completely new account in your name, where you bear the credit responsibility,” said Ford.
Charton said UM advised affected employees to contact one of the three major credit reporting agencies, each of which offers one free credit report per year. Charton said the university hot line had fielded more than 2,500 calls as of 2 p.m. Wednesday. Many callers wanted to know if the notification e-mail was legitimate and if the university would cover the cost of permanent fraud and identity theft insurance. The university has no policy or provision in place to do that, he said.
“We’ve had quite a few people call about us covering these costs,” Charton said. “However, this would be a large tab for a publicly funded university to pick up, and any possibility of such a sizable expenditure would have to be extensively discussed first.”
Ford said many organizations don’t even bother to notify employees when such security breaches occur. However, he said the more information made available to potential victims, the better the chance of thwarting illegal use of the data.
“It gives victims a chance to understand their information might actually be in use by a thief,” he said.
Congress is currently considering requiring organizations that maintain personal data to tell their employees and law enforcement officials when they experience a breach.
Ford says individuals who discover evidence of identity theft should contact the institution that holds the accounts in question and begin challenging suspicious activity. People can also file complaints with the Missouri Attorney General’s office’s identity theft hot line at 800-392-8222 to help get charges removed from bills and remove inaccuracies from credit reports.
Further information about Social Security fraud is available at socialsecurity.gov/pubs/10064.html.