Has your newborn’s identity already been stolen? The experts at NerdWallet have answers.
How to Navigate the Yahoo Data Breach Settlement
If you had a Yahoo account anytime between 2012 and 2016, you may be entitled to part of a $117.5 million proposed settlement after a series of data breaches and intrusions from 2012 through 2016.
Information taken includes emails, passwords, birthdates, security questions and contacts.
If you’re affected, you can sign up for at least two years of free services, including credit and identity theft monitoring. Or, you can opt to file for alternative cash compensation, of up to $358. (Note the “up to” — payments are unlikely to be nearly that high.)
You won’t likely see any compensation for at least a year, according to Yahoo. Here’s how to navigate the settlement and steps to take if your data was compromised — or even if it was not. Data breaches are common, and the risk is real.
1. See if you are eligible
Anyone who had a Yahoo account — Yahoo email, Yahoo Fantasy Sports, Yahoo Finance, Flickr or Tumblr — between the beginning of 2012 and the end of 2016 and is a resident of the United States or Israel can file a claim.
Look for details in your Yahoo mailbox if you still have the account, with the subject line “Yahoo Security Breach Proposed Settlement.” Or go to the settlement administrator website.
2. Decide whether to opt in or out
If you sign up for compensation, you’re opting into this settlement and giving up your right to sue separately. If you want to keep your right to sue the defendants, you have until March 6, 2020, to exclude yourself. That has to be done in writing. Send your letter to:
In re: Yahoo! Inc. Customer Data Security Breach Litigation
c/o Settlement Administrator
P.O. Box 1760
Philadelphia, PA 19105-1760
If you decide to take part in this settlement, fill out a claim form linked at the upper right on the settlement website. Or download, fill out and mail the appropriate form from the list at the lower right. You can choose either the credit monitoring or alternative cash reimbursement. If you were affected by the Equifax data breach and already signed up for credit services through that, take that into consideration when choosing.
Credit and identity theft services: You are eligible for two years of credit monitoring covering the three major credit bureaus, provided by AllClear ID. You also get: identity theft insurance; monitoring and notification when stolen identity information has been detected and reported; restoration services if you experience identity theft or fraud; ID theft scan for your minor children; and lost-wallet assistance.
Alternative cash reimbursement: If you already have credit monitoring in place, you can file for cash reimbursement. There’s an initial cap of $100, however that could go up or down depending on the number of valid claims. Settlement documents say you can get up to $358 if few enough people seek compensation, but that seems unlikely. If enough valid claims are filed so that funds are exhausted, the cash awards will be reduced proportionately.
Temper your expectations: The settlement is $117.5 million. That money has to cover credit monitoring costs, the reimbursement for out-of-pocket costs, the cost of class-action notices, settlement expenses and attorney fees. The settlement website FAQ says lawyers could be paid up to $30 million, and up to $2.5 million for expenses, which would shave the settlement to $85 million.
Deadline: You must file your claim online or mail it by July 20, 2020.
3. Decide whether to claim other compensation
You might be compensated for time spent trying to protect yourself as a result of the data breaches. Again, if the settlement funds won’t cover all the valid claims, reimbursement will be cut proportionally.
TIme spent: Compensation may be offered for time spent remedying ID theft issues that can be reasonably connected to the breach. That will be offered at $25 an hour or your documented wage, if higher. Claims must be documented.
Out-of-pocket costs: If you paid for Yahoo premium or small-business services, you may be eligible for reimbursement for a percentage of those fees. You can also file for credit freezes you paid for or credit monitoring services you ordered after Jan. 1, 2012.
4. Take these steps now
The prospect of a little windfall can overshadow the bad news that what the settlement website calls “malicious actors” may have access to your personal data.
If you still have your Yahoo account, even if you don’t use it often, change your password and security questions.
In general, assume your data is out there, if not from these breaches, then from Equifax or Capital One — or the next one.
- Freeze your credit so that no one can open a new credit account in your name.
- Protect your children by freezing their credit as well. They should not have credit reports, but an identity thief may be able to create a fake consumer using their Social Security number.
- Always check credit card statements to be sure you recognize the purchases.
- Check your medical insurance claim forms carefully. If someone has used your personal data to steal health care services, results could be serious if medical histories are mixed up.
- Ask questions before putting your Social Security number on forms. Know why it is needed and how it will be protected.
- Be cautious about what you post on social media and check your privacy settings. Assume that you are only as protected as your least-protected connection.
Has Your Newborn’s Identity Already Been Stolen?
Imagine discovering that your newborn’s brand new Social Security number has already been used to construct what Eva Velasquez, president and CEO of the Identity Theft Resource Center, calls a “Frankenstein monster of identity.”
Parents may discover their newborn’s tarnished Social Security number when they try to use it to file taxes, apply for government benefits or attempt to freeze the baby’s credit. Suddenly, an application or tax form is kicked back.
“And the parents go, ‘What are you talking about?’ They don’t even know what this means,” says Velasquez, whose nonprofit helps victims of identity theft. “And … through no fault of their own, they’re left holding the bag and they are the ones that are now responsible for cleaning up that mess.”
An identity theft victim at birth?
The rise in synthetic identity theft — where criminals piece together a fake consumer — is an unintended consequence of Social Security number “randomization,” which was initiated in 2011 to expand the pool of available numbers, she says.
Old Social Security numbers had clues to geography and birthdates in the digits. Randomizing the numbers made it harder for scammers to guess them — but also made it harder for creditors to spot the bogus use of a Social Security number on an application.
Before randomization, criminals typically purchased minors’ Social Security numbers on the black market or tracked down the numbers of dead children. But now, sometimes the number “is just completely made up,” Velasquez says. Fraud-detection measures used previously have become ineffective because it’s no longer possible to pair a Social Security number with a location or approximate age.
Criminals often start with a not-yet-issued Social Security number to create a fake identity. If it works, the number becomes attached to a credit file for a consumer who doesn’t exist.
How the number gets in the credit system
“You can create a credit file with almost nothing,” says Adam Levin, chairman and founder of CyberScout, a company offering identity theft education and resolution services. When a credit card application with a previously unused Social Security number arrives, a new credit file is started based on the information in that application.
The thief often starts small, say, with a card marketed to credit newbies, then builds on that to get more accounts with bigger credit limits. Then, they suddenly max out all the accounts — a “bust-out” scheme — and walk away, leaving the accounts to go to collections and never to be paid. The child’s credit reputation is left in tatters, but that’s often not discovered until the child is old enough to apply for credit, by seeking a college loan, for example.
Velasquez says the solution lies in creating a process where financial institutions and other credit grantors can verify an applicant’s name and number with the Social Security Administration for identity confirmation. That’s in the works, she says.
It’s essential to freeze credit
In the meantime, the best protection is to freeze kids’ credit. While it’s possible parents will discover that a child’s Social Security number has already been used to build a synthetic identity, chances are it hasn’t. (If it has, the sooner you clean up the mess, the better.)
Freezing a child’s credit can prevent their Social Security number from being used to open bogus credit accounts. Both Levin and Velasquez say they “absolutely” recommend freezing a newborn’s credit.
The mechanics are relatively simple. Parents will need to make and send copies of documents, including birth certificates, Social Security cards and government-issued identification, to each of the three credit reporting bureaus.
Go online to Equifax and Experian to print out request forms to complete and mail in with the required copies of documents. The mailing address is on each form. TransUnion doesn’t have an online form; instead, to request a freeze, write a letter and send document copies to TransUnion, P.O. Box 380, Woodlyn, PA 19094.
Each credit bureau will send confirmation of the freeze, as well as a personal identification number. The PINs will be needed to unfreeze the credit file, so it’s essential to keep that information and store it in a secure place.
“Even if it is a little difficult, this is what parents should be doing,” Levin says about freezing kids’ credit.
This article was written by NerdWallet and was originally published by The Associated Press.
Stop Doing These 4 Things Online — Immediately
If you’re like many people, you might sign up for an online account at your gym, download the local movie theater’s app and share a cat video on Twitter all before 9 a.m. — and all without thinking twice. But when navigating the internet, security experts say, a little bit of deliberation often pays off by keeping your data more secure.
“We all have day jobs, but to a hacker, we are their day jobs,” says Adam Levin, former director of the New Jersey Division of Consumer Affairs and founder of CyberScout, which helps individuals and businesses deal with cybersecurity threats. “It’s not a fair fight.”
This National Cybersecurity Awareness Month, here are four routine things to stop doing online — and a few alternatives from cybersecurity experts.
1. Recycling passwords
Study after study shows that a majority of people reuse passwords across sites. This lets a hacker who uncovers your password in a data breach of one site easily use it elsewhere.
But what to do when everyone from your dog groomer to your grocery store wants you to create a login? Doug Jacobson, director of Iowa State University’s Information Assurance Center, recommends separating accounts into security tiers. The most sensitive — such as your financial accounts — should all get a unique, robust password. Slightly less sensitive accounts can share a set of strong passwords, and the least crucial, ones with little or no personal data attached, might share the same password.
To create a solid password, Levin suggests choosing a phrase that would be tough for others to guess and changing key characters: making an “o” a zero or turning a 1 into an exclamation point. You can also use a password manager, such as 1Password or LastPass, to create and store strong passwords that are random character strings.
2. Granting all the permissions apps request
Many apps ask for access to certain aspects of your phone’s data when you download them. And while it’s understandable that Google Maps wants to know your location, says Kurt Rohloff, director of the Cybersecurity Research Center at the New Jersey Institute of Technology, other apps have less transparent intentions when collecting your data.
Your data might be used simply for marketing purposes, but unless you’ve done a deep dive into who’s making all your apps, it’s better to be cautious. Apps should have “the bare minimum [information] they need to provide services,” Rohloff says.
If you’ve already given an app too much access, try adjusting its permissions in your phone’s settings, Rohloff says. For directions, click here if you have an Android, and here if you have an iPhone. And if that breaks the app, find an alternative.
3. Oversharing on online account applications
You probably know the pitfalls of posting vacation updates — hello, burglars — or giving your Social Security number just because a form has a blank for it. Any personally identifying information you disclose that falls into the wrong hands can “[give] hackers a pathway into your life,” Levin says.
When creating an online account, Jacobson says, “Give them only the information that has the star by it,” indicating a required field. “You don’t need to fill out your full profile.”
And you need not always be truthful, either. For example, you can supply a fake mother’s maiden name or high school mascot for security questions, Levin says. “No website is going to conduct a national security clearance to see if you are who you say you are,” he adds.
4. Trusting appearances
Scam emails don’t always come complete with typos and graphics from 1997 to tip you off. In fact, Jacobson says, he recently received an email from a hacker masquerading — somewhat convincingly — as his boss, asking for money. These messages can also harvest your account information or install malicious software on your computer.
“Always independently confirm who that company is or who that individual is through another source,” Levin says. That might involve calling the supposed sender to confirm the request. Make sure to use a number you know is safe — for example, one you find on your bank’s own website as opposed to clicking through the email.
And if you’re ever entering payment information, look for the padlock symbol on your browser window. “What the padlock ensures is that the website you typed in is the one you went to … and the communication is encrypted,” Jacobson says.
Being cautious keeps you safe
Pausing to consider your clicks definitely makes the internet less convenient. But when you receive services for free online, Jacobson says, “you typically are paying for them with your information.” That doesn’t mean you have to delete all your accounts, but you should ask yourself if the service you’re receiving is worth the information you’re giving up.
Luckily, for most people, identity theft is a crime of opportunity, Jacobson says. So taking even small steps to safeguard your data can make you a less tempting target.
“Generally, my attitude about this is, something is better than nothing, and small things are better than no things,” Rohloff says.
Don’t Ignore the Signs of Financial Abuse
Nearly 70% of millennial women have experienced financial abuse by a romantic partner.
Let that sink in for a second.
That means, for every 10 women you know in that age group, odds are that seven of them have had a partner use money to control or manipulate them, according to a 2017 survey of 2,000 people ages 18-35 by CentSai, a financial wellness website.
Sadly, it’s not surprising given that 1 in 4 women will experience intimate partner violence in their lifetime — often for the first time before they are 25 years old, according to the Centers for Disease Control and Prevention. And financial abuse is present in nearly all domestic abuse cases.
But financial abuse can and does occur absent of any physical violence. And it isn’t strictly a millennial problem, nor is it something that happens exclusively to women. Almost 50% of men in the survey by CentSai said they experienced some form of financial abuse.
Recognizing financial abuse
Financial abuse can run the gamut from subtle to egregious.
It might look like a partner who can’t keep a job or pay their share of the bills. Or one who makes you feel guilty for spending your own money. But it could also be a partner who offers to handle the household finances, then gradually restricts your access to those accounts.
Some other common forms of financial abuse:
- They open credit cards in your name without your knowledge.
- They default on accounts in your name, ruining your credit.
- They make you take out loans or borrow from your family, but don’t pay it back.
- They hide money from you.
- They refuse to let you work or try to sabotage your career.
If you feel like you’re being taken advantage of financially, bring it up with your partner. How they react will tell you a lot.
Do they get angry? Do they shift the blame to you? Do they make you feel guilty for questioning them? Or do they apologize and take meaningful steps to remedy the situation?
“A good sign is if you feel like you can have that conversation and your partner is receptive to it,” says Katie Hood, CEO of the One Love Foundation, a nonprofit that teaches young people how to identify and avoid abusive relationships.
But if you’re avoiding these types of conversations out of fear for how your partner could react, that might be a warning sign.
“When someone is in an abusive relationship … they basically start managing their life around another person’s anger and volatility,” Hood says.
Look for patterns
Financial abuse, like most forms of abuse, typically isn’t a one-off behavior, but part of a trend that escalates over time, so it’s important to look for the patterns, Hood says.
“I think about it like falling down a rabbit hole,” Hood says. “It starts out great — you’re adored. The next step is isolation … they basically pull you away from your support network and tether you to them. Then, they start the emotional abuse — manipulating you, being controlling, sabotage, calling you names, calling you crazy.”
How to get help
First, assess your risk level. If you fear for your safety call the National Domestic Violence Hotline at 800-799-7233 or TTY 800-787-3224 or contact a local hotline immediately. They can connect you with resources and help you get out of the relationship safely.
If you’re not concerned for your safety, start building an exit plan.
“The first step is to be aware. The second is to start doing some protection,” says Shannon Thomas, author of “Exposing Financial Abuse.” At this stage, it’s important to not tell your abuser you’re going to leave. “I’ve talked to folks that confronted the abuser, and the next day all the money was out of the account.”
Instead, get educated. Find out where your joint accounts are and how to get access to them. Bank staff can be helpful, Thomas says. It’s difficult, but important, to be honest about what you suspect is going on. Remember, it’s something they’ve likely heard before.
If you suspect a loved one is experiencing financial abuse, express your concern without berating their partner. Point out patterns that you see and ask for their assessment.
“They may get defensive. They may push back,” Thomas says. “But if someone gently asks and says ‘I’m seeing this and I’m concerned,’ it opens the door.”
This article was written by NerdWallet and was originally published by The Associated Press.
How to Shop Black Friday Deals Online
Black Friday, which falls on Nov. 29 this year, has evolved from a frenzied one-day store event to an entire season of savings, with nearly all deals available online. While shopping on the web might seem like a hassle-free choice, your strategy — or lack of one — can still make or break your experience.
Follow these tips for smoother online Black Friday shopping.
Make a list
Smart Black Friday shopping begins with early planning. Create a budget so you’ll know exactly how much you can afford to spend on gifts — and maybe a few treats for yourself. Then, you can get a list going.
Retailers usually release Black Friday ads in advance, often online, in their apps, through the mail or via email. Browse through the ads and pick out products in your price range. When you log onto the web with your list in hand, it’ll be easier to focus on those items and resist other tempting deals.
Set a schedule
Don’t miss your opportunity to seize the best bargains. Find out when the sales start and mark your calendar or set reminders. Some deals kick off well before Black Friday, the day after Thanksgiving. It’s also worth noting that retailers’ online and in-store sale timelines don’t always match. Last year, for example, Kohl’s sale began online at 12:01 a.m. Central time on Monday, Nov. 19, and rolled out in stores at 5 p.m. on Thursday, Nov. 22.
Specific deals within a larger online sale might not go live until a certain time. While Amazon’s 2018 Black Friday Deals Week launched Nov. 16, shoppers had to wait until Nov. 22 to get the Echo Dot speaker at a discount.
Create accounts on retailer websites
Set up online accounts with the retailers you plan to visit. Once sale day arrives, you’ll already have your payment and shipping information on file. This can help you speed through the checkout process and complete the transaction before inventory goes out of stock.
Why risk paying more than you have to? Before you finalize your purchase, pull up a new browser window. Do a quick Google search for the item and check out the deals available from different retailers. Don’t forget to account for any coupons, loyalty points or special offers — such as a bonus gift card with purchase — when determining where to get the best value.
Some retailers provide coupons on top of already low prices as an extra incentive to shop their sales. In the past, Macy’s and Victoria’s Secret have included special promo codes in their Black Friday ads. Try searching coupon websites or using a browser extension to locate additional discounts on eligible items in your order.
Look for free or cheap shipping
Free shipping or low order minimums can help you maximize Black Friday savings, too.
Many retailers change their shipping policies around the holiday season, kicking competition into high gear. In November 2018, Target began offering free two-day shipping — which normally applies to select orders of $35 or more — on hundreds of thousands of items with no minimum purchase required.
But free or inexpensive shipping isn’t a guarantee everywhere. Consider in-store pickups, if offered, which often allow you to bypass delivery fees. Check store policy details carefully as you weigh your options.