[00:00:00] Speaker A: In this episode, we talk about what to do if you're one of the up to 2.9 billion people whose financial data was just compromised. Let's get started.
[00:00:08] Speaker B: Let's get some money from new money new problems. It's the new money new problems. Um, podcast, a show for successful professionals searching for the tools they need to navigate financial opportunities and obstacles they've never seen.
Negotiating compensation, purchasing your first investment property. Helping your family with money. The highs and lows of entrepreneurship. New money brings new problems that require new solutions. Join us as we work through them together.
I'm Brenton Harrison, and this is the new Money New Problems podcast.
[00:00:46] Speaker A: Hello. My name is Brenton Harrison of new Money new problems and your host for the new Money New Problems podcast. Hope you all have had a good week so far. And to end the week, I wanted to touch on a story that's been in the news, and if it spooked you, as it has spooked many people, hopefully give you some tips for things that can give you some m peace of mind. We can't have complete peace of mind because today we're talking about scammers and fraudsters and ways that you could potentially be exposed when it comes to your financial comings and goings. And this is something that's been brought to my attention, um, more over the past couple of weeks. And it actually, over the past weekend came to, uh, the surface because I was traveling over this past weekend, hanging out with some friends from college, and, um, one of those friends who I know keeps an eye on the financial news asked me, brenton, did you freeze your credit because of the recent data breach? And I hadn't frozen my credit. I'll tell you later on this episode why I chose against doing so. But the reason he was asking the question is because if you have been keeping up with the news, you are familiar with the story that I am showing on screen, which we'll link to in the show notes. And the title of this article says, 2.9 billion people may have had Social Security numbers, other financial data compromised what it means for you. And in this article, they share the details of a recent data breach that occurred actually in April of 2024. It says, and I quote, the alleged April 2024 breach occurred when a background check company doing business as national public data, owned by Jericho Pictures, Inc. Failed to properly safeguard information it scraped. The lawsuit states the company provides instant search access to billions of records. So as an example, if you are applying for a new job and you get the job, and they say, hey, can you give us your Social Security number? We're going to do a background check on you. That type of company is the one that just so happened to be breached and exposed up to 2.9 billion people. The reason they specify up to is because there could be people who have multiple records in that system. So if I'm Brinson Harrison and I have five records in that system, and there are a ton of other people who have similar numbers, it's 2.9 billion records. It does not necessarily mean 2.9 billion people, but either way, that's a lot of people. And if you're reading this article and you're saying, oh, not only is my address potentially exposed, my email address potentially exposed, but my Social Security number is potentially exposed. Your Social Security number is the main thing that someone would need if they were going to try to pose as you to open an account, to access accounts that you already have. So, as you can imagine, there are people who found out about this and were appropriately spooked that they could, over the next few months or years, have their data exposed by a hacker or a fraudster. And as we talk about ways that you can protect yourself against things like this, at least as best as possible, uh, I want to share why I typically don't get too up in arms when things like this occur. Maybe I should. I'm just giving you my rationale for why I don't. And they actually mention a part of it in the article later on. It says, and I quote, you're vulnerable forever. Massive data breaches are not new. A 2017 equifax data breach was estimated to have affected half the us population in 2013. A Yahoo data breach may have hit all the company's accounts, or a total of 3 billion people. But still, experts say the news of this latest breach should put consumers on high alert. And they quote another professional who says, it's not a matter of if, it's a matter of when. I'd be surprised if there are many people who haven't been affected by a data breach like this already just because of the sheer number of breaches that have happened that contain similar data, end quote. And that speaks to why I typically don't get to up in arms. Unfortunately, we have built a world where we have to have email addresses, Social Security numbers, all these different types of things that all operate online. And because many of us use the same email addresses, our Social Security number certainly doesn't change. It is highly likely that there has been some type of data breach, even one that hasn't been exposed yet, where much of the information that you use to open and maintain your accounts is already out on the World Wide web or the dark web. So to me, I focus more on the things that I can do to protect myself so that even if someone already has my data, it's hard or if not impossible to open an account because I am operating on the assumption that someone already has my data. So let's get to what some of the recommendations are to protect yourself in these scenarios. Specifically, let's talk about freezing your credit. Going back to the article from CNBC, it says, and I quote, the best tip to protect your personal records is to put a security freeze on your credit reports, which will limit access to your records. It's also the best first step if you think your data has been compromised. Freezing your credit is the single most important thing you can do when you get a data breach notice. So what is freezing your credit? Conceptually, freezing your credit is exactly like it sounds. It is putting a restriction on the ability for anyone, including yourself, to open an account using your credit report. So essentially, if you give someone your Social Security number and they're asking if you want to open up a new line of credit or sign on for a car loan, they need your Social Security number to do so so they can run that credit. If your credit is frozen, then that potential lender will not be able to access the information that they need to determine whether or not you get an account. Going back to the screen, there's an article from Experian that says how to freeze your credit at all three bureaus. While you can do this over the phone, uh, I would highly advise if you're going to do this, to do this online, because that is the option that is available at all three bureaus, put this article link in the show notes that takes you directly to the place that you can do it on Equifax, Transunion, and Experian. And if you do it over the phone, you're going to have to provide certain amounts of information. It's important to note that while putting a freeze on your credit would prevent you or any other person trying to get your information from opening up a loan in your name or opening up a credit card in your name, freezing your credit doesn't mean that no one can see your credit. As a matter of fact, in the article, it says that the type of people or companies that can still access a frozen credit report are, uh, your current creditors. So, for example, if you have a car loan with your local credit union. Freezing your credit would not prevent that current lender from checking your report. You also can have companies who might need to check your credit for things like if you're trying to rent an apartment or you're trying to set up a phone or a utility bill. Essentially, if they're verifying your credit, but it's not something that requires, like a new financial account to be opened, then they can potentially access your credit. There are also certain debt collectors and identity verification companies, unfortunately, like the background check company that was recently exposed. And that's another point. Like, this is not a fail safe. It's something that prevents, again, new accounts from being open. But there are other types of companies and agencies that will still have access to your data even if you freeze your credit. And if you wanna unfreeze your credit, you can do so by simply going back to those same links online and unfreezing your credit. And you do need to remember that should you need to apply for something, you don't have the ability, if they check your credit report and can't access it and deny you, to say, oh, well, I'm sorry, I forgot, run my credit again. You may be able to do so, but it could be listed as a second credit inquiry, which can damage your score if you do those types of things in too short a notice. And if you forget to unfreeze your credit before you apply for something as simple as a credit card, you will likely automatically be rejected when that lender finds out that they can't access your report. Which is, to me, the biggest reason that I haven't frozen my credit. It is the fact that I'm very forgetful. So should I need to apply for something, it's unlikely that I would recall that my credit was frozen and I would just be automatically rejected. It's the fact that, in my opinion, it's highly likely that my information is already out there. And I have other things that I have set up to make sure that as best as I can, I have managed the potential of, uh, someone being able to access my information in a way that actually does, uh, significant damage. So I can't tell you whether to freeze your credit if you would like to do so. That's why I just explained how you can do it, and we'll give you the resources that you need to do so. But after the break, I'll tell you the steps that I go through on a day to day, month to month basis to go through the day without having, having this fear on my shoulder that someone is out there somehow applying for a mortgage in my name without me being aware of it. After the break, we'll go through those steps.
[00:09:12] Speaker C: This is the new Money New Problems podcast, a show for successful professionals searching for the tools they need to navigate financial opportunities and obstacles they've never seen. We'll be right back.
[00:09:30] Speaker B: Are you wondering what new money problems you might be overlooking in your financial life? If so, we've got great news.
We've crafted the new money new problems gap finder to identify potential weaknesses in your finances in areas ranging from budgeting, investments, insurance, and even the threat your extended family's finances could pose to your household.
Please head to newmoneynewproblems.com gapfinder to complete it today. Again, that's newmoneynewproblems.com gapfinder to take the assessment.
[00:10:09] Speaker C: You're m listening to the new Money New Problems podcast. Subscribe
[email protected]. welcome back.
[00:10:20] Speaker A: All right, let's go through some steps that you can take to give yourself a little more peace of mind about your vulnerability to financial hacks. The first recommendation is to find a way that works for you to have a different password for every website that you use. And I know that sounds annoying, and many of us have gotten accustomed to just using the same password for every website, but that is actually the thing, password repetition, that is often the biggest risk to someone accessing your data. And you do need to understand that there's limitations to this as well. But if you have a login for Google or Chrome or safari or edge, it's likely when you sign up for a new account, you'll see like a suggested password, it'll be some random combination of letters and numbers and characters, and you can either set your own password or you can use their suggested strong password. And if you use their suggested strong password, it stores it in your locker or password storage system so that when you are logged into that account and you go to that website, it auto populates the password. And as I said, there are limitations to this as well. I won't say the company because I don't want anybody listening to this trying to figure out where to access it. But even for non client data related passwords that we have at new money, new problems, we were using a password manager where we logged all the passwords on this one system and come to find out a few months later that that website was hacked and the data breached. Now, thankfully, it's just random sites that we log into, but that's why we don't use that type of system when it comes to any information that could have client data that would potentially be exposed. So to protect against the fact that even the password storage systems can be hacked, one of the things that my wife and I do is we use a formula that only we know whenever we're setting up a username and password at a new website. And with that formula, whether I'm logging in or she needs to log in with my password, she can use that process for generating what she knows I would use for the username and also the password. So while it's not a completely differentiated list of numbers, letters, and symbols, it is different enough that someone who has the password for one site would not be able to just easily copy and paste it into another site and access that data as well. But by having that formula, it also means that we don't have to store it in a password management system. So if you're fine doing password management systems with a different password for each website, that is at least better than using the same password. But if you want to go a step further, then either you or you and your spouse can come up with your own own formula so that with each website, you don't have the same password, but the other person who may need to access it would know how to put that password together in a pinch. The next way I protect myself is I use my credit card for all major purchases, all online purchases, and definitely for all purchases when I'm traveling. We talked about this when it comes to the protection of a credit card as compared to a debit card. And the fact of the matter is, if you were going to have your data exposed in your accounts, hacked at a bank, and someone accessed your money, you have to file a report, but you have to wait until that report is completed to potentially have your funds returned to you. Conversely, federal law limits you in the event that your credit card is hacked, to you being responsible to the lesser of dollar, uh, 50 or whatever was purchased. So there are some companies who have zero dollar limits in terms of if you're hacked, you don't have to pay anything at all. But even in the most extreme scenarios where someone might access your credit card and charge $10,000, it's a fraudulent charge, you are, uh, legally limited to the lesser, in this case of $10,000 that was actually charged, or $50. So with that protection, it gives me a little peace of mind that if someone were to get a hold of my information, as opposed to me having to file a report and hope that I get my money back in a short order. If I use my credit card for that purchase, I would be limited at maximum to dollar 50.
Next is whenever possible, opt for paperless billing. Yes, it is true that someone can access your email account, and if they get into that email account, they can see your paperless bills. But one of the things you'll find when you look up common ways that your identity can be exposed is dumpster diving. It is people who are getting bills with account numbers and accounts owed that are coming through the paper mail. And instead of shredding that information, they are just throwing away the whole envelope. And through that trash, people can access information that they need to set up another account. So whenever possible, opt for paperless billing. And if not possible, make sure that you shred any mail that has identifying information on it instead of just placing the entire envelope in the trash. Next up, public wi Fi. If I am at a coffee shop, if I am in the airport, if I am at random place xyz that has their own, uh, Wi Fi, I never log on to an account that has my personal data when I am on that public Wi Fi network. Or if I have my work laptop, I have a virtual private network where I can make sure that when I'm on that public Wi Fi, I'm doing so in a way that's not exposing my personal information. If you don't have a virtual private network, then I would not be at your local Starbucks signing onto any account like a bank account or even an email account that has personal information involved, because that is an easy target for people who know how to manipulate those networks and access your information. These days, it is highly likely that in your cell phone plan, you might have a mobile hotspot where you can use your phone as a mobile hotspot, essentially making it the wifi that you can sign on to using your laptop. So if you're in a public place and you need to log into like a bank account or something like that, I would see if you have that mobile hotspot and log in using your phone's Internet connection as opposed to using public Wifi. Next, consider an identity theft protection website. I won't tell you which one I use cause I don't want you to consider that a recommendation. But there are plenty of sites out there where if you pay, there'll be some level of protection against fraud if someone happens to access the information. If you're looking on screen, there's an article that says, best identity theft protection services of August 2024. There's aura, there's identity guard, there's lifelock, which a lot of people are familiar with. So we'll put this article in the show notes, and you can go through, uh, some of the different features, but this is the type of service that I use, and another part of them protecting you in the event that your identity is stolen is they also alerted you with the majority of these services when anyone tries to access your credit. So they will alert you when there's data breaches. They will alert you when someone pulls your credit, and you can just verify whether that's something that you authorized or didn't authorize. And in most instances, services like a credit karma or an Experian will do so as well. So if you have a credit karma or an Experian website, they will tell you if someone has, um, made a claim or opened an account. So the combination of all these different websites puts me in a position where it is highly unlikely that someone will be able to check my credit without me knowing about it. As a matter of fact, when someone checks my credit, I typically get alerted from two or three different companies that there's been an inquiry. And that's a part of giving me that confidence that it will be hard for someone to open an account without me being aware of it in short notice. And this last thing, and this is where I share some information, uh, or a story that happened to me last week to let you know that even in spite of all these things, a person like myself is just as susceptible in some cases as you are. So last week, I almost got scammed. I got a call last week before I went out of town from someone purporting to be from the Davidson County Sheriff's Department, who was calling me to let me know that there had been a civil violation that had been filed and a bench warrant issued because of my failure to appear for a grand jury summons. And to me, that was really confusing. But part of the reason why they at least kept me on the phone was because we live on a house that is a subdivided lot. So at one point in time, the two houses next to each other shared one address. And as a result, my neighbor often gets my mail, and we often get their mail and just walk it across the street. So it's highly possible that a summons could have been sent to my home, and I just happened to miss it. So they're giving me this violation number for this civil violation. They're telling me everything that I need to do. They already had my address. I never volunteered my address, but they asked me to confirm my address. I confirmed it, and then they told me that they needed to transfer me to their lieutenant to talk to me about this thing. I told them, hey, I'm not even in town. I'm headed out of town. It just didn't sound right. So even though I was already on the call longer than I would have liked to admit, I asked them for the number that I could use to call back. I said, hey, I'm not really comfortable with some of these questions that you're asking. I would like for you to just give me your number, I'll hang up, I'll call back, and I'll just give the information you gave me and I'll talk to them then. And they said, no, no, no. If you hang up right now, then we're not going to be able to blah, blah, blah. And I just hung up the phone because they appealed to something that was a concern of mine, which is I sometimes miss my mail. That's something that they would be able to look at the same way they would be able to look at someone who might have been hacked before and get them on the phone and be worried about the information that they're giving them. Because I was worried about the fact that I often miss my mail. They were able to get me to confirm my address. And if I had stayed on the line, I might have eventually been tricked into volunteering the last piece of information that they needed to open an account in my name. So here's what I would say. In most instances, it is extremely rare that you would have any government agency, the IR's, your local government office, call you and initiate contact over the phone to get your information. So that's something to keep in mind that I didn't keep in mind. Something I was able to remember is that you never volunteered new information over the phone. I shouldn't have confirmed my address, but if they had asked me for any information, what is my phone number? What is XYZ? Never volunteer information on the phone from someone who called you first. If you are concerned that it might be a scam, ask them to leave a number that you can use to call back. Google the number to make sure that it's connected to that business, and call the number back and you initiate the contact on your end. So those are the ways that I protect myself from fraud. Maybe you'll use some combination of these things and choose to freeze your credit. Whatever works for you. I hope that this gives you some peace of mind. Not all of the peace of mind so that you can go about your day with a little less stress. I'll see you next week.
[00:21:02] Speaker B: From new money, new problems. This was the new money, new Problems podcast, a show for success professionals searching for the tools they need to navigate financial opportunities and obstacles they've never seen.
