Russian national Dmitry Yuryevich Khoroshev is behind the LockBitSupp persona, law enforcement revealed

Read More

CISOs share their experience of managing real-life cyber incidents provide their recommendations to survive cyber-attacks

Read More

CIS relies on a global community of IT security professionals to ensure that the CIS Benchmarks provide independent, vendor-agnostic security guidance. These volunteers provide their expertise for the benefit of all those who seek to use the internet to interact with the world safely and securely online. Bruce F. Bading, President, BFB Consulting, Inc., has […]

Read More

Mitek surveyed 1500 financial services risk and innovation professionals in UK, US and Spain

Read More

In the hands of a thief, your Social Security Number is the master key to your identity. 

With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away. 

Part of what makes an SSN so powerful in identity theft is that there’s only one like it. Unlike a compromised credit card, you can’t hop on the phone and get a replacement. No question, the theft of your SSN has serious implications. If you suspect it, report it. So, let’s take a look at how it can happen and how you can report identity theft to Social Security if it does. 

Can I change my Social Security number? 

Yes. Sort of. The Social Security Administration can assign a new SSN in a limited number of cases. However, per the SSA, “When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.”  

In other words, your SSN is effectively for forever, which means if it’s stolen, you’re still faced with clearing up any of the malicious activity associated with the theft potentially for quite some time. That’s yet another reason why the protection of your SSN deserves particular attention. 

How does Social Security identity theft happen? 

There are several ways an SSN can end up with a thief. Some involve physical theft, and others can take the digital route. To what extent are SSNs at risk? Notably, there was the Equifax breach of 2017, which exposed some 147 million SSNs. Yet just because an SSN has been potentially exposed does not mean that an identity crime has been committed with it.  

So, let’s start with the basics: how do SSNs get stolen or exposed? 

A lost or misplaced wallet is one way, where you actually lose your SSN card or someone steals it. This is one reason to avoid carrying it on your person unless absolutely necessary. Otherwise, keep it stored in a safe and secure location until you need it, like when starting a new job.  
Old-fashioned dumpster diving is another, where someone will rummage through your trash, the trash of a business, or even a public dump in search of personal information, which is why it’s important to shred any documents that have personal information listed. 
People can simply overhear you provide your number when you’re on a call or over the course of an in-person conversation. In our digital age, we may not think of eavesdropping as much of a threat, but it still very much is. That’s why we strongly recommend providing such info in a secure, private location out of earshot. 
SSNs can get stolen from a place of work, where thieves end up with unsecured documents or information. The same could go for your home, which is another reason to secure your physical SSN cards and any information – physical or digital – that contains them. 
Phishing attacks can also lead to SSN theft, whether that’s through an attack aimed at you or at a business that has access to your personal information like SSNs.  
Data leaks, like the Equifax leak mentioned above, are another way. Yet while the Equifax breach involved millions of records, smaller breaches can expose SSNs just as readily, like the breaches that have plagued many healthcare providers and hospitals over the past year.  

That’s quite the list. Broadly speaking, the examples above give good reasons for keeping your SSN as private and secure as possible. With that, it’s helpful to know that there are only a handful of situations where your SSN is required for legitimate purposes, which can help you make decisions about how and when to give it out. The list of required cases is relatively short, such as: 

When applying for credit or a loan. 
Applying for or changing group health care coverage with an insurance provider. 
Transactions that require IRS notification, like working with investment firms, real estate purchases, auto purchases, etc. 
Registering with a business as a full-time or contract employee (for tax reporting purposes). 

You’ll notice that places like doctor’s offices and other businesses are not listed here, though they’ll often request an SSN for identification purposes. While there’s no law preventing them from asking you for that information, they may refuse to work with you if you do not provide that info. In such cases, ask what the SSN would be used for and if there is another form of identification that they can use instead. In all, your SSN is uniquely yours, so be extremely cautious in order to minimize its potential exposure to theft. 

How to report identity theft to Social Security in three steps 

Let’s say you spot something unusual on your credit report or get a notification that someone has filed a tax return on your behalf without your knowledge. These are possible signs that your identity, if not your SSN, is in jeopardy, which means it’s time to act right away using the steps below: 

1. Report the theft to local and federal authorities. 

File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site really is an excellent resource. 

2. Contact the businesses involved. 

Get in touch with the fraud department at each of the businesses where you suspect theft has taken place, let them know of your situation, and follow the steps they provide. With your police and FTC reports, you will already have a couple of vital pieces of information that can help you clear your name.  

3. Reach the Social Security Administration and the IRS.

 Check your Social Security account to see if someone has gotten a job and used your SSN for employment purposes. Reviewing earnings associated with your SSN can uncover fraudulent use. You can also contact the Social Security Fraud Hotline at (800) 269-0271 or reach out to your local SSA office for further, ongoing assistance. Likewise, contact the Internal Revenue Service at (800) 908-4490 to report the theft and help prevent someone from submitting a tax return in your name. 

What do I do next? Ongoing steps to take. 

As we’ve talked about in some of my other blog posts, identity theft can be a long-term problem where follow-up instances of theft can crop up over time. However, there are a few steps you can take to minimize the damage and ensure it doesn’t happen again. I cover several of those steps in detail in this blog here, yet let’s take a look at a few of the top items as they relate to SSN theft: 

Consider placing a fraud alert. 

By placing a fraud alert, you can make it harder for thieves to open accounts in your name. Place it with one of the three major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. During the year-long fraud alert period, it will require businesses to verify your identity before issuing new credit in your name. 

Look into an all-out credit freeze. 

A full credit freeze is in place until you lift it and will prohibit creditors from pulling your credit report altogether. This can help stop thieves dead in their tracks since approving credit requires pulling a report. However, this applies to legitimate inquiries, including any that you make, like opening a new loan or signing up for a credit card. If that’s the case, you’ll need to take extra steps as directed by the particular institution or lender. Unlike the fraud alert, you’ll need to notify each of the three major credit bureaus (Experian, TransUnion, Equifax) when you want the freeze lifted. 

Monitor your credit reports. 

Once a week you can access a free credit report from Experian, TransUnion, and Equifax. Doing so will allow you to spot any future discrepancies and offer you options for correcting them. 

Sign up for an identity protection service. 

Using a service to help protect your identity can monitor several types of personally identifiable information and alert you of potentially unauthorized use. Our own Identity Protection Service will do all this and more, like offering guided help to neutralize threats and prevent theft from happening again. You can set it up on your computers and smartphone to stay in the know, address issues immediately, and keep your identity secured.  

Your most unique identifier calls for extra care and protection 

Of all the forms of identity theft, the theft of a Social Security Number is certainly one of the most potentially painful because it can unlock so many vital aspects of your life. It’s uniquely you, even more than your name alone – at least in the eyes of creditors, banks, insurance companies, criminal records, etc. Your SSN calls for extra protection, and if you have any concerns that it may have been lost or stolen, don’t hesitate to spring into action. 

The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.

Read More

Randy Marchany has been a CIS Controls Community member since the beginning. Hear what he’s learned in his 24 years of volunteering with CIS.

Read More

New data helps business leaders understand how and why to prioritize resilience.

In the ever-evolving landscape of digital innovation, businesses find themselves at the intersection of progress and peril. The data reveals that the tradeoffs are not just dramatic, but they also put the organization at significant risk.

One of the primary obstacles is the disconnect between senior executives and cybersecurity priorities. While cyber resilience is recognized as a critical imperative, many organizations struggle to garner the necessary support and resources from top leadership. This lack of engagement not only impedes progress but also leaves businesses vulnerable to potential breaches.

Meanwhile, technology advances at a breakneck pace, as do the risks posed by cyber threats. The 2024 LevelBlue FuturesTM Report reveals this delicate balancing act between innovation and security. We looked at the whole business issues involved in both cyber and cybersecurity resilience and discovered executive leadership and technical leadership have opportunities for much deeper alignment.

Get your complimentary copy of the report. 

The elusive quest for cyber resilience.

Imagine a world where businesses are impervious to cyber threats—a world where every aspect of an organization is safeguarded against potential disruptions. This is the lofty ideal of cyber resilience, yet for many businesses, it remains an elusive goal. The rapid evolution of computing has transformed the IT landscape, blurring the lines between proprietary and open-source software, legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.

According to our research, a staggering 85% of IT leaders acknowledge that computing innovation comes at the cost of increased risk. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From massive ransomware attacks to debilitating DDoS incidents, businesses operate in a climate where a single cyber breach can have catastrophic consequences.

Exploring the relationship between executive leadership and cyber resilience.

Our survey of 1,050 C-suite and senior executives included 18 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). In the coming months, we will release a vertical report for each market. This landmark report was designed to help organizations start talking more thoughtfully about vulnerabilities and opportunities for improvement.

In the report, you’ll:

Discover why business leaders and tech leaders alike need to prioritize cyber resilience.
Learn about the critical barriers to cyber resilience.
Find out about the challenges impacting cybersecurity resilience.

Uncover the importance of business context and operational issues associated with prioritizing resilience.

Recognizing the imperative of cyber resilience, business leaders are called upon to chart a course toward greater security and preparedness. It’s no longer enough to react to cyber threats as they arise; organizations must proactively fortify their defenses and cultivate a culture of resilience from within.

Our research delves into the multifaceted challenges facing organizations in their quest for cyber resilience. From the lack of visibility into IT estates to the complexity of regulatory compliance, businesses grapple with deep-seated barriers that hinder their ability to withstand cyber threats. Get your complimentary copy of the report. 

Read More

Russian national Alexander Vinnik has pleaded guilty to his role in a multibillion-dollar money laundering conspiracy

Read More