Mass-Produced Identity Theft

Hey. What’s a little identity theft when you can do it big-time? Why be a piker about it?

My beloved part-time, parsimonious employer, the Maricopa County Community College District, sent out a notice to a large number of its 8,000 employees and 2.4 million students to the effect that thanks to a couple of underpaid and under-competent IT workers in HR, a potentially vast amount of personal financial data has been breached. After dark on Friday evening, when of course it was too late for me to start calling financial institutions, I received a form letter from Chancellor Rufus Glasper reporting that “we determined that your…name, address, phone number, e-mail address, Social Security number, date of birth, financial and bank account information, certain demographical [sic] information, information related to your employment, education and training…may have been accessed.”

They’ve been emphasizing that this is a maybe situation.

But how did they find out about this? From the FBI, that’s how: last April, the feds found a website selling information kiped from the District’s HR records.

Did you catch that? Last April was seven months ago. They’ve known about a major data breach for seven months and are only just getting around to sharing this little tidbit of information.

So the only “maybe” about this is that “maybe” some of us will be able to protect ourselves by shutting down every bank and credit card account in our names and slapping iron bars around our credit bureau accounts.

They’ve hired some outfit called Kroll Advisory Solutions to do “continuous credit monitoring and enhanced identity theft consultation and restoration.” This company’s web page is inaccessible — apparently their servers have crashed, no doubt under the onslaught of tens of thousands of MCCD employees and students trying to get on. But when you call the phone number the District provided, the people you reach haven’t a clue. All they can tell you is that there “MAY” have been a breach. When asked exactly what their company does, they don’t have an answer. So that multimillion-dollar contract appears to be window dressing.

Holy cr@p.

Started making phone calls about 8:00 this morning and was on the phone — or on hold, or stumbling through interminable punch-a-button mazes — most of the day.

Fortunately, thanks to the PF blogging, I happened to have a number that would reach a human at Experian. It proved impossible to get past the robots at TransUnion and Equifax, but on the advice of Experian’s fraud expert, I managed to set up “security freezes” at all three credit bureaus.

A security freeze, as it was explained by to me, means that no credit reports can go out, no new credit cards can be opened, no nothin’ can happen without your going into the site, entering a PIN, and lifting the freeze, temporarily or permanently. This state of affairs can be left in place forever and aye, if you so please. Two of the credit bureaus gave me PINs over the phone, but one is sending it by snail-mail.

All Arizona college faculty and students are eligible to join my beloved credit union. Evidently every one of them was doing the same thing I was doing: frantically calling customer service. So, getting through by phone to a person there took over six hours. When I finally reached a CSR, she said they’re advising people to close their accounts and open new ones. That is going to create a monster hassle, since my bookkeeping includes a busy tangle of automatic deposits and payments. Including, of course, paycheck deposits from the college district.

I’ll be damned  if I want said district to have yet another bank account number for me. So tomorrow when I’m on the campus, I’m going over to HR and asking them to send my paychecks by snail-mail, thank you very much.

Off and on for the past couple of years, I’ve been thinking it would be good to move my money out of that credit union over to a different teachers’ credit union, which has a branch much nearer to my house. Right now every time I have to go up to my CU in person, it costs $3.00 to $3.60 in gasoline, since that branch is way to hell and gone out at the Great Desert University’s west campus, in a part of town where I have exactly zero other reason to venture. This other outfit’s branch is on my beaten path, making it possible to get banking chores done while I’m doing the grocery shopping.

Lacking all three credit-bureau PINs, though, that may not be possible. I sure don’t want to close the same bank accounts twice. So if I’m to move to a more conveniently located institution, I may have to wait on closing those accounts until after the third PIN shows up in the mail. Which, as usual, will be after dark.

This is infuriating. I don’t know what else to do… There doesn’t seem to be much else to do, other than bob around in the water like a sitting duck waiting for whatever’s coming to hit me upside the head. If ever there was good cause for a class action suit, this sure as hell is it.

If you have any other ideas for self-defense, lemme know.

Be Sociable, Share!
jestjack December 3, 2013 at 3:53 am

Aaaand this is what keeps me up at night. I have a similiar fear at DD2′s college in making tuition payments. A while back I mailed them her payment looong before it was do. Well they notify DD2 she hasn’t paid tuition. Sure enough check hadn’t cleared..they want the money like NOW…want to charge e 3% to use my AmX…ARE YOU KIDDING ME…I drove down there (2 hours) and placed the check in their hand. Then drove the 2 hours home….SUPER …Not so much as an I’m sorry… As it cost $40 for a stop payment and a “hold” was put on DD’s account…was told/assured… if/when the first check surfaced they would return it to me. Well it surfaced….3 months later…and they deposited it…which threw my checking account out of wack…filling my mailbox full of NICE letters and got my head to spinning. It took several phone calls over several days to set this mess straight …. Needless to say that school knows me by name… Never did get to lay my hands on a name who was responsible. Now these same “fine folks” want me to provide banking information so they can “automatically” debit (their word)….or take (my word) money from the account….I DON’T THINK SO…. So now I get to drive down and put the check in their hand OR send it registered mail/return receipt requested. My thought is accepting payment by CC and waving the fee would save a lot of heartache and make paying tuition a snap. IMHO folks just don’t take this identity theft thing serious enough. I can only imagine the lax security at this school concerning folks banking info….

funny December 3, 2013 at 6:25 am

That is infuriating.

First, if you put a stop payment on the check, if I were you I’d want to know WHY the bank cleared it.

Next, if it’s a private school, I would take this story directly to the president. If it’s a public school, I would go to the board of regents. There’s no point in arguing with low-end factotums, because there’s not a thing they can do about it.

I would ask the school’s president or board of regents for an explanation, and then I would suggest that unless they want to hear from my lawyer next, they should accept credit card payments without a gouge.

If you have to pay with checks, definitely send them return-receipt-requested. Or better yet, by FedEx. Maybe you should FedEx your checks to the president of the university herself.

Does your bank not have a bill-pay function? If the school thinks it can “automatically” debit your account, then surely the bank can go the other way around at your request. The manager of my credit union once told me NEVER to let a merchant — especially an insurance company, said he — do a debit from its end. Instead, initiate bill-pay transactions from your end, making it possible to stop them at your pleasure.

jestjack December 3, 2013 at 6:50 am

To be clear…I did not initiate a stop payment because of the assurance by the business office, that should the check surface it would be returned. To say they were incompetent would be kind…but they acted as though it wasn’t a big deal. This is a State school …daughter loves the teachers and the school and appears to be getting a good education. It’s her “Dear Dad” who has a problem with the Yahoos that can’t simply credit an account when a check comes in. The Prez of this “fine institution” lost his job based on his poor performance from the “team” that he brought in and the inability to fill the seats. My REAL problem is with the “fees” which no one can explain to me what they cover. And they are not cheap…ie….Mandatory Full Time Fee…$2619. ….Getting to the bottom of this is a joke….Me: What does this cover and pay for and why does it exist?….College Business Office: It’s hard to explain.. Me: Why?…CBO : Running a college is very complicated… Me: I’ve been in business over 35 years…let’s take a stab at it…CBO: I’ll have someone get back to you….Needless to say it NEVER happened. Thanks for the tip FedX may be the way to go!

funny December 3, 2013 at 7:05 am

Oh, you have no idea how chickenshit college & university administrators can be. Wait…apparently you DO. :-D

All those gouges are just ways of jacking up tuition without having to say, in their promotional material, how high the tuition really is.

Arizona State University has ratcheted up its tuition so high now that Grand Canyon University, a proprietary school with private-school tuition, is now competitive with the state’s zoo-like, faculty-morale-in-the-basement, faceless mob of a public school.

“Mandatory Full Time Fee”….SNORT!!!! That’s a good one! GDU calls it an “athletic fee,” infuriating every student who’s there to get an education instead of to support the football team. The football coach is paid $2.3 million, with a potential bonus of $3.6 million!!! You can be sure some of these gouges go toward that kind of outrage.

Linda December 3, 2013 at 9:27 am

I know how frantic it can make you feel to experience real identity theft. Luckily, I’ve only had income tax identify theft. Apparently, the folks that try to cheat the IRS by using your tax ID aren’t really interested in using that ID for anything else…so far. I’ve had credit watches in action since March and so far, so good. *touch wood*

If the data was stolen last spring, it’s ridiculous that they are only now informing you. I thought there was some sort of standard time frame in which data security breaches needed to be reported. Or maybe that just applies to consumer credit and financial institutions?

Also, I wouldn’t panic about not having the PIN yet and just wait for it to create new accounts. After all, your data MAY have been compromised eight months ago, so waiting a few more days to close the accounts shouldn’t make a lot of difference. Or at least one can hope that’s the case! Ugh!

funny December 3, 2013 at 12:52 pm

Yeah, by light of day I figured there’s no point in racing over to the credit union until all three PINs are in hand.

Somewhere — months ago, I think — I read that when data poachers get information like this, they’ll wait about a year before they use it. On the other hand, the FBI found it online months ago, so presumably it’s out there.

The may have been compromised line the District is using comes under the heading of “cold comfort.” As a practical matter, the only prudent course for us “maybe” victims is to assume our data has been taken. As big a nuisance as that is, it would be foolish to proceed on the assumption that it hasn’t been accessed. Especially since we know at least some of this data has been put up for sale on the Net.

tiredofthemall December 3, 2013 at 4:07 pm

I’m impressed that you actually got something done with all 3 credit bureaus.

Tara @ Streets Ahead Living December 4, 2013 at 12:10 pm

At CUNY schools here in NYC, up until recently, your student ID number was your SSN. Which is totally ILLEGAL. Yet they continued to use SSNs. My SSN still is my ID number for my Perkins loan since all Perkins loans are through the originating college (CUNY Queens College for me).

I had my ID on everything and it makes me paranoid just thinking about it!

The Asian Pear December 6, 2013 at 10:03 pm

oy. Sounds like something that happened in Canada earlier this year. A hard drive was lost that contained personal information of over 583,000 Canadians who borrowed money from government for student loans. So basically they lost info with our Social Insurance Number, our names, addresses, everything. I was LIVID. I had to call all my bank services and whatnot. The most they could do was say “they’d MONITOR my account” for me. Not very comforting. Sorry to hear it happened to you too. Hopefully it wasn’t stolen for malicious purposes and just someone studpidly misplaced/lost a USB stick at home.

funny December 7, 2013 at 6:19 am

Yup. That’s what they’re telling us, too. Big deal: I call that “window dressing.”

I do hope the Canadian fiasco was truly an accidental loss and not theft. How the heck can you LOSE a hard drive??? And why would you have the sensitive data of over half a million people on a USB or hard drive that some idiot can blithely carry around, anyway?

We are surrounded by morons and at their mercy…

Comments on this entry are closed.

{ 2 trackbacks }

Previous post:

Next post: