The devil of identity theft is in the details: Russ Jones tells a tale of woe that isn’t particularly dramatic — or rare — and yet it’s exactly the kind of story that worries me enough to ignore my better judgment and buy identity-theft protection from my insurance provider.
Jones sent me an e-mail after reading about the theft of a laptop containing personal information — including payroll and bonuses — belonging to an untold number of AT&T employees. AT&T insists there is no reason to believe that the information has been used for nefarious purposes, but Jones is of the opinion that such assurances should be of little comfort to those victimized.
That’s because he’s been there.
Here’s what Jones had to say:
I have a lost laptop horror story for you.
I used to work for Boeing in Wichita. Boeing sold the Wichita division and all of the workers, including me, to another company. We still did the same work, but Boeing was just one customer of several.
Nearly a year after the sale, someone at Boeing lost a laptop that had the names, addresses and Social Security numbers of nearly all of the 12,000 Wichita ex-employees on it. They waited an unknown period of time before telling anyone, then another couple of weeks before they offered to pay for credit reporting subscriptions for us. They offered no compensation for people that had been actual identity-theft victims and they wouldn’t pay for identity-theft insurance.
Almost immediately after the laptop went missing, someone used my (social security number) to apply for credit cards all over the country. The name they used was always close, but not exactly a match to my name/address. They used addresses of those private mail drop places.
Since I’d lived at my house for nearly 20 years at the time, all these bogus addresses made the credit card companies reject the applications, but those rejections showed up on my credit reports and lowered my rating.
The credit bureaus (I had to deal with all three of them separately) couldn’t just remove those rejections; they said that the credit card companies that made the requests had to retract them. The bogus addresses also appeared on my credit report as alternate addresses for me, and I had to convince the credit agencies that I’d never lived in Minneapolis or Boca Raton or wherever.
I spent untold frustrating hours on the phone being transferred from one credit card company customer service representative to the next, listening to crappy on-hold music, often being disconnected, and having to tell my story over and over. It took several months to finally get everything cleared up, and I now have a fraud alert on my credit rating so nobody can request a report without my explicit permission.
That’s really a double-edged sword. I recently tried to open a new bank account and when the bank found out that there was a fraud alert on my account, they assumed that I was a criminal. I eventually went to a different bank, one that didn’t need a credit report to open a checking account. There have also been credit report requests in the last two or three years since the original laptop loss that didn’t originate with anything I’d done. They were rejected, but there’s someone out there that’s still trying.
Like AT&T, Boeing wasn’t particularly apologetic. They insisted that the information “probably hadn’t been compromised,” and they couldn’t explain why someone was running around with the Social Security numbers of a bunch of people that didn’t even work for Boeing.
Security guru Bruce Schneier had an interesting post recently that included the contention that identity theft isn’t necessarily the financial drain or pain in the ass that worrywarts such as yours truly might fear. He wasn’t saying it’s a picnic, just not the catastrophe one might imagine … and it’s not worth paying any significant fee to prevent.
He’s probably right, but as with so much surrounding the purchase of insurance, this isn’t entirely a decision based on logic alone.
Here’s my bottom line: Aside from the really serious worries in life — health, kids, job security — having to go through what Jones went through is way up there on my list of biggest fears. It would drive me absolutely bonkers to have to spend so much time — time I don’t have to spare — undoing the damage to my reputation.
Especially since the exposure to that damage was someone else’s fault.
Have a tale of your own? The address is [email protected].
