Defensive measures against Identity Thieves

No doubt you have already heard by now that the nation's second largest health insurance provider, Anthem has been breached. For victims, Anthem is providing credit monitoring and identity protection services. But is that enough? In short no.

Summary of the Personally Identifiable Information (PII) Lost

• Names
• Birthdays
• Medical ID
• Social Security Numbers (Worth $$$)
• Street Addresses
• Email Addresses
• Employment Information
• Income Data

The information lost in this breach is concerning. This is significantly more harmful and valuable to an attacker than a breach involving credit card numbers. Credit cards numbers can be easily revoked and changed by the issuer. Social Security numbers cannot be easily changed and for the most part will stay with you for the rest of your life.

As a victim what can you do? Krebs on Security has a great writeup about credit monitoring services regarding their benefits and limitations. (1) It short if free credit monitoring is offered it doesn't hurt. As an analogy credit monitoring is similar to a burglary alarm. Once an alarm is tripped the premises has already been breached and the burglar is in. Similarly credit monitoring will not prevent identity theft but will help with detecting unauthorized attempt.

I highly recommend everyone to place a credit freeze with all three credit bureaus. A credit freeze prevents your credit file from being opened while it is in place. While a credit freeze will not prevent criminals from stealing your identity it does make it significantly harder to open a line of credit. For additional, FTC has a good faq webpage. (2)

Graphic summary - adapted from Bejtlich's Enterprise Security Lifecycle
(3)

References
1. http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/
2. http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
3. The practice of network security monitoring: understanding incident detection and response, By: Bejtlich, Richard.