What should we do?
Posted by Paul Cox on February 13th, 2009
One of the more frustrating things in all of this financial security mess is that the FAA is doing a crappy job of informing people about what they should be doing to protect themselves.
Of course, they’re doing a crappy job of even informing people about the breach in the first place; most of the people I work with at ZSE still haven’t been officially notified about the problem by their employer. (NATCA, on the other hand, has done an excellent job of letting people know.) The FAA seems to think that them telling the various unions “hey, we had a security breach” is good enough; they don’t feel the responsibility or need to inform every employee personally. (Maybe they don’t know that not everyone is in the union.)
So in the interest of informing our readers, here’s a few suggestions about what’s affected and what you should do.
Part of the problem is we’re operating in the dark here. The FAA claims on its Q&A site:
The breach has been investigated, and there is no evidence of compromise of any other systems, including Employee Express, Thrift Savings Plan, time and attendance, retirement contributions, or bank routing information.
That said, I have personally heard of people’s banks and/or credit unions telling them that they need to change their account numbers because of potential problems with bank routing information being in the hands of the bad guys. Since we don’t know for sure either way, here are two things I believe everyone MUST do, and a few other options.
First… you should put a fraud alert onto your files at the credit reporting bureaus. There are three big companies that do this. When you apply for consumer credit- a mortgage, a car loan, a credit card at the local department store, etc- the company issuing the credit contacts the credit reporting bureau and gets your credit report.
When you put a fraud alert onto your file, you can also add your phone number. This means that before taking action, the company issuing credit will call you to be sure it’s really you. Experian explains a fraud alert…
A fraud alert is a statement on your credit report that says you may be a victim of identity theft and asks lenders to verify your identity before granting credit in your name. You can request a free copy of your credit report when you add the alert.
The Initial Security Alert remains for 90 days and is shared with the other national credit reporting companies. That gives you time to check your credit report and make sure there is no sign of credit fraud. If there is not, you can simply let the alert expire.
If you do find evidence of fraud, you can add a Fraud Victim Statement, which says you are a victim of identity theft and asks lenders to contact you before granting credit in your name. To add a victim statement you must first file a police report, which I’m assuming you did when you discovered your card was used.
A fraud victim statement remains seven years and is also shared with the other national credit reporting companies.
The intent of fraud alerts is to help individuals who are at increased risk of fraud, or those who have verified that they are victims, recover from the crime. Federal law now requires that business respond in a reasonable manner to the alerts, making them very effective for that purpose.
You can do the fraud alerts online or via the telephone. You only need to do it with a single credit reporting company, and they share that info with the other two, so you are covered with all three. As you can see from Experian’s explanation, the alert only lasts 90 days; at that point you’d have to either repeat it or, if you’ve been an actual victim of fraud, you can get a more comprehensive alert placed for several years.
There is a downside to doing this. If you do a fraud alert, for that 90 day period getting credit is going to be a bit more of a hassle. You can still do it- get mortgages, refinance, buy a car with credit, whatever- but it’s going to take longer and you’ll need to preplan a bit.
That said, I think it’s easy and simple and a good idea anyway. (The reason the actions required in a fraud alert aren’t permanent is because the credit granting companies don’t want it permanent; it takes longer, costs more money, and means that snagging people on a spur-of-the-moment type of purchase is a lot harder.)
It takes just a couple of minutes. You can do it at the following places:
Experian: www.experian.com/consumer/cac/InvalidateSession.do?code=SECURITYALERT 1 888 397 3742
Equifax: www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp 1-888-766-0008
Trans Union: annualcreditreport.transunion.com/fa/securityFreeze/landing 1-888-909-8872
The next thing you should probably do is very similar to the credit reporting fraud alert. You should put a fraud alert onto your banking information files.
There is a company called Chex Systems that provides pretty much the same type of service as the credit reporting companies, only instead of doing information about consumer credit to credit companies, Chex Systems provides information about your use of checkings and savings accounts to banks.
(Say, for example, you have an account at ABC Bank and you bounce a bunch of checks. ABC closes your account, so you go to XYZ Bank and try to open a checking account. Both ABC and XYZ use Chex Systems, so when XYZ asks Chex for your information, they get the report from ABC Bank that you bounced a bunch of checks. XYZ then says “no, deadbeat, go away- we don’t want your kind of business.”)
You can place a fraud alert with Chex Systems just like with the credit bureaus.
Chex Systems: www.consumerdebit.com/consumerinfo/us/en/chexsystems/theftaffidavit/index.htm 800-428-9623
(If you’re curious about general info on Chex Systems, which is very widely used by nearly all banks but is not nearly as well-known as the credit reporting bureaus, hit this web page: www.consumerdebit.com/consumerinfo/us/en/chexsystems/index.htm
So those are the first main things you should do. I believe you should do them on the FAA’s time, not your own, but it’s important that you get it done. This *should* significantly slow or stop any bad guys from going out and obtaining credit or opening a bank account using your name and social security number.
What else should you do? Some people have gone ahead and signed up with the credit/identity protection service “LifeLock“. They accomplish this by doing a number of things.
The thing about LifeLock is that almost all of these services, except for the last two they claim to provide, are things you can do for yourself for FREE. The credit bureaus have to give you a free report, once a year, if you ask for it. You can sign up for the fraud alerts on your own, for free, every 90 days. You can opt out of the prescreened offers on your own (right at this web site- https://www.optoutprescreen.com/ or toll-free at 1-888-567-8688), too.
But LifeLock does make it easier by handling all this stuff for you, so it’s an option. However, people should know that one of the founders of LifeLock was HIMSELF jailed for not paying a casino loan (a story that he claims was based in fraud- he claims he wasn’t the person who took out the marker, even though the casino got a photocopy of his driver’s license at the time) and that he’s got a court order against him that prohibits him from working in the credit-repair industry.
Oh, and the Phoenix New Times reported that he took out a credit card in his father’s name and racked up over $150K in debt. And he’s filed for bankruptcy multiple times, at least once for his personal debts and once for business debts.
In other words… buyer beware.
There are some other things you can do to protect yourself. Many banks will put on a requirement that any changes to your account, or big withdrawals, must be accomplished in person at a bank branch. This helps cut way down on the odds that someone armed with your name, SSN, and address can scam their way into your account.
And getting that free annual credit report, or subscribing to one of the credit monitoring services, can definitely help you notice when a problem is starting and you can get after it early. This means before the bad guys create a LOT of work for you, you can beat them to the punch.
Anyone have other tips?
February 14th, 2009 at 2:15 am
Thanks BEB, you’ve done far more than our esteemed employer has. I sure hope whoever is at fault is held responsible, but somehow I doubt it.
February 14th, 2009 at 7:09 am
Note:
Govtrip has been shut down- security problem.
Here is the broadcast message:
From: 9-NATL-Broadcast
To:
cc: bcc:
Date: Friday, February 13, 2009 7:20
Subject: GovTrip
Do NOT reply to this message.
This mailbox is only used for relaying Broadcast Messages and cannot accept incoming messages.
–
The GovTrip system has been shut down due to security reasons. Travelers who need assistance with reservations or have travel questions during this outage should contact the GovTrip helpdesk at 405-954-7900.
Travelers making reservations will need to have a Travel Authorization Number as well as their government travel card available when calling the helpdesk.
Questions on how to obtain a travel authorization number should be directed to your Operating Administration travel manager.
——————
(AND THIS)
——————
9-AWA-Broadcast/AWA/FAA
02/13/2009 12:38 AM
To
cc
Subject Status of GovTrip access
Do NOT reply to this message
This mailbox is only used for relaying Broadcast Messages and cannot accept incoming messages.
To All,
The Cyber Security Management Center (CSMC) has reported that certain users have been redirected away from the GovTrip site to a site that is delivering malicious software to users, resulting in the compromise of certain computers within the DOT.
Therefore the GovTrip site has been temporarily blocked until the matter can be resolved.
We will keep you apprised of the status of GovTrip access. Travelers needing to book reservations during this outage will need to call their assigned TMC (i.e. American Express). The TMC will require an internally assigned TA number and government credit card information.
Travelers needing to book reservations using the CBA need to call the GovTrip Etravel Helpdesk for assistance. If you have questions please contact the GovTrip help desk at 405-954-7900.
—————————————
(Doesn’t it make you feel good that now employees can’t travel, because their management imposed travel system has been compromised, AND Management has failed to secure their personal information, social security numbers, etc because someone in HR was beta testing some crap (I bet is was a contractor, no?)
Hey, what was that mental health treament 1-800 number, anyway? It might come in handy….
February 14th, 2009 at 9:02 am
Sometimes it is frustrating working for the worst employer in the history of the world.
February 14th, 2009 at 9:32 am
Correction, Jasmine: ALL the times…
February 14th, 2009 at 11:13 am
Changing your log in on employee express is easy, too. Some have suggested getting your ssn off there is a good idea.
February 14th, 2009 at 2:01 pm
See the new advance-copy of the publicity still of FAA COO Hank Krakowski starring in “Henry, The Lying Two-Faced Kill-basa”, soon to be another made-for-TV movie in which Hank plays “Himself”, just like his unbelievable “acting” performance in “Grounded on 9/11”(2005).
http://ejectsturgell.blogspot.com/2009/02/kicking-kielbasa-upstairs-then-out.html
February 14th, 2009 at 5:37 pm
The FAA’s handling of this situation ranks about as high as their rank in places to work. By their own press releases, I am one of those affected and yet I still have not heard one thing from the FAA. I guess one the problems is that I am now retired but there still is no excuse for not imforming all of those whose ids were stolen by their incompetence. I have my union to thank for the latest updates. The FAA’s Q&A that they set up does not help answer the questions that we have. Then they advertise an 800 number for “personal attention” and that number is for their Mental Health services. What a joke! They screw up and when we have questions they want to send us to a shrink. My information is now in the hands of someone overseas and they only offer 1 year of protection. Do you not think that the same people responsible for this breach can’t also read the FAA’s response to this and now wait beyond one year to make their move. The FAA was in the wrong for this. They ignored many groups about the security of information. They used real information on a test and they only want to protect me for 1 year……how about protecting me for the rest of my life. I spent a lifetime of protecting my information and thanks to them it is now compromised. Whoever in HQ who set this up should be using that service and not the employees. We are angry, because we want answers and actions and the FAA is not forthcoming in either area.
February 15th, 2009 at 2:58 am
Here is a good video on flying in icing conditions- Tailplane icing in turboprops is a problem known for more than a decade. Roselawn (ATR-72), and then the Detroit icing accident in 1996 led to studies about icing in turboprops, supercooled droplet icing, and tailplane icing problems.
The video: http://video.google.com/videoplay?docid=
2238323060735779946
Enjoy – we knew long ago about the icing problems.
February 15th, 2009 at 8:08 am
Each person affected can freeze their credit. While it is at times inconvenient (you have to individually contact the three agencies to unfreeze for a specific time period when you need to), it does at least provide a means to actually do something. The credit watches are, in my opinion worthless. Many retailers ignore the watch…they only want a new customer. With the freeze, if someone accesses your info, you have no credit available. Most credit card companies won’t issue a card if they can’t find any credit. I even received a letter from one telling me that someone tried to access my credit. There is info at this link
http://www.consumersunion.org/campaigns/learn_more/003484indiv.html
February 15th, 2009 at 8:28 am
LifeLock is only $99 a year and they will take care of all this crap for you. It is sad, but trusting the FAA to do the right thing in a situation like this is a really BAD idea. Use promotion code “9″ to get the discount from $120 a year to $99 with a free month.
And no, I don’t work for them.
February 15th, 2009 at 8:33 am
I had LifeLock for a year,and it just wasn’t worth the money to me. As you wrote,most of the services provided can be done for free. I put a simple credit freeze on my credit reports and I’m done with it.It stays active until you take it off,and makes it extremely difficult to open credit.
February 15th, 2009 at 7:10 pm
some more about the roselawn accident- and icing:
http://findarticles.com/p/articles/mi_m0UBT/is_37_25/ai_92228070
February 15th, 2009 at 8:08 pm
Waaaaaaaaaaaaa. Booooooo Hoooooooooo. STFU already. You fackers are the worst cry babies ever. Yer feet stink and smell like yer wifes bloomers.
February 16th, 2009 at 12:29 pm
Who is this Max Brill jackass and why does he not understand that identity theft is a BAD THING?
February 17th, 2009 at 2:03 am
Oh Max Brill understands. And my wife’s bloomers smell wonderful.
March 17th, 2010 at 8:26 am
I think i love this article, i think its educational to our readers. so many things to get and i hope you continually write very good stuff on this website. thanks