Employer Service Provider Security Breach

by Paula Leicht

Employer Service Provider Security Breach

What should you do in the event of notification by your employer that a service provider to your company has notified its clients that the service provider’s client files were accessed by unauthorized persons?

There have been a number of recent media articles on this subject and some recommendations on steps an employee should take to avoid being a victim of identity theft. This article will summarize the type of employee information obtained and outline steps to take to minimize the risk that the personal information obtained could be used by unauthorized persons.

First, the type of information obtained could include your name, social security number, direct deposit bank account information, if applicable, date of birth, hire date, wage information, home and cell phone numbers and home address. The type of information obtained depends upon the type of information provided by the employer for the particular service.

Your personal information could be obtained, even if you are no longer working for the employer, if the accounts were not deleted by the service provider for prior employees. If this is the case, you should receive notice of the security breach from your former employer.

The following are recommended steps to take for you to avoid unauthorized use of your personal information:

1. Obtain free credit reports from the three national credit reporting agencies at www.annualcreditreport.com or call toll free (877) 322-8228. Each agency will provide one free report annually. If you obtain one credit report from each of the three agencies at four month intervals, you can review your credit status for an entire year at no cost to you.

2. Immediately notify the banks involving the accounts which were compromised. The prudent approach to take would be to close those accounts.

3. Place a fraud alert on your credit reports by contacting one of the three reporting agencies: Equifax (800) 525-6285; Experian (888) 397-3742; and TransUnion (800) 680-7289. The agency you contact will alert the remaining two agencies. This fraud alert expires after ninety (90) days so you will need to renew the alert on day ninety-one (91) for the foreseeable future.

4. Routinely review bank account statements, credit card statements and telephone charges for any unauthorized activity.

5. File an Identity Theft Affidavit with the Internal Revenue Service (IRS Form 14039). This form alerts the IRS to mark your account to identify questionable activity such as someone other than yourself filing a tax return in your name and claiming your refund.

The Federal Trade Commission Consumer Information website at www.consumer.ftc.gov notes that identity thieves, upon obtaining your personal information, can withdraw funds from your bank accounts, charge purchases to your credit card, open new utility accounts or use health insurance information for medical charges.

Identity thieves also know that immediately upon being notified that your personal information has been obtained by unauthorized persons you will diligently be watching and monitoring your accounts for unauthorized activity. It could be a few months, a year or several years before the identity thieves actually attempt to do something with your personal information.

As the foregoing summary indicates, these are serious matters and should be addressed by all affected employees immediately as well as in the near and distant future.