You may have heard in recent weeks about several high-profile data breaches at national databank, retail, and other companies. Some of you may even have received direct communications from these companies, indicating that your personal data has been accessed by unauthorized individuals and urging you to take steps to determine if you have been a victim of identity theft.
In light of these breaches and the ever-present risks of identity theft that exist in America today, we wanted to provide some pertinent information that we hope will be helpful to you in the Penn community, as well as your friends and family.
—Lauren Steinfeld, Chief Privacy Officer
—Dave Millar, Information Security Officer
Protecting Your Data and Yourselves from Identity Theft
The 1990s spawned a new variety of crooks called identity thieves. Their stock in trade is personal information. An identity thief obtains some piece of your sensitive information and uses it without your knowledge to commit fraud or theft. Identity theft is a serious crime and carries with it serious criminal penalties.Victims of identity theft can spend months or years—and their hard-earned money—cleaning up the mess the thieves have made of their good names and credit records. Some victims have lost job opportunities; been refused loans for education, housing or cars; or even been arrested for crimes they didn’t commit. Unfortunately, you cannot completely control whether you will become a victim of identity theft. But you can minimize your risk by managing your personal information cautiously and with heightened sensitivity.
Penn cares about protecting privacy and is regularly evaluating systems and processes to improve our ability to protect your data. But you yourself can and should take steps to minimize the risk of falling victim to the ever-growing and serious problem of identity theft. Below are suggestions for minimizing such risk:
• Do not give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or are sure you know who you’re dealing with. A recent crime, known as “phishing,” involves a thief posing as a legitimate business—quite possibly one you’ve already dealt with—asking you to provide sensitive data so they can allegedly “update their files” or “protect your data.” Be wary of unsolicited e-mail asking you to enter any kind of sensitive information like passwords, credit card numbers, bank account numbers or ATM PINs.
• Guard your mail and trash from theft. Remove mail from your mailbox promptly. Tear or shred your charge receipts, copies of credit applications or offers, insurance forms, and other documents containing your personal information.
• Place passwords on your credit card, bank and phone accounts whenever possible. Avoid using easily available information like your mother’s maiden name or your phone number as a password. When you’re asked for your mother’s maiden name, for example, try supplying a password instead.
• Secure personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
• Limit the identification information and the number of credit and debit cards that you carry to what you actually need. Unless absolutely necessary, do not carry documents that contain your Social Security number.
• Consider your computer: Your computer can be a goldmine of personal information to an identity thief. To help safeguard your computer and the personal information it stores:
• Update your virus protection software regularly.
• Do not download files from strangers or click on hyperlinks from people you don’t know.
• Assign a strong, complex administrative password to your computer.
• Promptly apply security patches for your operating system.
• Consider activating your system’s firewall (Windows XP and Macintosh OS X) especially if you have a high-speed or “always on” connection to the Internet.
For more information on identity theft, including how to tell if you’ve been victimized and/or what to do if you are a victim, visit www.consumer.gov/idtheft. Further, Penn has several resources to assist you depending on the nature of the concern. You are welcome to contact:
• Lauren Steinfeld, Chief Privacy Officer, at email@example.com or at 888-BEN-TIPS. See also www.upenn.edu/privacy.
• Dave Millar, Information Security Officer, at firstname.lastname@example.org or at (215) 898-2172. See also www.upenn.edu/computing/security.
• Detective Jane Curry, Division of Public Safety, Penn Police Department, at (215) 898-4485. See also www.publicsafety.upenn.edu.
Almanac, Vol. 51, No. 27, April 5, 2005