According to the Identity Theft Resource Center’s most recent Data Breach Report, between Jan. 1, 2005, and Aug. 31, 2018, there have been 9,395 breaches. That accounts for more than 1.1 billion records compromised.
Federal government and various businesses have recently taken more aggressive measures to build up our defenses. The Trump administration’s new cybersecurity plan, for example, includes more offensive measures toward foreign cyberattacks. Despite this, criminal strategies continue to evolve and grow in sophistication, keeping consumers vulnerable to identity theft and fraud.
But some Americans are more susceptible than others to such crimes. In order to determine who is most likely to be exposed to and affected by identity theft and fraud, credit-monitoring website WalletHub compared the 50 states and the District of Columbia across 10 key metrics. WalletHub’s data set ranges from identity-theft complaints per capita to average loss amount due to fraud.
The most vulnerable states were found to be:
- New Jersey
- District of Columbia
- New York
- West Virginia
- North Dakota
The least vulnerable states were, ranking from 42 to 51: Wyoming, Montana, Indiana, Kentucky, Wisconsin, Maine, Iowa, Vermont, South Dakota, and Hawaii.
South Dakota had the fewest identity-theft complaints (per 100,000 residents), 46, which is 4.2 times fewer than in the District of Columbia, the most at 192. North Dakota had the fewest fraud complaints (per 100,000 residents), 277, which is 4.1 times fewer than in the District of Columbia, the most at 1,141.
Meanwhile, the District of Columbia had the lowest average loss amount due to online identity theft, $1,425.71, which is 22.1 times lower than in Ohio, the highest at $31,450.76. The District of Columbia also has the lowest median loss amount due to fraud, $309, which is 1.8 times lower than in Wyoming, the highest at $565.
WalletHub consulted a panel of experts on how to best safeguard our data against cyber criminals and compiled some quick tips for avoiding identity theft and fraud. These include emphasizing email security, signing up for credit monitoring, properly managing online accounts and keeping contact information up to date, and – last, but by no means least – using common sense.
Many people realize the importance of using strong passwords for all financial accounts, but may not realize how essential it is to focus on email. Your primary email address will likely serve as your username and means of resetting your password on other websites. If it’s vulnerable, all of your other accounts will be, too. As a result, WalletHub recommends you use an especially secure password and establish two-step verification for this account.
One of the experts consulted for the report – Amy J. Schmitz, who is an Elwood L. Thomas Missouri Endowed Professor of Law at the University of Missouri – recommends staggering your free credit monitoring reports throughout the year; for example, Equifax in January, Experian in May, and Transunion in September. “This allows you to see your credit reports throughout the year without paying additional fees,” explained Schmitz.
“When reviewing your report, look for new accounts you didn’t open or suspicious activity. Look closely for inaccurate information, and don’t be fooled if everything looks fine. Once a cybercriminal has your information they can use it later or sell it to another thief,” she said.
Schmitz said that “if you suspect that your information has been compromised, or hear about a breach that may have impacted your information (for example, the recent Facebook breach), you can place a Security Fraud Alert on your credit.”
“This serves as a ‘red flag’ for merchants and lenders to take extra precautions when granting credit. They must contact you directly to verify your identity. This assures they are granting credit to the right person. You can place a fraud alert with any of the three main credit agencies listed above,” she continued. “Once you notify one and request an alert, they are required to notify the other agencies on your behalf so alerts will be placed on them as well.”
For additional protection, Schmitz said, you can also place a freeze on your credit report. “This will completely shut down your credit. No access,” she said. “This makes it impossible for any new accounts to be opened in your name. With a credit freeze, only you can authorize access to your report. Any requests must be approved by you.”
Another of the consulted experts, Balakrishnan Dasarathy, professor and program chair Cybersecurity & Information Assurance at the University of Maryland University College, said the expansion of social media is facilitating identity theft.
“People are divulging a lot of their personal information, their habits (e.g., I am normally at the gym between 6 and 7 p.m.), their birthdays, anniversary dates and their whereabouts,” he said. “Often, it is easy to cross-check and/or discover additional information about a person such as her address, relatives, age, etc. online and with phishing using the information obtained from social media sites. Armed with this information, it is not hard to obtain other personally identifiable information such as Social Security number of an individual from places such as hospitals, doctor’s offices, etc.”
Dasarathy says many steps can be taken to minimize sharing information with criminal elements. For example, he advises Facebook users share information only with friends and not the public and minimize tagging. “Your post with a tag of your friend will be in the friend’s timeline as well,” he said. “So, for example, more people will know about your vacation than you originally planned or intended to share. Understand security and privacy features or lack of them of social media sites you use and take steps to protect information about you and your family in getting into wrong hands.”
Yingying (Jennifer) Chen, professor of Electrical and Computer Engineering and member of the Wireless Information Network Laboratory at Rutgers University, believes a Social Security number should be made more difficult to steal and use.
“In my opinion, the form of the Social Security number needs to be changed from simple bare digits to more complicated form,” she said. “For example, the user’s Social Security number needs to be encrypted, which protects the information from being obtained by an adversary. It is also possible that the social security number is associated with the user’s signature or biometric information. Adding the additional authentication information could prevent the non-permitted usage of the user’s Social Security number.”
WalletHub’s full report, complete with all of the expert’s responses and full state rankings, can be found here.