Unfortunately you can be a victim of identity theft for some time before you find out. Look for the following strange occurrences, which might indicate that you’ve been a victim of identity theft:

  1. You are sent a bill addressed to you by a company for services you did not apply for;
  2. A bank or credit card company informs you that it received an application for credit in your name, or you have been approved or denied credit, when you did not apply for the credit;
  3. You no longer receive credit card statements;
  4. You notice that not all of your mail has been delivered lately;
  5. A collection agency calls about a debt you’ve never incurred; or
  6. There are changes to your credit rating.

What Should You Do If You Suspect You are a Victim of Identity Theft?

There are certain practical steps you can take if you think you’ve been a victim of identity theft. Before you start, make sure you keep a record of every step you take in reporting the crime and re-establishing your reputation and your credit record. Keep a record of all the expenses you incur while doing so. The record of your efforts and expenses may be necessary to prove to some creditors that you did not actually incur the particular debt. It will also be useful evidence if you are able to sue for recovery of your losses.

  1. Report the crime to the police immediately.
  2. Ask for a copy of the policy report so that you can provide proof of the theft to other organizations you will need to contact.
  3. Call your bank, credit card companies and other service providers (phone, cable, internet, utilities) to cancel your accounts and cards and get replacements. Confirm all recent activity on your accounts. Insist on password-only access to your accounts. Do not use your mother’s maiden name. Ask whether any new accounts have been opened in your name. Do a follow up check on this in three months.
  4. Report the loss or theft of government documents to the issuing authority. Documents issued by the federal government include your passport and your Social Insurance Number. Documents issued by provincial and territorial governments include your driver’s license and Care Card.
  5. Contact Canada Post to ensure your mailing address has not been changed or to correct any fraudulent changes.
  6. Contact PhoneBusters, the Canadian Anti-Fraud Call Centre at 1-888-495-8501.
  7. Contact the credit reporting agencies to have a “fraud alert” put onto your credit record to reflect the identity theft. Do a follow-up check three months later.

Credit reporting agencies are private businesses that provide credit grantors (such as banks and loan companies) with information about your credit records, which the grantor uses to assess your creditworthiness. Most credit grantors will not extend credit without checking your record at one or more of the credit reporting agencies.

An Information Leak – a “Privacy Breach” that can happen anywhere

Identity theft is a major risk when your privacy is “breached” because of an “information leak.” Generally, a privacy breach occurs when an organization, a government body or government institution has failed to adequately protect personal information. Sometimes though, even when the security is sufficient, employee error or misconduct can result in a privacy breach.
A privacy breach can happen any number of ways:

  1. an organization’s database is hacked by an outsider;
  2. information is copied or taken by an insider;
  3. an employee without proper authorization views or uses personal information;
  4. a computer or a storage device (such as a smartphone, a CD, a disk or a memory stick) is lost or stolen;
  5. information is mistakenly sent to the wrong address or fax number or email address;
  6. paper records containing personal information are not properly shredded before recycling or electronic storage media are not securely destroyed before disposal;
  7. an organization is a victim of “pretexting” – when an individual uses some personal information to trick an employee into believing that it is appropriate to give out more personal information – for example by posing as the individual or some other authorized person.

Privacy Breaches – Huge Amounts of Information Can Be Stolen At Once

On February 6, 2009, a law enforcement agency seized a computer file with data from Kaiser Permanente, a large health insurer, from a person who was subsequently arrested. The suspect was not a Kaiser employee. Kaiser Permanente is notifying nearly 30,000 Northern California employees that the security breach may have led to the release of their personal information. The stolen information included names, addresses, dates of birth and Social Security numbers for Kaiser employees.

On Jan 20, 2009, Heartland Payment Systems, announced it had found evidence of malicious software that compromised card data that crossed Heartland’s network. This incident may be the result of a global cyberfraud operation. Heartland processes more than 100 million transactions per month. According to BankInfoSecurity.com, more than 200 financial institutions have come forward to say they have been contacted by their credit card companies Visa and MasterCard in relation to the breach.

On January 7, 2007, TJX Companies/Winners Merchants International LLP announced that it had suffered a network computer intrusion affecting the personal information of an estimated 45 million payment cards in Canada, the United States, Puerto Rico, the United Kingdom and Ireland. Later in 2007, U.S. Secret Service agents found TJX customers’ credit card numbers in the hands of Eastern European cyber thieves who created high-quality counterfeit credit cards. Victims are from the U.S., Europe, Asia and Canada, among other places. Several Cuban nationals in Florida were arrested with more than 200,000 credit card account numbers.