my passport and social security card have been compromised

[obfuscateme]

[I'm posting as a new user to further obfuscate my identity, but I have been on AT (primarily as a lurker) for > 6 yrs]

My passport and SS card are kept at my parents' home and I needed a copy for work. Being lazy and not wanting to inconvenience them to travel to me, I asked my dad to scan and email them to me. However, he incorrectly spelled my email address and the message did not bounce back. I must assume that someone is now in possession of a scanned document that contains my passport and social security card. It's a long shot, but I have written to this person asking them to delete the file. However, I know I must take whatever measures to protect myself.

I understand that I probably shouldn't have sent such sensitive information through email (unencrypted at that). But it was a lapse in judgment and now I must figure out how best to protect myself.

I've called my bank and a CSR helped me create a password to the telephone authentication system so that no one could call impersonating me. I was also advised to contact the credit bureaus and have an alert placed. While it isn't foolproof, I'm also considering Lifelock service that monitors one's credit for any new accounts or loans that are opened.

• What could a malicious person do with this information (full name, DOB, place of birth, SSN, scanned copy of passport and SS card)
  
  What can/should I do to protect myself?

I'm sort of freaking out and worried as to what could happen...

Thanks.

 

[OCGuy]

Obtain credit. Put a fraud alert on all three bureaus immediatly. They will be instructed to call you before issuing any new credit to your SS#.

 

[rudeguy]

you needed a new username for this?

 

[potato28]

Originally posted by: rudeguy
you needed a new username for this?

Tin foil hat at max. I've done the same a few times in a different sense.

 

[obfuscateme]

Originally posted by: rudeguy
you needed a new username for this?

well i have a forum-specific user name that i use on forums all over the internet. someone could come across this thread/posting and try to piece together some information by searching that username. thus, i made a new one to try to prevent that.

as for a fraud alert, how does this differ from a credit freeze? also, what is the duration of such a alert/freeze? i'm guessing that i should be concerned for at least the next several years.

also, i have a pretty ethnic last name and that message (which was addressed to myname@xyz.com, but missing one letter) could have very well been received by someone in that country. should i be concerned that a scan of my passport is out there?

beyond finances what are some other things i should be concerned about?

 

[OCGuy]

There would be no reason to freeze it long term, because you are going to want to use credit at some point. A fraud alert is good until you remove it I believe. Even if it expires, you can renew it.

 

[obfuscateme]

just placed a 90-day fraud alert online through Equifax's site...

 

[spidey07]

I'd just freeze it so more info is needed. Also call the passport agency, whatever that is and get a new one and a new number and say your old one was compromised.

A credit "freeze" just means there are a whole lot more hoops that need to be stepped through to get it and in your case those hoops you can step through.

-edit-
What "can" they do with that? Just about anything. Two forms of federal identification.

 

[Cheesetogo]

Lifelock!

 

[jamesbond007]

Google Search

I did a report about this in one of my classes in my senior year this year at college. There's a number of steps to take, but contacting your local police station, calling all of your creditors, bank (I see you've called Equifax, good!) and contacting whatever business where your information was lost at is just the beginning. Keep track of who you called and when because you can collect reimbursement for your time spent on tracking and securing your state of living.

Best of luck to you!

 

[jamesbond007]

Originally posted by: Cheesetogo
Lifelock!

Is not 100%. Did you miss the memo? 😛 The guy who gave out his name and SS# actually had several forms of credit established successfully. I believe this took place within the last year or so, if I'm not mistaken.

 

[George P Burdell]

Well, somebody has your SSN, full name, DOB, address, place of birth and passport number. Place a fraud alert on your SSN, make sure the alert stays active for the next 5-10 years. If you don't have valid visas on your passport, you may consider reporting it as lost/damaged and getting a new one (although I'm not sure if this will do any good).

 

[kranky]

While it's important to take those precautions, don't freak out about it. It's quite likely that the email went to someone who (1) deleted it without opening it because they didn't recognize the sender; (2) opened it, thought "WTH is this?" and deleted it; (3) opened it, thought "Ooh, I wonder what I could do with this?" but has no idea how to exploit it; (4) opened it, thought "Oh, this has to be a setup." and deleted it; (5) opened it, said "That doesn't look like my grandson's new school picture. That internets is all broken" ; or (6) abandoned that email address and it will never be seen.

The odds are against some random recipient being clever enough to cause you harm.

 

[ponyo]

Freeze your credit. It's cheap, easy, and quick. Make sure to freeze all three bureaus. One of the bureaus, I think TransUnion, is giving free credit freezes. Do it online.

I froze my credit. I have no need for any new credit right now and even if I did, it only takes minutes to unfreeze with a pin and can then resume the freeze. It's the best and the cheapest solution.

 

[alkemyst]

mods please ban this dude for creating a new account and simply being too emo to exist.

SRSLY OP, kranky is right on.

What do you really stand to lose though?

 

[obfuscateme]

Well none of those documents actually have my address on it, otherwise I'd be really concerned.

I also spoke with a CSR at the US State dept. and they said that I shouldn't be too concerned as it's just a scan and no one should be able to successfully apply for a new passport using that info.
I've created a google calendar alert to remind me to renew my fraud alerts; here's to continually renewing my fraud alerts and checking my credit report for the next several years...

 

[Baked]

Originally posted by: obfuscateme
just placed a 90-day fraud alert online through Equifax's site...

It's a little too late for that. That's like buying a safe for you guns after your guns were stolen.

 

[SKORPI0]

I was under the impression that having a second account is a bannable offence. I just don't see the reason/justification and what it accomplishes and for whatever reason. Or is it ok now because of some circumstances.

Forum Guidelines

Member and Posting Guidelines

8) Only one account is allowed per person. If you've been given a vacation or a ban, do not create a new account. Instead, please discuss the matter with our moderators via email at moderator@anandtech.com. We have various ways to check if accounts were started by the same person. We will also permaban new accounts based on strong circumstantial evidence or the appearance that they may be secondary accounts.

 

[obfuscateme]

Originally posted by: SKORPI0
I was under the impression that having a second account is a bannable offence. I just don't see the reason/justification and what it accomplishes and for whatever reason. Or is it ok now because of some circumstances.

Forum Guidelines

Member and Posting Guidelines

8) Only one account is allowed per person. If you've been given a vacation or a ban, do not create a new account. Instead, please discuss the matter with our moderators via email at moderator@anandtech.com. We have various ways to check if accounts were started by the same person. We will also permaban new accounts based on strong circumstantial evidence or the appearance that they may be secondary accounts.

I wasn't aware of this, but have since been informed of such. This thread will be open for a little bit more for any additional feedback, but this thread and account will be locked thereafter.

 

[SagaLore]

Originally posted by: obfuscateme
However, he incorrectly spelled my email address and the message did not bounce back.

That doesn't necessarily mean the account is being used. You could also ask your ISP to delete that email for you.

Can you PM me your email address, and the misspelled email address? I can test to see if the latter exists.

 

[bunker]

Stay away from LifeLock. All they do is renew the 90 day fraud alert on your credit reports for you every 90 days.
It was on 60 minutes or 20/20 a while ago.

 

[IEC]

This is why you NEVER EVER treat email as a secure form of communication.

 

[AccruedExpenditure]

I love how you assume the person with your missed spelled e-mail alias is going to scam you. LOL, did your father type l33thax99 instead of l33thax98, LOL

 

[OdiN]

Step 1:

Don't have sensitive personal information such as this SENT UNENCRYPTED IN AN EMAIL!!

 

[Kaieye]

If I received your email, I would just delete it. I am sure a lot of organizations have your SS number and DOB without you knowing it.