Each year, major security breaches affect millions of people throughout the nation, including here in Maine. For example, a lost computer tape that contains their personal information possibly affected about 188,000 student loan customers nationwide of Nelnet, Inc. At Ohio University, the Chief Information Officer resigned and its director of computing and network services was suspended following multiple data breaches that compromised 367,000 personal records. And the biggest breach on record was the United States Department of Veterans Affairs report in early May that a laptop containing the private information of over 26.5 million military veterans had been stolen from a VA employee’s home. The laptop has since been recovered, but no one can confirm that the data wasn’t compromised.
New security breach incidents are reported each month, affecting Social Security numbers, financial records, medical records and other personal information — bringing identity theft to a whole new level.
What can you do if your personal information has been compromised?
First, you can expect to be notified. Many states have followed the California Security Breach Information Act (SB-1386), a state law requiring organizations to inform individuals if the security of their information is compromised. Maine’s LD 1671, signed on June 10, 2006 and effective January 31, 2006, is not quite as robust because it covers only information brokers, not actual organizations. But it’s a start. It requires “notice of a breach of the security, confidentiality, or integrity of unencrypted, computerized, personal information to residents of the state;” and provides civil penalties for violations. And while companies can opt to only inform residents in states with security breach laws, most are reportedly “doing the right thing” by informing all customers, no matter where they live. Congress is also getting into the act with discussion of a national law.
Second, if your personal information is compromised, it doesn’t necessarily mean you’ll become an identity theft victim. In other words, you don’t need to automatically close all your bank accounts and credit cards.
Here’s what you can do to reduce your risk of fraud.
- Take a good look at your credit report and address any discrepancies. It’s available at no cost at www.annualcreditreport.com, the official site established by the three national consumer credit reporting companies, Equifax, Experian and TransUnion. Contact the fraud department at one of these companies directly if you have questions, find errors, or feel you should report a fraud alert (the company you contact will notify the other two).
- Look carefully at all your bank and credit card statements, and report any fraudulent activity. One of our clients recently found a Hurrydate monthly subscription fee on her credit card bill. She hadn’t signed up for this service and isn’t even dating! She called Hurrydate and discovered that someone else has used her account number to sign up. The credit card company issued her a new account number and cancelled the old one, and Hurrydate reimbursed the charges. Another client of ours experienced a breach of their bank account information. They had to change their account.
- Pay attention to “junk” mail. You could possibly receive credit cards in the mail that you didn’t apply for, or debt collection notices for accounts you didn’t open.
- Shred all financial papers you don’t keep, including credit card offers. This way, no one can pick through your trash and send in a credit card offer using a “change of address.”
- Consider buying identity theft insurance. Many insurance companies offer insurance policies that cover identity theft-related attorney bills, lost wages, loan reapplication fees, and notary, phone, mailing costs and more.
- Call your bank and/or credit card company if you’re concerned. They can check your account records, print out recent activity, and stop payment on any fraudulent checks.
- Take action if you believe you’re a victim of identity theft or credit fraud. There are a number of steps you can take to rectify the situation as quickly as possible. The Federal Trade Commission’s identity theft web site, www.consumer.gov/idtheft, is a great place to start. (Please see our related articles on tax breaks for loss of property due to theft, and “phishing.”)
The IRS Offers Tax Deduction for Losses
If you’ve been the victim of identity theft and have incurred a loss as a result, the Internal Revenue Service may offer some relief. Taxpayers who experience certain types of “major personal casualties,” including loss of property due to theft, may be able to recoup some of their losses through tax savings—if they qualify under the IRS guidelines. According to the IRS, “a theft is the taking and removing of money or property with the intent to deprive the owner of it. The taking of property must be illegal under the law of the state where it occurred and it must have been done with criminal intent.”
The qualifying loss figure can be a complicated and confusing calculation. For instance, if you have insurance that would cover such a loss, that coverage would of course be deducted from your loss. Then the IRS guidelines include a $100 loss reduction per event. Third, after combining your losses (if more than one loss occurred and the above considerations were deducted), the IRS would require you to reduce the losses by 10% of adjusted gross income. Since only the loss amount above this “floor” can be deducted, this may wipe out any amount you could have claimed for tax savings.
Please contact us if you’ve been a victim of identity theft and have experienced a loss. We can review the IRS’s qualifying factors with you and calculate the necessary deductions to determine whether or not you can claim the loss for tax savings on your tax return.
Our financial articles are presented by Honeck O’Toole, Maine-based certified public accountants. If you ever have questions about your finances, email us or call 207-774-0882.