Saturday, October 20, 2007

GRRRR... data breach

An outfit called Iron Mountain lost a boatload of data from Louisiana Student Financial Aid applications. I went to the State of Louisiana's helpful web site and found that yep, I was one of the folks whose data was lost. Here is what they have to say:

It is indicated that your data was involved in this potential data exposure. Your name and Social Security Number were in the potentially exposed data. However, no financial information was included in your records.

Please understand you do not have to close any accounts. To our knowledge, there was no data in your LOSFA record that was financial in nature. No credit card account numbers were affected. However, do add a password to all your accounts if you wish to add an additional level of security.

At this time, we strongly suggest you take the following steps:

* Contact the 3 credit reporting agencies listed below. These are all computerized systems which will require your Social Security Number (SSN). Please call all three. If you need help, ask one of our representatives to assist you.

Equifax: Call (800) 525-6285
Experian: (888) 397-3742
TransUnion: (800) 680-7289

* Report to each agency that your personal identifying information was compromised and you have the potential to become a victim of identity theft. Place a fraud alert with each Credit Reporting Agency (asking companies to contact you prior to issuing credit), and request your FREE copy of the credit report. It is free because your information was breached. If you are asked, respond that you are a potential victim of identity theft. You should do this for yourself and any family member whose Social Security Number was compromised. Please note: This alert is a temporary 90-day advisory statement and should be renewed every 90 days for a period of at least one year.

It is important for you to contact the fraud alert phone numbers we have provided to you. Follow the prompts on the phone tree to the part on fraud alerts. This is when you ask for you the fraud alert and again each time you want to renew the fraud alert. The Credit Reporting Agencies will try to sell you a credit monitoring service. If you choose another prompt other than the fraud alert you will most likely be offered a product, such as a credit monitoring service. Our contractor, the Identity Theft Resource Center, advises that these monitoring services add little, if any, protection from identity theft. Nevertheless, the decision whether to purchase a monitoring service is up to you. VERY IMPORTANT - You do NOT have to pay for a monitoring service to place the fraud alert or pay just to renew the fraud alert. On the 91st day after each fraud alert, you should call all three Credit Reporting Agencies and renew the fraud alert.

All credit reporting agencies offer credit monitoring services that you may purchase. We do not have any arrangements or contracts with these agencies and do not advocate that you purchase these services since you can monitor your credit reports for free. However, if for your convenience you wish to participate in one of these services, Equifax has told LOSFA that it will provide the monitoring service to those individuals whose data was lost at a reduced rate. For further information and a description of the service, please click here.

* When you get your credit reports, look them over carefully. If you see an account that is not yours, notify us immediately at 1 (800) 645-7990. Be aware, you may see errors on the report that were there before the information breach. If you need assistance reading these reports, our representatives are available to help you understand them.

* It may take several weeks or months for fraudulently opened accounts to be reported. Therefore it is important for you to check your credit reports a second time in about 2-3 months. Use your free annual credit reports for this by calling 877-322-8228. For more information, please go to and refer to Fact Sheet 124 - Credit Freezes and Fraud Alerts.

* If you wish to take additional preventative measures, you may want to consider placing a credit freeze on your credit reports. Louisiana allows all consumers to place a freeze on credit reports. Placing the credit freeze is free of charge if you are a victim of identity theft or age 62 or older. A nominal fee is charged otherwise. If you are a resident of another state, please go to for a nationwide state resource map or and refer to Fact Sheet 124 - Credit Freezes and Fraud Alerts for the information you will need.

* If you receive unsolicited calls, you should not provide any information of a personal nature or information related to your bank or investment accounts. In general, you need to be alert to suspicious activities regarding personal and financial information.

If you have any questions, you may contact 1 (800) 645-7990. In addition, a website has been developed providing valuable information on steps to be taken if you suspect personal identity theft has occurred. You can also visit our website by going to We have also arranged for a non-profit organization, the Identity Theft Resource Center (ITRC), to consult with the Louisiana Office of Student Financial Assistance during this situation.

Sigh. So now you know what I'm going to be doing Monday...

-- Badtux the Compromised Penguin


  1. dang it...those instructions were like 5pages long...

  2. The VA did it to me with the stolen laptop. If they have your Social Security number they can make your life miserable.

    They demand all of this information and then make minimal effort to protect it. There should be a bond to reimburse people for the time and aggravation.


Ground rules: Comments that consist solely of insults, fact-free talking points, are off-topic, or simply spam the same argument over and over will be deleted. The penguin is the only one allowed to be an ass here. All viewpoints, however, are welcomed, even if I disagree vehemently with you.

WARNING: You are entitled to create your own arguments, but you are NOT entitled to create your own facts. If you spew scientific denialism, or insist that the sky is purple, or otherwise insist that your made-up universe of pink unicorns and cotton candy trees is "real", well -- expect the banhammer.

Note: Only a member of this blog may post a comment.