1.

What reasonable steps could John have taken to protect his identity in the chat room?

2.

What steps should any employer take to prevent being unwittingly complicit in identity theft?

3.

If you have a data breach what actions should you take?

4.

What can you do if your identity was stolen from a overseas bad actor?

1) Dont give your fullname, real surname, or location info if not necessary or
unless you trust the person you are giving that information. Information such
as birthday, full name, SSN is dangerous as it can hit your credit. First off, John
should have never used either his first name or last initial as a username in the chat room. He
should have made a username up to avoid people knowing his name. Second, John shouldnt
have revealed personal information to Jane. When he gave Jane all that information he not
only put his identity at risk but also his family identity, since he gave an address to Jane and
she can go to the house and find out everyones information by going through the trash. John
should have been more careful. He was also wrong when he shared his real email address
since most of the time you have your personal information in that account too. You should
never revealed anything that has your personal information on it.

2) I think it would be very hard to prevent this without placing some very strict rules and policies
in the company about giving personal information to strangers over the phone or email. One
thing a company could do is if someone needs personal information about an employee the
persona answering the phone should transfer the call to the person whose information is
needed so that that person can decide whether or not to share that information with the
person calling. I would place a no tolerance rule on sharing personal information other than
your own through the telephone, email, or any kind of electronic communication. I know this
would be very hard but there are steps one could follow to not put in jeopardy other peoples
identity.

https://www.privacyrights.org/how-to-deal-security-breach
http://plusweb.org/Portals/0/CHAPTER/CM2014/10_Actions_to_Take_When_a_Breach_
Strikes.pdf
3 Considering a data breach in my personal information (not my business
company)
Your first step is to figure out what type of breach has occurred. That will help you determine the
action that you need to take. The four major types of breaches are:

A breach involving your credit or debit card information at a retailer's point-of-sale terminal
(cash register)

A breach involving another existing financial account

A breach involving your driver's license number or another government-issued ID document

A breach involving your Social Security number

Ask your financial institution to cancel your account and issue it with a new account number.

Carefully monitor all your account transactions online.

If your financial institution offers it, set up text or email alerts of any activity.

Make sure that your account statements arrive in your mailbox at their normal time.
Consider setting up access to online statements, with email notification from the card issuer
when your statement is ready for viewing.

If you become aware of any fraudulent transactions, immediately call your financial institution
and follow up by formally disputing the transaction in writing.

Be suspicious of any email or phone call that you might receive about the breach that
requests personal information.

6. Breaches involving your driver's license number or another government-issued ID

document
If you are notified of a breach involving your driver's license or another government document,
contact the agency that issued the document and find out what it recommends in such situations.
You might be instructed to cancel the document and obtain a replacement. Or the agency might
instead "flag" your file to prevent an imposter from getting a license in your name.
7. Breaches involving your Social Security number (SSN)
If the breach involved disclosure of your Social Security number (SSN), a fraudster could use that
information to open new accounts in your name. This is called "new account fraud". You will not
immediately know of the new accounts because criminals usually use an address other than your
own for the account. Since you will not be receiving the monthly account statements, you are likely
to be unaware that the accounts have been opened in your name.

The next 5 sections (Sections 8-12) of this guide provide instructions on how to establish fraud
alerts, order and monitor your credit reports, and place a freeze on your credit reports.
8. Notify the credit bureaus and establish a fraud alert
Immediately contact the fraud department of any one of the three credit reporting agencies -Experian, Equifax, or TransUnion to request a fraud alert. When you request a fraud alert from one
bureau, it will notify the other two for you. Your credit file will be flagged with a statement that says
you may be a victim of fraud and that creditors should take additional steps to verify your identity
before extending credit. The federal Fair Credit Reporting Act (FCRA) enables you to place an initial
fraud alert for 90 days. The fraud alert may be renewed on the 91st day for another 90 days. You can
continue to renew a fraud alert indefinitely. You may cancel the fraud alerts at any time.

Equifax fraud department: (888) 766-0008

Web: https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp

Experian fraud department: (888) EXPERIAN (888-397-3742)

Web: www.experian.com/fraud

Trans Union fraud department: (800) 680-7289

Web: www.transunion.com/corporate/personal/fraudIdentityTheft/fraudPrevention/fraudAlert.page

9. Order your credit reports

10. Examine your credit reports carefully
When you receive your credit reports, look for signs of fraud such as credit accounts that are not
yours. Check if there are numerous inquiries on your credit report. If a thief is attempting to open up
several accounts, an inquiry will be listed on your credit report for each of those attempts. Usually
identity thieves do not succeed in opening all of the accounts that they apply for, only some. So
multiple inquiries that you yourself have not generated are a sign of potential fraud. Also, check that
your SSN, address(es), phone number(s), and employment information are correct.

3) 4 https://www.fbi.gov/about-us/investigate/cyber/identity_theft
4) https://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf
5)
WHAT TO DO IF YOU'RE A VICTIM OF IDENTITY THEFT
Step One: Contact the fraud department of the three major credit bureaus

Experian (TRW) 888-397-3742

TransUnion 800-680-7289

Equifax 800-525-6285

Step Two: Contact the account issuer in question

Ask for the fraud/security department of the compromised or fraudulent account issuer.

Notify them by phone and in writing.

Close all tampered or fraudulent accounts.

Ask about secondary cards.

Step Three: Contact your local police department

Notify the police department in the community where the identity theft occurred.

Obtain copies of all police reports made.

Keep a detailed log of all contacts:

Location called.

Name of person(s) you spoke to.

Title and call back number with extension.

Ask and write down what the procedures are for that entity.