Notes On Consumer Affairs
Recent reports involving data security breaches at major national businesses have left consumers justifiably on edge. On June 17, 2005, MasterCard announced that a hacker may have obtained the personal information of up to 40 million credit card holders, in what may be the largest data security breach in the world to date. This alarming news follows several data security breaches revealed in February and March 2005 at national data brokers ChoicePoint and LexisNexis involving more than 177,000 consumer profiles. The shoe outlet DSW also recently announced that thousands of New York consumers and over 1.4 million customers nationwide were exposed when credit card information was stolen from their customer database.
In order to ensure that New York consumers receive notice of any security breach involving personal information that could be used to commit identity theft, Assemblyman James Brennan, I, and others sponsored the Information Security Breach and Notification Act (A.4254-A), which the Legislature passed and is awaiting action by the Governor. This bill would require private businesses and government agencies to provide consumers with adequate notice of a security breach, authorize the Attorney General to recover damages on behalf of victims not receiving a required notice and establish fines for businesses that fail to provide notice. While this important identity theft protection measure has yet to become law, many nationwide companies are choosing to notify customers on a nationwide basis.
If you receive a notice that your personal information may have been accessed by an unauthorized individual or if you are, or believe you may be, the victim of identity theft, you should consider placing a fraud alert on your credit files. There are two types of fraud alerts, and both can be placed free of charge. An initial alert remains on your credit file for up to ninety days and requires creditors to contact you for confirmation before opening any new accounts or making changes to existing accounts. An extended fraud alert provides the same protection, but lasts for seven years and requires creditors to call or contact you in the method you designate once you have placed the alert. Those requesting an extended alert must submit a copy of a report filed with a law enforcement agency. To place a fraud alert contact one of the three major credit reporting agencies.
Once you contact one agency, the others will be notified. Contact Equifax at: 1-800-525-6285, www.equifax.com, or P.O. Box 740241, Atlanta, GA 30374-0241; Experian at: 1-888-EXPERIAN (397-3742), www. experian.com, or P.O. Box 2002, Allen, TX 75013; or TransUnion at: 1-800-680-7289, www. transunion.com, or Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790.
Another powerful weapon in the fight against identity theft is a security freeze. Several states, including California, Vermont, Connecticut and Maine, have enacted legislation authorizing consumers to freeze their credit files.
Security freezes allow consumers to prohibit access to the personal information maintained in their credit files unless they expressly consent to allow access, thus preventing identity thieves from taking out new loans and credit in their name.
A consumer who files a security freeze is provided a unique PIN or password that must be given to the credit reporting agency each time the consumer wants to allow access to the information.
In order to provide New York consumers with this important tool to prevent identity theft, I introduced A.7349-A.
This bill would allow victims of identity theft, and those who believe they may become victims, to place a security freeze. The bill advanced to the 3rd Reading in the Assembly. This issue will continue to be a priority of mine and the Committee.
To learn more about what to do if your personal information has been compromised due to a data security breach or placing a fraud alert on your credit files please visit the Federal Trade Commission’s (FTC) website at www.ftc.gov or its Identity Theft website at http://www.consumer.gov/id theft/ . You may also contact the FTC by calling their toll-free number at
1-877-FTC-HELP (1-877-382-4357) or for TTY, 1-866-653-4261.