No. of Recommendations: 0
Hello folks,

Here's the situation DW and I are finding ourselves in:

She scanned some forms yesterday at her workplace; forms which literally contained her life history, including SSN, DOB, Address et al. And instead of emailing it to herself, she inadvertently emailed it to the wrong email address (yeah, I groaned so loudly that all my neighbors thought I was dying!). The file wasn't password protected either and she couldn't recall the sent message.

Trying to be proactive I called all 3 credit bureau's and put a freeze on her credit file. However, my question is, since whoever received this email (we've also sent a request to this address asking them to destroy the file as it wasn't intended to be sent to them), now has every single detail of DW's life, what else can I do to prevent them from committing ID theft?

Is just calling the bureau's and putting a freeze on the credit file sufficient? I don't know if I can file a police report yet, because nothing has happened yet that we know of (and hopefully nothing will). But I just want to be proactive and see what I can do to minimize the damage.

I also considered emailing Google (the service provider) but I believe they aren't going to do anything till I get at least a court order and I'm not sure if I can get one just based on what I've stated above. Also if I do end up getting a court order and let's assume that Google does retract the message somehow, the damage is already done and what possibly can I do if the recipient has saved this attachment to his/her computer for future use?

Any suggestion/thoughts?

Thanks in advance!!
Coolnewbie
Print the post Back To Top
No. of Recommendations: 5
Nothing you can do, but I wouldn't sweat it. Chances are it's a not-used-very-much e-mail box anyhow - OR whomever got it saw an un-labelled attachment coming through their e-mail and was equally paranoid thinking "Oh My God - it's a spam/virus someone is sending to me!" I know I would NEVER, EVER open up an attachment sent to me unless it was both a) from someone I knew and b) the subject line was personalized so I knew exactly what it was (i.e., not "hey, check this out!").

Credit freeze is an excellent idea. And check your credit report a few times over the next few months. But really - chances are it's no issue.
Print the post Back To Top
No. of Recommendations: 2
I guess I WOULDN'T have sent a follow up e-mail saying, "hey I just sent you this really important thing - destroy it" That just ket's them know to look at it.

You will have best luck just letting it lie I think.
Print the post Back To Top
No. of Recommendations: 0
- OR whomever got it saw an un-labelled attachment coming through their e-mail and was equally paranoid thinking "Oh My God - it's a spam/virus someone is sending to me!"

Actually DW did send another follow up email to that email address stating exactly what you thought, that any attachments from the email address that the attachment was sent from is a virus...

Yeah, at this point I can just hope that whoever received it will just ignore it and nothing will happen.

I am not sure how credit monitoring services work, but at this point, since I've frozen DW's credit file with all 3 bureau's I'm not sure it would benefit me to sign her up for a credit monitoring service. The downside to the credit freeze is that if any of the existing creditors want to look up her file, they still can do so. I didn't look carefully enough to see if someone can still open a new account with a creditor that she already has an account with. For example, if she's already a Chase customer and this person calls up Chase to open a new account in DW's name, will Chase perform a credit check again before opening the new account or will they see the credit freeze on her file and stop the process? That's what i'm not sure about.

I've called the banks/credit card companies that have issued her a credit card and have requested them to flag her account with an alert. Hopefully all this will be enough to prevent someone from misusing her info.

But yes, I will continue to monitor her credit report (I already do that on a quarterly basis, thanks to Uncle Sam!) and see if I find anything suspicious.

Thanks for your time Gingko100!
Print the post Back To Top
No. of Recommendations: 0
It can also take a significant amount of time for email to bounce. The userid may not even exist.

The first thing I do when logging into email is to delete all the spam that made it through the filter, and most of the advertising email. An email from someone I didn't know with an attachment would be destroyed without reading.
Print the post Back To Top
No. of Recommendations: 3
Any suggestion/thoughts?

Yes, here is a suggestion:

Email is not secure unless it is a closed system. So even if she emailed it to herself it could be vulnerable. Email traffic can travel thru many hands before reaching it's destination. If you want to risk that such sensitive info won't be skimmed off at any point at least realize it is a risk.

I have had multiple employers who prohibit sending any company proprietary or ITAR restricted info thru email outside of the closed system unless it is encrypted. I sure wouldn't send any personal info (ss#, birthdate, etc.) thru email without encryption.

Here are a couple articles about what to do when a possible info breach happens. One of my W-2 forms showed up opened this year (ss# visible) and it looked like it was purposely mangled afterwards - great! So I'm doing the credit freeze now too. :(

Good luck!
Print the post Back To Top
No. of Recommendations: 0
Here are a couple articles about what to do when a possible info breach happens.

Now with actual links!

http://consumerist.com/2012/06/26/so-you-think-youre-the-vic...

http://consumerist.com/2013/01/28/my-w-2-arrives-ripped-open...
Print the post Back To Top
No. of Recommendations: 0
Email is not secure unless it is a closed system. So even if she emailed it to herself it could be vulnerable. Email traffic can travel thru many hands before reaching it's destination. If you want to risk that such sensitive info won't be skimmed off at any point at least realize it is a risk.

Thanks for reinforcing that and for the links you posted! Appreciate your help!
Print the post Back To Top
No. of Recommendations: 3
Freezing DW's credit accounts at the three CRA's will prevent anybody who has her personal information from opening up new lines of credit using her info. However, you cannot pull a credit report on a frozen account. You will have to unfreeze the account at each of the CRA's before you pull a credit report and then refreeze each account afterwards. But you won't really need to pull credit reports once an account is frozen, since no one, even you, can access your frozen history until it is unfrozen.

Fuskie
Who suggests pulling a report before the initial freeze...
Print the post Back To Top
No. of Recommendations: 0
Who suggests pulling a report before the initial freeze...

Very good point Fuskie! Especially since it does cost around $20 for a (freeze + unfreeze)!

Thanks for the suggestion!!
Print the post Back To Top
No. of Recommendations: 4
She scanned some forms yesterday at her workplace

You do realize the personal info is now also saved on the scanner's harddrive?
Print the post Back To Top
No. of Recommendations: 1
The cost to freeze or unfreeze varies state to state.

Fuskie
Who notes in some states it is cheap or even free in some circumstances...
Print the post Back To Top
No. of Recommendations: 1
Email is not secure unless it is a closed system. So even if she emailed it to herself it could be vulnerable. Email traffic can travel thru many hands before reaching it's destination. If you want to risk that such sensitive info won't be skimmed off at any point at least realize it is a risk.</>

I would tell her in the future to either use a service like Dropbox and transfer her files there or put the files on a flash drive and bring that drive home.

You do realize the personal info is now also saved on the scanner's harddrive?

Highly unlikely. My scanner at work doesn't save anything, everything is sent to the attached computer. I don't think it even has a hard drive installed.

Lara Amber
Print the post Back To Top
No. of Recommendations: 3
Highly unlikely. My scanner at work doesn't save anything, everything is sent to the attached computer. I don't think it even has a hard drive installed.

Lara Amber


Scanners that can email have hard drives. The entire document is scanned, and then emailed.

The file is deleted from the scanner, but most don't do a secure erase. Eventually other documents will over write the area. The problem is the deleted files that can be recovered from decommissed scanners.
Print the post Back To Top
No. of Recommendations: 4
Highly unlikely. My scanner at work doesn't save anything, everything is sent to the attached computer. I don't think it even has a hard drive installed

It will depend on the model. If it's a smaller home consumer product, then there isn't likely to be a hard drive. Higher end office models often do have them. Many business level Printers, Copiers, and Multifunction Printer/Copier/Scanners manufactured since the early 2000's contain a hard drive, storing an electronic image of every document copied or scanned on that machine. Depending on the size, use, and other issues, scanned, printed, or copied information could be on the hard drive for quite some time.

There is this CBS story regarding the hard drive issue: http://www.youtube.com/watch?v=iC38D5am7go

At my office, we are required to remove and destroy hard drives from computers, printers, scanners, and copiers if they are going outside of our organization.
Print the post Back To Top
No. of Recommendations: 0
The file is deleted from the scanner, but most don't do a secure erase. Eventually other documents will over write the area. The problem is the deleted files that can be recovered from decommissed scanners.

There was an alert in the last few years about this. Apparently copiers made since 2002 typically have a drive or some sort of persistent memory.

http://business.ftc.gov/documents/bus43-copier-data-security...
http://www.pcmag.com/article2/0,2817,2363917,00.asp
http://www.cbsnews.com/video/watch/?id=6412572n
Print the post Back To Top
No. of Recommendations: 0
At my office, we are required to remove and destroy hard drives from computers, printers, scanners, and copiers if they are going outside of our organization.

I raised this issue with our HR department. They didn't know that the copier/printer/scanners we had in the office had a hard drive.

PSU
Print the post Back To Top
No. of Recommendations: 0
On E-mails: Address once, check E-mail addressees three or four times before hitting the send button.

I have been tripped up with Save and Send being adjacent menu items.

Checking the address is also necessary. I have received sensitive material because my first name matched the intended recipient.
Print the post Back To Top