Judge halts VA from publicizing data offer and what vets should do now

Lawyers claim accepting government offer could jeopardize vets’ claims

A federal judge temporarily has barred the government from publicizing its free credit monitoring offer to veterans whose personal data was stolen and wants to see if they might get a better federal offer.

Lawyers who have filed a class-action lawsuit on behalf of the 26.5 million veterans and active-duty troops affected contend that accepting the government’s offer could jeopardize their chance of winning more money in the privacy suit.

U.S. District Judge William Bertelsman in Kentucky scheduled a hearing this Friday to determine whether the Veterans Affairs Department should revise its offer. His order on the credit monitoring was issued late last Friday.

The suit seeks free monitoring and other credit protection for an indefinite period as well as $1,000 in damages for each personor up to $26.5 billion totalin what has become one of the nation’s largest information security breaches…

Last week, the department announced its plan to offer free monitoring for a year to millions of veterans and nearly all active-duty military troops whose names, birthdates and Social Security numbers were stolen May 3 from a VA data analyst’s home in suburban Maryland.

The department said it would send out letters to affected veterans and military personnel in early Augustafter it solicits bids from contractorson how to sign up for the free service. It also posted information on the government’s Web site.

But in court papers, lawyers for veterans said the VA’s deal was incomplete and misleading. The VA must make clear whether veterans who take the government deal will have to give up their rights in court to a potentially larger payout, lawyer Marc Mezibov wrote.

Last week, a Senate committee approved $160 million to pay for the credit monitoring for veterans. It is one of many expected payments as the government struggles with fallout from data breaches crossing at least six agencies.

The VA alone has spent more than $14 million so far to notify veterans by letter and set up a call center, and it is spending an additional $200,000 a day to maintain the call center.

Class-action suits filed by veterans alleging privacy violations are pending in Covington, Ky., and Washington, D.C.

What should vets do now?

1. Institute a Fraud alert on your credit.

Before anyone can get a new credit card or loan in your name (including you!), a lender will check your credit at one of the nation’s three credit bureaus. That gives you a chance to stop a thief.

You are entitled to place a fraud alert on your credit report, which will tell anyone who looks at it to be extra careful before handing out new credit cards to you (or your imposter).  It might be a bit of a hassle for you if you try to open an account in the near future, but the peace of mind may be worth it.  If you know you are going to make a major credit purchase soon, do that first, than place the fraud alert on your report.

On Monday, the Federal Trade Commission stopped short of recommending that vets implement fraud alerts, saying it might be overkill, given that investigators don’t believe the data thief actually planned to commit identity theft.  But details about the house burglary which led to this mess have been so vague that I don’t think consumers can make an honest judgment about their level of personal risk.  So better to be safe that sorry.

Detailed instructions on implementing a fraud alert are available from the FTC at its Web site.

But placing a fraud alert is easy. Just call the credit bureaus and ask for one. The system is automated you will need to give a computer your Social Security number.  One call should be sufficient. The agency you call is supposed to call the other two automatically. But I wouldn’t trust that. If you have the time, call all three agencies yourself.  And as a nice byproduct, each agency is supposed to send you your credit report for free once you place the alert. 

Their phone numbers are: Equifax: 1-800-525-6285; Experian: 1-888-EXPERIAN (397-3742); and TransUnion: 1-800-680-7289.

Know that fraud alerts expire in 90 days, however.  To extend the alert beyond that, you’ll have to ask in writing, and fill out a bit more paperwork. You’ll need a police report or some other documentation indicating you’ve been a victim of identity fraud. The FTC has more instructions on that, too, available here.

One major caveat: Fraud alerts don’t always work. Some lenders chose to ignore them and take the risk of fraud because they don’t want to slow down their credit-granting processes.  So it’s not a perfect solution.  That’s why your next step is:

2. Consider a credit freeze.
Next, consider freezing your credit. This locks down your credit file so no one can see it, and no one can grant credit in your name. Only after a detailed “thawing” process can a consumer open the credit file for credit granting purposes.

Unfortunately, only citizens in certain states are entitled to a credit freeze, and they can cost money. But it’s the only thing a consumer can do proactively to really prevent against identity theft.  Equifax offers a great state-by-state chart at a special Web site

Rules vary by state, so it’s hard to offer general advice. And consumer who sign up for a credit freeze should know they may have to say good-bye to impulse purchases. That may be a good thing, of course.

3. Check your monthly statements.
This is the one piece of advice that everyone is giving to vets affected by the data leak, and it’s not very useful.  An ID thief who happens upon a set of data like this VA data dates of birth, names, and Social Security nmbers is very unlikely to drain your bank account or run up charges on your credit card. It would take a lot of work to find that information and connect it to your Social Security number. 

Rather, this thief would set about creating new accounts instead.  He or she would just use the data to fill out credit card applications, get cell phones, or obtain other new credit.  So checking your existing monthly statements, while always a good idea, isn’t much help in this case. The only way to pick up that new account kind of fraud is by regularly checking your credit report.

4.   Regularly check your credit report.
Every American is entitled to one free copy of their credit report every year at AnnualCreditReport.com. That’s three peeks altogether, since you can get one copy each from all three bureaus. So one great strategy is to spread those three out every four months. Since the reports largely overlap, that’s a great way to see if there’s any new accounts on there that don’t belong.

Four months is still a little too infrequent if you think your personal information has been stolen.  But there are other ways to get a free credit report to augment this protection. Many state legislatures give their residents a separate right to see their credit report, and you can get another three free credit reports that way.  The procedure varies from state to state, but it usually involves a simple letter.  Now you’re up to 6 reports each year.

And if you file a fraud alert on your credit reports after this incident, you’ll get three free reports that way. Now you are up to nine.

Also, so many consumers have been victims of other data breaches that many have been given a free trial for credit monitoring services, which give consumers even more frequent looks at their credit.  By all means, consumers should take advantage of those offers. The three credit bureaus also sell this service direct to consumers for about $10 a month. I don’t believe consumers should have to pay to see their own reports, but if you are very concerned, it’s a good way to buy peace of mind.

As always, there is a caveat: Not every form of identity theft is revealed on credit reports. Social Security number-only ID theft, often utilized by illegal immigrants, will not show up on a credit report. Still, looking at the report is the single best way to discover ID theft and stop the bleeding. 

5. Don’t fall for it      
And finally, don’t pay for other unnecessary services like ID theft insurance or credit restoration.  No one should be profiting off of your lost data, and I’ve yet to find any pay ID theft prevention service or insurnace product that genuinely helps people.  Free help is always available at The Identity Theft Resource Center IDTHeftCEnter.org, a non-profit with a hotline staffed largely by volunteers.  Ask their advice before paying for any other service.