Identity theft a growing concern for employees

As insurance professionals, there's both an obligation and an opportunity to help employees protect their identities.

Even 25 years after a data breach, someone could pose as you using what used to be a valid email address and start using your identity for illicit purposes. (Photo: Shutterstock)

Capital One. Equifax. Under Armour. Starwood/Marriott hotels. Facebook. Target. Anthem. J.P. Morgan Chase. Yahoo. Home Depot. Adobe. Sony PlayStation. U.S. Office of Personnel Management.

What do all these have in common? Simply, they represent some of the biggest data breaches of the 21st century. Most likely, there are others we don’t know about — yet. It has become evident that any and all of the data put onto the internet is vulnerable. This vulnerability can come from all quarters — scammers, governments, and even good old-fashioned recreational hackers have breached some of the most supposedly secure networks.

Let’s begin with the problem. It’s easy to check to see whether your personal data has been compromised. Equifax, for example, has a very efficient website that indicates the scope of the breach they suffered and allows individuals to file claims as appropriate. And yes, my wife and I were both on that list. But I’m sure we are also on similar lists from at least some of the other compromised vendors.

There’s an interesting website called ”Have I been Pwned?” It’s worth checking whether your email account has been compromised. For example, one of my addresses, which I have not used in over 25 years, still has active data on two breach sites. Another old email address I abandoned more than 15 years ago has also been compromised.

Part of the reason I’m going back more than 25 years is to illustrate why compromised data is such an issue; someone could pose as me using what used to be a valid email address and start using my identity for illicit purposes. So when a compromised entity offers temporary or short-term identity theft protection, even for several years, any time the coverage is dropped, there is a vulnerability.

What’s more, any password I used on any of those accounts can be cross-referenced to my identity, and internet-crawling bots can try those old passwords out on any site where there is an identity match to me.

Given all this, as insurance professionals, we have both an obligation and an opportunity to help employees. This is a significant part of making sure the programs we offer provide long-term financial wellness and security to employee customers.

Of course, since identity-theft protection is not a traditional employer-paid benefit, most of the time, it will be offered to employees on a voluntary basis. We need to understand what’s available in the marketplace and how various options can help. While it’s certainly not in the scope of this column to recommend a specific product, the following is a partial list of features to consider:

As more aspects of our lives are conducted online, the areas of exposure to identity theft and the fraud that goes along with it will continue to grow. Identity theft is now moving into the mainstream of risk areas for employees.

Marty Traynor is an Omaha-based consultant in the benefits field. Opinions expressed here are the author’s own. 

Related