So I get a letter in the mail last Monday, real bland looking envelope, looks like it might have come from my credit card company.
I open it up and it reads:
As we publicly reported last fall, Express Scripts, the company that administers (or previously administered) your prescription-drug benefit, received a letter in October 2008 from an unknown person or persons trying to extort money by threatening to expose millions of our member records. We immediately notified the FBI, and an investigation is ongoing.
I am contacting you because the FBI recently received additional information and as a result we learned that the unauthorized access to information included your name, social security number and date of birth and may also include prescription information. Although details regarding the situation are limited and we are unaware at this time of any actual misuse of your information, we believe it is important to notify you. We continue to investigate this matter and will further advise you if we become aware that your information has been misused.
My first thought was, “What in the flipping flip is Express Scripts???”, because prior to today, I had never heard of them. I did some googling and only found barebones info that indicated they were the third largest prescription benefit manager (PBM) in the US. Apparently my health insurance uses them (or used to at least), which would explain why I had gotten such a letter.
So I’m only now being told that crucially personal information about me had been STOLEN, 11 months later after the fact? Seriously?
I thought it had to be a scam, yet it turns out such a thing did apparently happen, since it had been reported by the NY Times (which explains why no one seems to know about it.) The letter also indicated that they set up a support site with more info and what I could do if I became a victim of identity theft, and that through them I would be able to use the services of a fraud prevention company called Knoll should I end up becoming a victim of identity fraud.
So basically I have to twiddle my thumbs and wait around to see if I eventually get butt boinked by the perpetrators who stole my ID. Great plan guys! First you scare me to death with this letter, and then tell me to adopt the wait and see approach, meanwhile somewhere out there some dude named Ivan Uvgunstoffgard is at this very moment placing a $50,000 order for a Mercedes using a newly minted gold card with my name on it. That’s just great.
Oh but wait, it gets better.
Because apparently, when the initial breach first occurred, only 75 names had been confirmed stolen, but recently it seems the number was much, much larger than that. A letter was also sent to New Hampshire AG indicating that almost 2000 people in that state alone have had their info stolen as well. I seriously doubt “millions” of records had been stolen, but this data breach was definitely bigger than earlier reported. They must have had some idea of the scope and who was at risk, so it would have been nice to have been apprised of this LAST YEAR when it happened, instead of waiting until it was actually confirmed that my info was included in the theft before notifying me.
Even though they did publicly report it, it seems they’re still trying to be low key about it all, so please allow me to help them out on this by SCREAMING AT THE TOP OF MY LUNGS TO ALL WHO CAN HEAR:
WARNING, WARNING, IF YOUR HEALTH INSURANCE/EMPLOYER USES EXPRESS SCRIPTS, YOUR PERSONAL INFORMATION MAY HAVE BEEN STOLEN
Sigh. On the upside, I had gotten my credit reports and scores from the three major credit agencies last July, months after the data breach, so if my info bad been misused during that time it would have showed up then. Still, I signed up for LifeLock as a precuationary measure (maybe I’ll send the bill Express Scripts too). After taking a harder look at what LifeLock had to offer, I’m surprised I didn’t sign up for it sooner, especially since I got a 20% discount and will only pay $8 a month for the year. 8 bucks a month for some peace of mind is a no-brainer, especially after getting a letter like this.
But just in case, I’m working on establishing a new alternative identity under the name Vincent Spankypants, a venture capitalist who owns various multi-million dollar properties around the US, including a favorite in Aspen, Colorado, where he can sometimes be found snuggling with a Ukranian blonde and roasting marshmellows by the fireplace. Totally believable identity if you ask me.
Subscribe to my posts or the kitten gets it:
RSS
Get Posts by Email
Twitter
Google+
Facebook
Flickr
YouTube
LinkedIn
Blip.fm
Vincent? Really!? You would pick Vincent for an alternative name? :O
On a more political note, doesn’t this just make you want some government file clerk with not only access to your medical info but your bank account through a national health care card? oi!
Have I told you how much I enjoy your smilies?
I never would have guessed that.
LifeLock isn’t worth the price. All you need to do is contact all 3 credit reporting agencies and have them freeze your credit. In most states, this is free. Freezing your credit does not allow any access to your credit report by anyone other than you. They verify it’s you with a PIN type security process.
It might be doable in my case because I don’t see myself applying for any new credit anytime soon since I’m debt free, only use one card, and don’t plan to get another one (unless it’s a sexy black card, where the mere thought of getting a 24 hour concierge service just makes me all tingly.)
I should probably wait until after I move, since I’m probably going to be subjected to several credit checks until I finally find a new place to live and a freeze is going to trip me up there.
But anyhoo, I like that Lifelock offers a bit more than that, including WalletLock, and that they proactively scour criminal sites to see if my info is being auctioned off somewhere.
Plus I’m basically lazy, can’t be bothered with all this credit gobbly gookey wooks, and would much rather avoid anything money related and play Nancy Drew mystery games instead.
BTW, in my state it isn’t free, $5 to freeze and unfreeze from each credit agency, so figure $30 for every time I need to get something going for my credit, and they don’t exactly make it convenient for me either. I think applying for a job with the CIA might be less trouble. The customer service is virtually nonexistent, and I suspect it’s intended that way to discourage more people from opting for credit freezes to protect themselves. It’s easy to do in theory, but because credit agencies frown on this practice it stands to reason that they will make your life difficult just for wanting to play it smart. God forbid you might have an emergency too and need credit right away.
In the end, I have to trust that God will protect me, and since He answered my prayer to lift me out of debt in record time, then I trust that He will protect my credit as well.
You can also place a fraud alert with the credit reporting agencies. That way if someone does apply for credit in your name they’ll be more likely to be carted off to county jail.
Fraud alerts are only good for 90 days, at which point you have to keep renewing it to keep it active. Even then it only tells the creditor to exercise due diligence in verifying my identity, and since they’re driven by the almighty dollar, they might disregard it depending on how badly they want my business.