PUBLIC SAFETY: People who use eBay are being urged to change passwords and take other steps to guard against identity theft, following a cyber-attack on the site.
The attack, which eBay officials today said took place between late February and early March, was first detected earlier this month, acting state Attorney General John J. Hoffman said.
It compromised the security of certain non-financial data for 145 million active buyers — such as customer names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth, he said.
“Anyone who has been an eBay customer should take proactive steps to ensure that a cyber-attack or data breach does not lead to the far worse problem of identity theft,” Hoffman said.
“Changing your password is an important first step,” he said. “Additional measures such as obtaining your credit reports and keeping a close eye on your financial accounts will at least provide peace of mind – and may save you from becoming the victim of fraud.”
eBay officials said they took steps to shut down unauthorized access to the site, put additional security enhancements in place and is cooperating with law enforcement and security experts.
Although guest users don’t have passwords on file, they should be vigilant, as well, Hoffman said.
Various types of fraud, including phishing attacks, often follow cyber-attacks. Phishing and identity fraud schemes could occur via email, snail mail or phone call.
Specifically, criminals often reach out to potential victims, pretending to be representatives of a company that’s been attacked in order to ask for their personal information.
Consumers should never provide personal information in response to an email or letter, or over the phone, without first taking steps to independently verify that the request is legitimate, state authorities said.
If you are exposed to ID theft, the division urges you to:
File a complaint with the Federal Trade Commission at www.ftc.gov/complaint or 877-438-4338 . Your completed complaint is called an “FTC Affidavit.” You will want to bring a copy of the FTC Affidavit to your local police department; see Step 2.
File a report with your local police department , and bring the police a copy of your FTC Affidavit. Once your police report has been filed, request a copy so it will be available to send to credit reporting agencies and creditors.
Obtain a copy of your credit report from all three credit reporting agencies.
Contact them at:
Equifax Credit Information Services
Consumer Fraud Division
Fraud Victim Assistance Department
Tell these credit reporting agencies that you suspect you were exposed to identity theft , and ask that all of your accounts be flagged with a fraud alert.
Keep a close watch on the activity on your credit or debit cards . Many card issuers offer online account access. If you can, check the accounts daily. If you are unable to access this information online, call the numbers on the back of the affected cards.
Contact all credit card companies, creditors, banks, and any financial institutions with which you do business.
Close the affected credit card and bank accounts, and get replacement cards with new account numbers.
Change any passwords on the accounts, including PINs.
Follow up all telephone contact with a written confirmation.
Contact the United States Social Security Administration at:
Social Security Administration
Social Security Fraud Hotline
P.O. Box 17768
Baltimore, MD 21235
TTX: (866) 501-2101
Keep a complete set of records.
Keep a log with notes on all telephone conversations with credit reporting bureaus, creditors, or debt collection agencies.
Confirm all telephone conversations in writing.
Keep copies of all paper or electronic correspondence you send and receive related to the suspected identity theft.
Send correspondence by certified mail, return receipt requested.
Keep a record of the time spent and any expenses you incurred, in case it one day becomes possible to claim restitution in a judgment against the identity thief.
Click here to sign up for Daily Voice's free daily emails and news alerts.