[vonklaus]

thank you for posting this.

i realized this earlier in the day, your comment only became visible to me in the last 10 mins pr so. i noticed replies ceased several hours ago and emailed HN support.

the link had been flagged by several users and was restored by dang a few minutes ago. i dont have infor but i assume it was the horrible title which i submitted after charring out on mobile 3 or 4 times, amd i didnt want to rewrite/lost the original post which has since been restrictured.

thanks again dang, and also i appreciate this write up as there wasn't much on HN about dealing with this. it ia clearly written up exatensively in the media but there is so much spam and incorrect info i looked here for better reaources and experiences like yours as there are technical, financial and privacy considerations and as any good security professional knows, missing even one thing can have huge consequences.

[brerlapn]

You're definitely welcome. My folks have been through this recently, as well. Smart practices like using a password manager to segregate all accounts with different passwords can help to protect ourselves from poor security practices by other parties, like banks or vendors, and making sure they never link a bank account directly to a pay vendor rather than a credit or debit card (looking at you, Venmo). The main thing for the folks you're working with (aside from dipping that hard drive in bleach) is to protect access to their existing asset accounts and then keep a fraud alert on their credit. I think leaving those avenues of attack open is where the identity theft horror stories come from (or just basic overtrustfulness from people like the women in the BCC article below), so closing those off is a good idea even if you don't know there has specifically been a breach.

On a side note, the amusing part about having my identity stolen is that identity management at the enterprise level is what I do professionally, so I am well aware of the flaws in identity management that make id theft exploitable and now have a really good story to drag out when someone gives me pushback. Also, when the IRS guy was apologizing to me about all the inconvenience, I stopped him and said "don't apologize, I think this is hilarious. I have his refund check, he'll never get it, and I know he's trying to find out what happened because every time he pretends to be me and files an inquiry with you guys, the IRS response letter gets sent to my address since that's what's on the return. I'm probably the only person in America who laughs maniacally when I see a letter from the IRS in my mailbox."

For those who are so inclined, I found the approach the guy in this article took to be pretty intriguing, and have a to-do project of figuring out how to do this in a virtual machine:

http://www.computerworld.com/article/3030216/windows-pcs/fed...