[brerlapn]

You're definitely welcome. My folks have been through this recently, as well. Smart practices like using a password manager to segregate all accounts with different passwords can help to protect ourselves from poor security practices by other parties, like banks or vendors, and making sure they never link a bank account directly to a pay vendor rather than a credit or debit card (looking at you, Venmo). The main thing for the folks you're working with (aside from dipping that hard drive in bleach) is to protect access to their existing asset accounts and then keep a fraud alert on their credit. I think leaving those avenues of attack open is where the identity theft horror stories come from (or just basic overtrustfulness from people like the women in the BCC article below), so closing those off is a good idea even if you don't know there has specifically been a breach.

On a side note, the amusing part about having my identity stolen is that identity management at the enterprise level is what I do professionally, so I am well aware of the flaws in identity management that make id theft exploitable and now have a really good story to drag out when someone gives me pushback. Also, when the IRS guy was apologizing to me about all the inconvenience, I stopped him and said "don't apologize, I think this is hilarious. I have his refund check, he'll never get it, and I know he's trying to find out what happened because every time he pretends to be me and files an inquiry with you guys, the IRS response letter gets sent to my address since that's what's on the return. I'm probably the only person in America who laughs maniacally when I see a letter from the IRS in my mailbox."

For those who are so inclined, I found the approach the guy in this article took to be pretty intriguing, and have a to-do project of figuring out how to do this in a virtual machine:

http://www.computerworld.com/article/3030216/windows-pcs/fed...