Ask HN: How much should I worry about identity theft

[throwaway76312]

I have been very lucky to achieve financial independence two years ago. I retired early with $10 MM+ at 32. It had been my goal for several years, I hated my job, and I expected to become very happy.

It didn't turn out like that. I became really depressed and with professional help, I admitted that I might need a job. Probably part time as I am fairly lazy and hate working.

The problem is that all the type of work I am sort of interested in require some administrative work like a company setup or new bank accounts. I have declined all these things because I feel the risk of getting my identity stolen, and therefore my brokerage accounts emptied, is now the only thing I should rationally be concerned about. The extra money from the job would have a negligible effect on my lifestyle (I am actually fairly frugal, and don't really buy much).

I have become very careful about not sharing my passport with anyone, including financial institutions.

I realize that my care to not get my identity stolen is on the extreme, compared to the average. However, everything I read everywhere tells me that not even big institutions are safe, so how could I trust my local accountant, or local financial institution to not get my data stolen?

Also, anytime I get on a plane, I have to share my passport, which I fully trust is entered on a poorly secured database, probably running windows XP servers SP 1, or something similarly cutting edge.

So should I actually start sharing my personal data more widely? All official advice is basically to not share personal data with untrusted sources, but from my perspective there are no trusted sources in our current age. The FBI, the government are all getting hacked. No institution can protect itself against hacking. So I do not even know what to make of this. Does anyone in the great HN community have a proper understanding of the risks of sharing one's personal data, and could enlighten me?

[bitxbitxbitcoin]

You should worry about it but I think you are worrying too much.

Every time you share your personal data there is risk as you have described, but the long tail of risks can be mitigated by stuff like 2fa at your brokerage accounts, frozen credit score, etc.

No institution can protect itself from hacking -> your info is already out there all you need to do is harden your brokerage accounts.

[throwaway76312]

Yeah, I agree I probably worry about it too much. I use 2fa everywhere, but I always feel there are risks remaining...

[giantg2]

I think some institutions offer better security options than your standard 2FA. Stuff like requiring your account to authorize trades/withdrawals over the phone with a code word, using RSA token, etc. Not sure if $10M would meet the cutoff or not. Usually these are not advertised, but are something that you could ask your institution about.

Also, some institutions will guarantee your funds and make you whole as long as you didn't do anything wrong.

[Cicero22]

Chances are your information's already stored somewhere that you have no control of. Knowing that, it might be better to focus on mitigating the impact of identity theft rather than preventing it entirely. One way you could reduce the impact would be setting up many (10+) bank accounts and splitting the money between them. if someone stole your identity, how likely are they to be able to empty every one of your accounts before you notice and freeze them? another option would be to put your money in crypto, making sure you have custodianship of the wallet. Though, that adds the risk of crypto tanking in value.

[ailef]

You can always use a stable coin to avoid that risk (I mean, not even that is 100% risk-free but surely orders of magnitude less risky than alternatives).

[throwaway76312]

Yeah, I agree. I already do that. Maybe I should consider it good enough...

[agent008t]

It may be a good idea to ask this on /r/fatfire. There seem to be some actual people that may be in your situation on there that may give their perspective on this issue.

But overall it sounds like you should take reasonable precautions and then 'forget about it' and carry on with your life. At the moment, it seems like instead of the wealth giving you freedom and security, it is instead restricting you and filling you with stress and anxiety.

[throwaway76312]

Thanks. You are right, it restricts what I can do, which is counterproductive. I will look at fatfire, thanks!

[toast0]

If you're in the US, get your credit frozen at the three well known bureaux and ChexSystems. Contact your brokerage and ask about what extra protections are available to protect your account. If available, be aware that they're usually onerous and a pain to recover from if you lose the credentials. See if you can setup extra protection for your cell phone account, too.

The nice thing about the traditional financial system is that when things go wrong, there's usually a way to make things right, even if it takes time (which you seem to have). Read your statements (I like paper statements because they arrive and remind me to read them; others don't because they could be intercepted).

If you are setting up a company, then you would tend to give your clients the company tax id, and not your own, which might help ease concerns about identity theft?

[starwind]

I’ve had my identity stolen (twice!). The first time I got things untangled, the second time I headed it off. You’re not wrong to be paranoid, but billionaires have bank accounts and hand over their passports all the time. If you keep a low-enough profile and secure your info, you probably don’t have much to worry about. Roughly 1.5 million families in the US are worth more than $10m and they manage.

[throwaway76312]

That's exactly what I am thinking. Many people are very wealthy, and they seem to manage. More than that, many wealthy people also have very low tech skills. So I struggle to square my intuitive need for stringent security measures (and the desire to do all the things you listed in your subcomment), and the fact that I think it very likely that wealthy low tech-skilled people do not seem to be hacked all the time...

[starwind]

I initial wrote this as the same comment but you didn't ask how to secure your identity in your question so here's a bonus on how to mitigate your risk if you care:

Deal with a broker that will back you up. Here’s Schwab’s policy https://www.schwab.com/schwabsafe/security-guarantee. Talk to them about what security they have for high-net worth individuals. And don’t feel like you have to have just one broker. Do the same for your bank and credit card companies. They have additional security options if you request them.

You’re focused on your passport, but have you secured your medical records? Talk to you doctor about getting a flag put on those records so they need to call you before they send them somewhere—you don’t need someone getting those by faxing your doctor a form saying they’re a specialist. Medical records have information like birthdates and ssns that don’t change so they go for more money on the black market.

Use your credit card for everything. Handing over an AmEx doesn’t give someone info about what bank you use. If you fill up at the gas station, you don’t have to worry about a skimmer draining your bank account cause you can just dispute any fraudulent activity.

Secure your financial info. Unenroll in credit card offers, put fraud alerts on your 3 credit reports, your Chex report, your Innovis report, and your NCTUE report. Renew that fraud alert annually—put it on your calendar. Also freeze those reports. https://www.experian.com/blogs/ask-experian/how-do-i-stop-re...

Many states let your hide your voter registration info which is how websites like mylife get your name and address.

Don’t give out your ssn except to jobs and the government—really no one else needs it. Your passport is perfect to establish identity and citizenship. If you think your passport has been compromised, get a new one which will have a new number. If someone demands your ssn, really push back and make it clear you’re worried about identity theft and what else can you give them to establish your identity?

If you use gmail, enroll in advanced security protection and use some physical token like a yubikey https://landing.google.com/advancedprotection/ I probably don’t have to tell you to keep your devices up-to-date

You can get a pin for your cell phone account if you’re worried about a sim-swapping attack. Again, talk to your phone company. If you have to do phone 2fa, a burner phone could be good.

And finally, monitor. I get pings every time money comes out of my bank account, my 401k, my investment account. I get push notifications when someone hits my credit report (that’s how I stopped the second identity theft incident).

[zeepzeep]

> Does anyone in the great HN community have a proper understanding of the risks of sharing one's personal data, and could enlighten me?

All data will eventually be leaked I guess. Not trying to sound scary, I genuinely believe that most data anyone collects about anyone else will end up in the wrong hands (if it's not in the wrong hands to begin with).

[throwaway76312]

Yes, it's also my assessment...

[pogue]

The best defense is a good offense.

1) Use a service like JoinDeleteMe to have your name removed from public searchable databases. https://tinyurl.com/DeleteMePermanently That link will take 20% off your order.

2) Use a service like https://simpleoptout.com/ to opt-out of sites and services you personally use that DeleteMe doesn't cover.

3) Now that credit freezing is free, freeze all your credit reports. Brian Krebs has a good article on doing this: https://krebsonsecurity.com/2018/09/credit-freezes-are-free-...

4) Read JJ Luna's "How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life 3rd Edition" https://amzn.to/3qxkTWV He also has a website where you can register "ghost" addresses and LLCs that you can use to register your car title too and other financial assets to so they will be protected in case of a lawsuit or anything as they will not be able to identify you. https://www.jjluna.com/

5) Turn on 2FA for EVERYHING https://2fa.directory/

6) I created a list of anti-fingerprinting/security/privacy extensions I personally use: https://bitbin.it/ppcd0UpZ/

7) Get a VPN. I recommend https://tinyurl.com/WindScribe321 - they give you 10GB free a month, but it's only $4/mo if you pay for a year and you get access to unlimited devices, so you can have a VPN on your PC, phone, and any other devices you use. They have been vetted by Torrentfreak and keep no logs and do not give information to law enforcement: https://torrentfreak.com/best-vpn-anonymous-no-logging/#wind...

There's probably countless other things you could do, it just depends on how paranoid you are and how deep down the OpSec rabbit hole you want to go where it becomes an issue of convivence vs. constant security for everything you do.

Hope that helps.

pogue