Trust Your Gut and Take Action When Privacy Threats Appear

I was scammed, but you don't have to be ... if you do a few simple things not talked about much elsewhere.

I finally decided it was time to do something about my privacy online.

It's not like I haven't taken any action before; I've always been sensitive to disclosing personal information like my Social Security number, birth date, and other information unless there was a good reason. And I don't allow my driver's license to be scanned at stores or movie theatres to buy a beer. They don't NEED that information – obviously, I'm over 21 years old.

I've always felt that businesses and government entities collect too much information they don't need. Even my bank. I remember applying for a car loan years ago and not filling in the information about my income. When asked why, I told them I was very private, and they didn't need that because they had my banking records and access to my credit reports.

What Made Me Take Action

So recently, it hit me like a ton of bricks. Despite all my efforts over the years, big companies were selling my private information or even "giving it away" anyway.

It started in December 2023 when I was notified by a provider to Beaumont Health (now Corewell Health) that my personal medical information had been hacked. Then, just four months later, it happened again with a different Corewell provider. I never asked for or received any services from those two companies, nor were they the type of providers who provided services to people like me. There was no reason for Corewell to allow them to access my name, social, address, birth date, or medical records. I wrote about this in an earlier Substack article.

While this disclosure was going on, I received an official notice from the Internal Revenue Service (IRS) in April that my tax refund was being held unless I went through an "identity verification process." Never mind that the tax return this year showed precisely the same information and the bank account for the refund. Their letter wasn't very clear, and I ended up giving all my personal information and a biometric facial scan to a company called ID.me before I realized it was NOT the IRS but a private firm owned in part by foreign persons and country investment funds. I was shocked and concerned. I used to work in computer security and consider ALL systems full of holes – like Swiss cheese – and hackable. So now another company has my information. Writing to my U.S. Congresswoman was no help.

What Was the Lesson for Me?

That was it. I knew I had to take even more decisive action to protect myself and my family. So, I signed up for a series of privacy courses to help me lay out my plan and receive ongoing advice about the tools and technologies involved.

After just a few sessions, I learned what the iPhone, desktop Windows operating system, Google search engine, and Gmail email system providers do with users' data, and I was appalled. I immediately updated my privacy plan to begin moving off of those technologies.

A month later, on July 23^rd, the Social Security Administration released a notice saying, "Soon you will no longer be able to sign in to your online Social Security account using your username and password. To access Social Security online services, including my Social Security, you must create a Login.gov or ID.me account."

Then, in August, came the publicly disclosed hack of a digital identity company involving 2.9 Billion records, covering nearly everyone in the United States as well as persons around the world. Yes, your records were also stolen – guaranteed. Reports indicated that the names, addresses, Social Security numbers, dates of birth, passwords, and many other things for U.S., U.K., and Canadian citizens are now available for other hackers to purchase on the dark web for only $3.5 million. Imagine how many banking, investment, medical, and other accounts they can hack through either impersonation or online user credentials!

Next Steps

I'm creating a series of articles that I will publish here to document what I am doing to protect myself. I encourage everyone to consider doing similar things and share this information with friends and family.

You likely are totally exposed to cyber criminals, and there are many easy steps you can take to change that – if you want to.

Here are some of the topics I will cover:

·         Nothing to Hide: Why should I care about privacy?

·         Giving Away Privacy: What is ID.me, and what do they do with my personal info?

·         Privacy Apathy: The psychology behind our inaction.

·         Bet Your Breeches: What is done with the stolen information?

·         ID.me: Why you should not give them your information.

·         Protection 101: What information is most important to protect?

·         The Trade-Offs: Privacy vs. Convenience vs. Usability features.

·         Practical Steps: How can I reduce my digital footprint?

Do you have OTHER topics? Let me know below.