Rikki Don’t Lose That Number, It’s the Only One You Own.

The Privacy Rights Clearinghouse Chronology of Data Breaches tracking tool tells us that at least 867,254,692 records were exposed through data breaches between 2005 and May 22, 2014. The Milken Institute says the number of compromised records was more than 1.1 billion between 2004-2012. The Identity Theft Resource Center reported 91,982,172 exposed records in 2013 alone. Regardless of who is right, the numbers are huge.

Everybody knows that identity thieves are going to steal your email addresses and passwords, but what they really want are the various sets of numbers that, when combined, enable increasingly sophisticated hackers to own you outright. And, they don’t need all your information to strike, but only enough plausible information to convince others that they are you. Here are eight of the primary numbers they are after:

1. Social Security Numbers

This is of course, the Holy Grail. And you should guard it with your life, because hey, that’s what is at risk here. When someone asks for your SSN, become Howard Hughes and insist that they give you a plausible reason why they need this information and then think hard about whether you really need to provide it. It is absolutely the skeleton key to your personal finances. Whenever you’re asked for your SSN, always consider whether the request is logical based upon the context of your relationship with them. If you can live without whatever it is they need it for, do so.

2. Bank Account Numbers

Did you know that a personal check is one of the least secure ways to pay for something and yet we process over 20 billion paper checks per year in this country alone? Why is it least secure? Your bank account number is printed right on your checks. Use a debit or credit card instead. You get rewards, buyer protection and less of your information will be out there. In fact, if you want to be close to bullet proof, get a re-loadable debit card and keep a small balance on it that you can load anytime, thus reducing your total exposure to only the amount available on the card when it is stolen.

3. Driver’s License and Passport Numbers

No one should have these but you and a small group of very specific people. The only guys who needs your DL is the cop who pulls you over and your auto insurance agent. These are right up there with your SSN and represent the major pieces of your identity puzzle. There is a large and thriving industry in fraudulent passports and drivers licenses and you don’t want your information to end up on someone else’s ID. You want a real nightmare? Try this sometime.

4. Health Insurance Account Numbers

Health insurance fraud is on the rise, and one of the biggest growth areas is identity-related health care crimes. This is a real bummer, because it can jeopardize your health and ultimately life — not just your credit or finances. Hackers’ medical information can be commingled with yours, precipitating blood type changes, and eliminating certain allergies to meds or presenting new ones. The results can be catastrophic when a course of treatment is prescribed based upon incorrect information in the file. Guard this data carefully.

5. Phone Numbers

You may be one of millions of people who list your phone number on a public-facing site. The only problem with that is that your phone number is one of the items that many companies use to confirm your identity – usually in the context of the number you are calling from. Hackers use caller ID spoofing to make your number appear when they call one of those companies pretending to be you.

6. PIN Codes

Card-skimming operations use a device to capture your debit card information while a camera records you as you type in your PIN code, making it very easy for a thief to replicate. Cover your hands and be paranoid, because it’s not just possible, but I would say probable that someone is actually watching you. If you use a debit or credit card for gas, use the pumps nearest the attendant.

7. Dates and ZIPs

Less is more. Birth, colleges, dates, employment, years at prior addresses or ZIP codes — these are all numbers that help hackers impersonate you and are probably numbers you want to keep as private as possible. Many people put this information on public websites, like personal blogs and social media sites. If you insist on this you may want to use inaccurate information – or, just don’t do it at all. Facebook is a treasure trove of personal information that can be cobbled together to form a solid partial identity picture for thieves.

8. IP Addresses

One popular scam is locking files on your computer and then demanding a ransom in exchange for returning your access privileges (done by using malware and a remote access tool). If you are the target of this scam, you will receive a message telling you that your IP address has been associated with online criminal activity. This is in the same class as the email you get from the friend of a friend who is stranded in Wales and just needs cab fare to the airport. Don’t bite. For $39 you can get malware and virus protection from people like McAfee, WebRoot, Kaspersky, Norton, etc. which you should have already done anyway

Data hygiene is critical to your personal information and it is all on you (I’m afraid). And these days, Data breach fatigue is the real enemy. Every new compromise and scam is potentially crucial news for you, since it may point to weak spots in your own security behavior and ways that your data hygiene might be putting you at risk. So, as depressing as it is you should keep reading articles about new threats to your personal data security, and read every single email alert that you receive – even the obviously fake emails and you should always verify directly with the source institution. Seems like a lot of work? It is.

But, if you are concerned about your protecting your identity the smartest thing you can do is to assume the worst. I can tell you to monitor your banking and credit card records and statements, read the damn explanation of benefits on your health care statements and constantly review your credit reports, but you probably won’t do it. It is a ton of work and tedious doesn’t begin to describe the process.

If you can’t, or don’t or won’t, then at least have a damage control program in place once you suspect that you have an identity theft issue. Contact your insurance agent, bank and credit union account rep, or the HR Department where you work to learn if there is a program to help you recover from an identity theft. You will probably find that that there is one and you are probably already enrolled for free as a perk of your relationship.

So, good luck and try to keep smiling, but this stuff ain’t going away. Write to me anyway at [email protected]