Submitted by losangelestimes t3_zg8u2g in IAmA

My name is Jessica Roy, and I'm an editor on the utility journalism team at the L.A. Times. In 2018, my wallet was stolen out of my purse at a bar. A few weeks later, I found out I was the victim of a ring of persistent serial identity thieves -- and that the banks, credit bureaus, and police weren't going to do anything to help me.

I write a personal finance newsletter for the L.A. Times. I use free credit monitoring. I have unique passwords and two-factor authentication on all my financial accounts. The only personally identifying piece of info in my wallet was my driver's license. I never would have thought that this could happen to me.

What I learned, first as a victim and then as a reporter writing about it, was that identity theft happens to millions of people every year and very little is being done to prevent it from happening. Every victim, like me, is on the hook to clean up after the thieves that stole our identities and the institutions that let them do it.

I wrote a front-page story about what happened when my financial identity was taken from me and how I fought back. I also wrote about how to minimize the chances of it happening to you and what to do if your identity is compromised. Finally, I proposed a series of solutions that would make it tougher for identity thieves to pull off this crime in the first place.





You must log in or register to comment.

millionbear t1_izfodq0 wrote

which was the single most frustrating bureaucratic entity you had to deal with during all this?


losangelestimes OP t1_izfswy0 wrote

The credit bureaus. They are private businesses, but you can't opt out of participating if you want a bank account in America. They maintain tons of information about you but they don't seem to care at all about protecting that information, or helping you when the information they have is bad.

When I was finalizing reporting on this story in September, I looked through my credit reports with all three bureaus. All three of them still had incorrect information about me, like the thieves' addresses. I filed disputes with all three of them, and each of their sites was broken in some way. As a consumer, it doesn't feel like they're accountable to anyone.


losangelestimes OP t1_izfxxnv wrote

Here's what happened when I tried to dispute that stuff in September:

-I submitted disputes to TransUnion and got an error message about a technical issue where I might not be notified after my dispute was resolved.

-I tried to submit disputes to Experian and got an error message that said identity theft disputes could not be processed online.

-I was able to submit my disputes to Equifax, and received a notice that the disputes had been resolved, but every time I tried to click the PDF with the results, I got an error message.


losangelestimes OP t1_izgo6qc wrote

I decided to check in on those disputes just now. Here's what happened:

-Equifax: worked fine, disputed information is gone (hurray!)

-Experian: The login screen resets every time I enter my info

-TransUnion: it says "view my report" but when I click that I get a blank screen

Again........ these companies track your every financial move, yet seem to have zero interest in maintaining their systems. Awesome. Love this for us, as a society


Tron_Lives t1_izhhl0p wrote

Try clearing your cookies, or logging in with a different browser (or incognito mode).


peoplearecool t1_izignsa wrote

Doesn’t work my man. They are dog shit built platforms. My friend went through what shes going through.


neoslicexxx t1_izk43h5 wrote

But did your friend clear their cookies on a different browser, on a different operating system, on a different computer, with a different isp, in a different country?

Might wanna try restarting.


shogunreaper t1_izgf4p8 wrote

I hate Equifax so much. Earlier this year I locked my credit and right afterwards I couldn't even log on to the account, I still can't to this day.


yashwinacanter t1_izfp5e2 wrote

absolutely wild that the FBI doesn’t track what is obviously a major kind of crime - why doesn’t the federal govt seem to care, and what could be done to incentivize more support there?


losangelestimes OP t1_izfv3py wrote

So, this story was about twice as long when I first filed it. For space reasons, and also to keep the narrative flowing, we had to cut a lot out.

I had originally written a lot more about my conversation with Shima Baughman, particularly her work on what she calls "the police myth": the belief that the law enforcement exists to control and solve crime. Statistically speaking, they do not. Certainly not for cyber crime, but also not really for traditional crime. Her work on clearance rates showed 97% of people who commit burglary are not held responsible for their crime by police.

I think identity theft and other cyber crimes are newer types of crime, and law enforcement - from the FBI down to local police - are more invested in violent and property crime. In my piece about potential solutions for identity theft, I wrote about how tracking cyber crime like those other types of crime would be a good start.

People need to make more noise about this. A lot of victims of identity theft and other cyber crimes - stalking and harassment, scams, revenge p*rn, etc - are ashamed. They blame themselves. Don't be. Reaching out to your representatives (over email, or even just tagging them on Twitter) and asking why the FBI doesn't track cyber crime is a good place to start.


jovahkaveeta t1_izh23ef wrote

What do the cops do with all of our tax money?


kingbane2 t1_izhwnhv wrote

protect property. but not poor people's property. they'll work on violent crimes too, but even then that sometimes depends.


jovahkaveeta t1_izhxt42 wrote

Why don't we just go the way of private security detail and forgo the illusion that cops serve anyone else?


kingbane2 t1_izi1oj2 wrote

you need the illusion that cops are there to help all of us, otherwise the masses might go anarchic, which isn't good for the rich.


secoccular t1_izg5qxw wrote

The FTC does track the and FBI has access to these numbers, when people take the time to report it.

They are basically in information-gathering mode, and won't open investigations into individual cases unless they involve other crimes like money laundering.


losangelestimes OP t1_izgavax wrote

Right, but that data doesn't go into NIBRS, which is what most police departments, institutions, and journalists refer to for crime reporting and demographics. You can look up violent and property crime rates through the FBI's crime data explorer, but you can't look up cyber crimes.


secoccular t1_izgiaui wrote

Thanks. That's too bad the cyber crime numbers aren't made available yet.


Aurvidlem t1_izgj9jf wrote

In these times, NIBRS seems to be a woefully unfortunate acronym.


TheEmeraldFire t1_izfp4dm wrote

What should I be doing now as a parent to help protect my child's identity from ever being stolen?


losangelestimes OP t1_izfxl7s wrote

Great question! If your child is under 16, you can ask the three major credit bureaus to place a freeze on their credit. (It's a lot of paperwork, which the credit bureaus love, apparently.) Make sure any documents with personal information, like their birth certificate and Social Security card, are stored safely in your home. Wipe phones and computers before trashing, selling or donating them.

And be thoughtful about the information you share about your child. Places LOVE asking me what my baby's Social Security number is. Does his pediatrician really need to know that? Does his daycare? I don't think so. I leave that field blank wherever possible.


CompetitionFit9472 t1_izfok3o wrote

Your bank seemed totally unhelpful. If your identity is stolen, is there a way to get your bank to do something that would help protect you?


losangelestimes OP t1_izftwo7 wrote

Yeah, the banks seem remarkably cavalier about all of this. To them, fraudulent accounts are a cost of doing business. They would rather write off 100 bad charges than possibly prevent one person from becoming their customer.

I think if you use smaller banks and/or credit unions, you are more likely to get good customer service. I have my checking and savings through a smaller bank, and they were great - the thieves were never able to access those accounts, even though they tried repeatedly. But the major banks involved (Bank of America, Wells Fargo and others) were wildly unhelpful.


YourPsychicFriend t1_izfuewe wrote

Say you report an ID theft via police report — as I recently had to — and the police never contact you. Were you ever assigned a detective, and did you find that you needed to badger them to look at your case? It’s been a month for me and I don’t know if the cops will be any help…


losangelestimes OP t1_izfw7z4 wrote

Oh, you absolutely have to follow up. I did. Multiple times. I called the station repeatedly and asked for the name of the detective assigned to my case, and I regularly left him voicemails and emailed him. He was not particularly helpful. The only reason I know who stole my identity is because they were caught doing other crimes.

Really, the benefit of reporting identity theft to the police is having that police report as evidence when debt collectors start calling you. It is statistically extremely unlikely that police will do much to help you.


polywha t1_izfqx1i wrote

What is the benefit of freezing your credit? Is there any downside?


losangelestimes OP t1_izftkgj wrote

The benefit is that no one can open a new line of credit using your identity. The downside is that if you want to do something like apply for a mortgage or a car loan, or get a store credit card somewhere, you have to un-freeze it. But you can download the apps for the credit bureaus and do that in seconds from your phone.

The credit bureaus don't want you to freeze your credit because they make money by making your information available to creditors. You are less valuable to them if your credit is frozen. To me, that is a good thing.

One interesting thing I learned while reporting this: Equifax, Experian and TransUnion are the major players, but there are more than 100 related bureaus that monitor your financial activity, including ones for checking accounts, payday loans, phone lines, utilities, etc. There is no way to completely "freeze" your financial identity with all of them at once. Frustrating!


Alwayssunnyinarizona t1_izfv2sv wrote

I didn't know they each had apps! It'll look into that next time I'm expecting to unfreeze my credit.


duckscrubber t1_izk4421 wrote

The benefit is that you can freeze and unfreeze your credit. The downsides are that the apps now take up space on your device, track you, and profit from your data.


losangelestimes OP t1_izkaac1 wrote

You do not need to download the apps to freeze or unfreeze your credit; it just makes it convenient if you think you'd need to do that on the go.

If you are concerned about entities tracking you and profiting from your data, I have very bad news about what the credit bureaus do.


Chicken_Water t1_izj1fab wrote

Don't they each charge a fee for freezing and unfreezing an account?


losangelestimes OP t1_izka5qz wrote

The credit bureaus used to charge for this, but they don't any more. It has to be free. They will try to upsell you on additional products that cost money, which you should say no to.


myellowsnow t1_izg1crq wrote

Identity theft is not a joke Jim! Millions of families suffer every year!

What's your favorite movie/tv quote?


losangelestimes OP t1_izg1sv8 wrote

Dwight is absolutely correct!!! (Fun fact: Rainn Wilson and I went to the same high school. Not at the same time.)

My favorite TV/movie quote - or at least the one I repeat the most often - is from The Simpsons movie, when Bart says, "this is the worst day of my life" and Homer says, "the worst day of your life so far."


Financial-Computer60 t1_izfownh wrote

Do you think the social security number system will go away/change at some point in the future?


losangelestimes OP t1_izfwqwp wrote

Yes, but only at the point that the entire system is worthless. Eventually, you'll probably be able to google Social Security numbers just like you can search for people's phone numbers and home addresses right now. If you think your SSN doesn't exist somewhere on the dark web (and, increasingly, with "light web" data brokers), you are wrong.

So yes, at some point, we will need to move beyond static data like SSNs and the tiny photo on your driver's license. I think we'll see more financial and government institutions adding the option for things like Face ID or fingerprints for identification. That tech isn't perfect either, but it's a lot better than a 9-digit number.


Rock_Strongo t1_izg1qbx wrote

With the amount of places you have to enter your full SS# and the amount of people it passes through basically everyone is compromised. Once it’s out there there’s nothing you can so about it but hope you aren’t randomly selected by a thief. Not like you can request a new one.


secoccular t1_izg61qn wrote

>Not like you can request a new one.

Are you certain about that? It's literally one of the reasons you can get a new number.


losangelestimes OP t1_izga4qc wrote

The bar is very, very high to get assigned a new Social Security number. Knowing yours is compromised from a data breach is not enough. Even being a victim of identity theft is not enough, unless you continue to experience issues after taking a number of steps to fight it.


turnoffthe8track t1_izgs7wq wrote

I mean, you can. You have to attempt to fix it and "continue to be disadvantaged" by having the old one, but it's a very important part of the system that you can, in fact, request a new one.


xDulmitx t1_izhdh8s wrote

You can also guess a lot of people's SS#. They follow a formula so by knowing where and when someone was born you can get pretty close.


secoccular t1_izg2xsx wrote

With so many transactions being done online, how would Face ID or fingerprints even work?


losangelestimes OP t1_izg9wb0 wrote

Well, you don't show your driver's license for online transactions, either. It's more about adding layers of identification for opening new accounts. For instance, when I was getting FMLA benefits earlier this year when I had a baby, I had to take a face scan video and send it in.

But, online transactions could be more secure. More cards could add two-factor authentication for online purchases. It's just a balance between convenience and protection, and right now most institutions lean toward convenience.


mata_dan t1_izikiqb wrote

A face or fingerprint are also static and can never be changed, ever - remember digitally they are still data being sent over whatever protocol. We also have "AI"s that can regenerate your face, in different poses and animated, and they are getting better constantly. That's worse than SSN.


losangelestimes OP t1_izkbhyp wrote

I disagree that facial identification is less secure than a string of nine digits, but I agree that we don't have a perfect method yet.


mata_dan t1_izlpwjo wrote

9 digits can be changed to 9 other digits. Not sure I want a face swap if my facial data is stolen xD


nerd4code t1_izl5zq9 wrote

Speaking as somebody with less fingers than he started out with, no, fingerprints aren’t static.


grizzlybeared t1_izfyz3c wrote

In your opinion, if my wallet goes missing like yours, what is the absolute first step I should make ASAP?


losangelestimes OP t1_izfzvzi wrote

Freeze your credit! I was really surprised at how easy it was to do that. It took me 15 minutes to set up accounts and freeze my credit with all three bureaus.

And, if possible, report your stolen wallet to the police. They probably aren't going to do anything about it, but having that report was vital when I was dealing with debt collectors and investigators. I basically had to mount a court case in defense of my innocence over and over again. The police report about the stolen wallet showed how it all had started.


show_me_your_beaver t1_izfpmgw wrote

How did you first realise and is there anything you could have done, in hindsight, to have stopped it happening?


losangelestimes OP t1_izfvt9d wrote

My wallet was stolen in late November. I first realized something was going on in mid-January, when I got a bunch of mail congratulating me on my new checking and savings accounts with Bank of America and Wells Fargo, and getting alerts from my free credit monitoring that there were new inquiries on my report.

In retrospect, I should have frozen my credit when my wallet was stolen. Really, I should have left it frozen all the time (and so should you, and everyone else reading this). But I had no idea what people could do with a wallet that only had my driver's license, a couple credit cards and some gift cards and a couple bucks in cash in it. I didn't realize how vulnerable I was, and that even though I'm financially conscientious and tech-savvy, anyone can be a victim with the way our systems exist now.

If I had frozen my credit before the thieves got their hands on my wallet, they probably would have had trouble opening those checking accounts. Because I used free credit monitoring and acted quickly once I realized what was going on, they weren't able to take out any credit cards in my name (though they sure tried! a lot!). They still would have been able to use my driver’s license to steal the car and various other crimes, because California does not flag licenses that have been reported stolen to banks or law enforcement. There was no single thing I personally could have done to stop everything they did.

*edit - typo


secoccular t1_izg68n0 wrote

Am I correct to assume you put fraud alerts on all your credit reports?


losangelestimes OP t1_izgkf1d wrote

Yes, I placed initial fraud alerts on all three back in 2019. Those last a year.


losangelestimes OP t1_izfypdg wrote

One thing I didn't mention in my original stories: Identity theft insurance. I got tons of emails and tweets asking me about it and whether I'd left it out intentionally. Honestly, I had never used LifeLock or anything like that, and I wasn't really sure what they did. So I decided to look into it.

I published a story today about whether ID theft protection is worth it. The tl;dr version: For me, yes. For you? Maybe.


eveningsand t1_izg4d9r wrote

Did you get a second SSN and CA DL#?

When I had my ID stolen in the 90s, that was the response from federal and state entities.


losangelestimes OP t1_izgkz8b wrote

I debated it, but ultimately decided against it for both. I was so overwhelmed with this stuff in early 2019 - I just couldn't add any more bureaucratic paperwork to my plate. I was (and am!) furious at how much work I was expected to do to clean up after someone else's mess, and going in person to appointments with the Social Security office and the DMV sounded like a new circle of Hell.

The bar is very, very high to get a new SSN. Even as a victim of identity theft, I'm not sure I would quality. Leaving my credit permanently frozen and locking down my identity in other ways is sufficient for me, for now.


eveningsand t1_izgpo5v wrote

Apparently it was pretty low earlier. I made an appointment , walked in, and walked out with a new social. Thinking back, that was surreal.


notFREEfood t1_izgt1y9 wrote

> The bar is very, very high to get a new SSN.

It needs to be easier, especially for how many people now have had theirs disclosed due to mishandled data. Once yours gets on the internet, there's nothing you can do to reverse that, and you have to live with the possibility that at any time, someone may decide to try to use your number, and freezing your credit is not a perfect solution.


BobGeneric t1_izgs5zh wrote

Hey, I heard you on what the hack podcast. Nice job documenting everything and fighting for your rights.

What was the most stubborn company to set you right, and why? Did it finally ended?

For the folks here, it's worth listening:


losangelestimes OP t1_izkb5xf wrote

Thanks for sharing that! I had a great time on that podcast.

The most stubborn company was probably the bail bond people. They really, really wanted me to come in person with printouts of all my reports before they'd believe I didn't write that bad check. I was determined not to lose any more time or money than I had to in order to fight this, so I refused to do that on principle.

Eventually, they sent a lawyer after me - I can't remember if it was their lawyer or a debt collection agency's lawyer - and I was able to work it out with them over email.


LikelyAtWork t1_izgua66 wrote

You said in another comment response that you had to leave a bunch of stuff out of your article for space reasons. Have you considered posting a much longer story with all the details someplace or writing a book about how to avoid or minimize your risk of identity theft and what to do if it happens?


kingbane2 t1_izhwh3d wrote

one of the reasons credit card scams took a massive nosedive is because laws were passed that made credit card companies liable for customers being scammed. that forced them to improve their security. there needs to be something similar done for banks and the credit rating agencies need to be taken to task as they have some of the worst security ever.

anyway my questions is, do you know of any laws being proposed to do this? are there even any politicians in america paying attention to this at all?


avoidtheworm t1_iziwfgd wrote

Why is America seemingly the only nation where this happens? What does every other country do to prevent this?


IAmAModBot t1_izftx9d wrote

For more AMAs on this topic, subscribe to r/IAmA_Journalist, and check out our other topic-specific AMA subreddits here.


kale4reals t1_izh4sct wrote

What are your thoughts on ESG scoring?


M2LA t1_izh27y2 wrote

sorry this happened to you

the single most important step to take is to freeze, not lock, all 3 credit bureaus. do it directly with experian, equifax and transunion. extra credit for using a fresh gmail account used only for this purpose and have mfa set on it.

do you make this step loud and clear with your readers?