Worried about a stolen SIN? Here’s what to do
Amy Husser, CTVNews.ca
Published Monday, April 14, 2014 7:39PM EDT
Concerns about the safety of an important piece of identification were stoked on Wednesday in the wake of a security scare that hit the Canada Revenue Agency last week.
The CRA announced Monday the Social Insurance Numbers of approximately 900 Canadian taxpayers were taken after its online service portal was hit by the Heartbleed bug.
The federal agency says those affected will receive a registered letter informing them of the breach, and will be provided with credit-protection services at no cost.
As Canadians await word on whether they were affected, the issue of potentially damaging identity theft has been thrust into the spotlight.
What’s a SIN?
Your Social Insurance Number (SIN) is a nine-digit number that allows you to work in Canada, as well as receive access to government programs and benefits.
But if it falls into the wrong hands, it can be used fraudulently, exposing you to possible identity theft.
“The SIN may be a key piece of information to open the door to your personal information,” the Office of the Privacy Commissioner of Canada says on its website.
“Your SIN can be used to steal your identity. Along with other personal information, someone may be able to use your SIN to apply for a credit card or open a bank account, rent vehicles, equipment, or accommodation in your name, leaving you responsible for the bills, charges, bad cheques, and taxes.”
According to the Canadian Anti-Fraud Centre, a total of 19,473 Canadians reported being victims of identity fraud in 2013, for more than $11 million in losses.
Regardless of whether your SIN has been compromised, here’s what you need to be aware of in order to keep your personal information safe:
Reduce your risk
Only provide your SIN to others when legally required to do so, such as to your employer, your financial institution or a relevant government agency. A complete list of government departments authorized to collect SINs can be found here. Never give it out over the phone or via email, and avoid carry your card in your wallet. Try to remember the nine-digit number instead, and store the card in a safe location such as a locked filing cabinet or a safety deposit box.
What to do if it’s been stolen
Contact Service Canada if you lose your SIN or suspect it is being used improperly. Also contact the department if you change your name, citizenship or on behalf of a loved one if he or she passes away. If a breach has already occurred, contact police and ask for a copy of the report. Then call your creditors (bank, credit card companies, etc.), cancel your cards and ask new ones to be issued. (Be sure to pick a new PIN.) Write down all the steps you’ve taken to address the possible fraud, logging who you’ve called and whom you’ve spoken with. The Canadian Anti-Fraud Centre is a great resource if you suspect your identity has been compromised in any way.
Monitor your mail
Watch your bank statements and credit card bills for any suspicious activity or purchases, and be aware of your billing cycles. Make sure you’re not missing any seemingly mundane invoices, and check for signs of tampering, such as open envelopes or broken mailbox locks. Redirecting mail may be one of the ways fraudsters will try to learn more about you and your identity.
Check your credit reports
Contact either of Canada’s two national credit bureaus -- TransUnion and Equifax – and ask for a free copy of your credit report. For a fee, both of these agencies will also regularly monitor your credit, alerting you to any attempts to set up a new account (such as a credit card) in your name. In general, the Privacy Commission suggests you access your credit report once a year to ensure its accuracy. Insurance for identity theft fraud is also available through TransUnion and Equifax, as well as via a number of insurance agencies.
Change your passwords
Do it often and make them difficult. While this has the No. 1 piece of advice coming out of the “Heartbleed” bug security scare -- and should be common practice is today’s hyperconnected age -- many of us are guilty of not doing it. When you make the switch, don’t choose your mother’s maiden name, your pet’s name, the name of your street or your favourite sports team. Avoid the obvious or anything that someone might be able to guess. Also consider using different passwords for different sites, so if one is comprised, the rest of your online “footprint” will still be safe.