U.S. Markets closed

Consumer Lessons from the Celebrity Hacking Scandal

Jill Krasny

Last week, a dozen high profile celebrities, government officials and politicians were victims of hackers who posted sensitive financial information online. The victims included Jay Z, Beyonce, Paris Hilton, Ashton Kutcher, Mel Gibson and Michelle Obama.

In the beginning, some news outlets dismissed the story as boring, saying there wasn’t anything particularly exciting about the terms of Kim Kardashian’s mortgage or Hillary Clinton’s old address. But the fact the information was acquired at all — and posted online — is disturbing, particularly the rise of identity theft this year.  As Credit.com’s Adam Levin wrote in a recent column, “It is no longer a question of if your identity will be stolen — the only unknown is when it will happen.” It’s important for consumers – even famous actors and politicians -to understand the implications of the crime.

Just the Beginning

Identity theft is the top complaint in America, as it’s been for the past 13 years. A recent Javelin report put the number of victims at 12.6 million. But in Levin’s mind that only begins to convey the extent of the problem.

“In most cases we have seen, when data is improperly accessed it is peddled through black market sites, if not used directly by the hacker, and even then oftentimes after the hacker (or his or her client) uses the data for their benefit, it is sold and resold,” says Levin, who is also the founder of Identity Theft 911.

Even worse, there’s no simple way to stop the spread of that information, especially once it hits the web, because it’s so hard to tell where it originated from. In the case of the celebrity hack, Russia Today traced the site to a domain originally reserved for the former Soviet Union, but the most they could tell from its code was that it’s hosted on CloudFlare, meaning the hackers were probably Russian.

“The issue here is that in most cases the origin of the crime is difficult to determine and the perpetrators are almost impossible to locate,” Levin said. “They can go after the website, but many of these websites are offshore and it is impossible to collaborate with the authorities, who could do something about it.”

Clearly, law enforcement in the U.S. could investigate the site to determine who did this, and then file charges if they had jurisdiction. But ultimately it’s up to celebrities to keep themselves protected now that there data is out there. According to Levin, the first place they’ll want to start is by vetting everyone who provides services to them, from publicists to trainers and assistants.

[Related Article: 12.6 Million Reasons Why Identity Theft Matters ]

“Part of the vetting process should include a security assessment of their advisers — making sure that all email and data is encrypted and that those who have anything to do with their PII and financial information have established a rigorous set of privacy and security protocols,” he said. “They need to be more guarded in their social networking activities and make sure that their personal computers and smartphones are sufficiently protected.”

Or as Robert Siciliano, an online security and identity theft expert with McAfee, put it: “Standard antivirus, anti-spyware, anti-phishing and a firewall are fundamental. Updating an operating system’s critical security patches and having a secure wireless connection is important as well.”

What to Do Once Your Info is Out There

For the time being, the stars would do well to put a freeze on their credit report, lest anyone start opening cards in their name and run up a tab. Also helpful, Levin says, is to “have a damage control program in place: Contact insurance agents, bank and credit union representatives and Human Resource departments where they work to see if there are programs available to help them through an identity theft disaster. Oftentimes it is free or available at a minimum charge due to their relationship with the institution.”

Finally, they should do everything under the sun to limit their exposure, from shredding sensitive documents to being wary of oversharing on social media. Adopting a “culture of monitoring,” as Levin calls it, is key, because if you aren’t self-monitoring your credit reports and bank accounts, there’s no telling what will slip through the cracks — and who will get a hold of that information.

“The same advice applies for non celebs as it applies to celebs,” said Siciliano. “Get a credit freeze, apply a fraud alert, consider investing in identity theft protection and lock down your network with the proper security software and hardware.”

More from Credit.com