UCLA: Come for the Degree, Stay for the Credit Fraud
On Nov. 21 UCLA discovered that an unauthorized person or persons had exploited a previously undetected software flaw and fraudulently accessed the school's database between October 2005 and November 2006. While UCLA cannot pinpoint exactly whose info was stolen, they know that "the hacker sought and retrieved some Social Security Numbers." Personal information for 800,000 people including current students, former students, faculty, staff, even some parents of students who had applied for financial aid has been compromised. I am one of them.
Nearly a decade ago I graduated from UCLA. Last week I received a letter from the school's Acting Chancellor, Norman Abrams, explaining that my name was in that database. The letter urges people to call one of the three major credit agencies -- EquiFax, Experian or TransUnion -- and place a fraud alert on their consumer credit file, which lets creditors know to watch for unusual or suspicious activity in any of your accounts. This is where things really get interesting. Or in credit industry parlance, profitable.
I call Equifax and enter the appropriate info. The automated voice cheerfully tells me that I have successfully placed a fraud alert on my credit information and will receive a letter in 7-10 business days confirming this and giving me instructions on how to obtain a free copy of my credit report. The automaton then begins rattling off a string of numbers that will serve as my confirmation code. Before I can write them all down it’s over and the voice is asking if I'd like to hear the message again. Yes, I think I would.
A moment later a living human being comes on the line and with cheerful readiness asks why I'm putting a fraud alert on my account. I explain that I am one of the 800,000 UCLA folks whose info might have been stolen.
"I'm sorry to hear that," she says. "But what we have made available to everyone affected by this is a special package of credit protection services at half-off the regular price."
Ah. There we have it. Like vultures on a carcass the credit card industry comes swooping in to pick your bones clean.
"Actually, I'm not interested in that," I tell her.
"So you DON'T want to protect your credit?" she asks incredulously.
Yeah, I do want to protect my credit. No, I don’t want to buy your special "credit protection plan." I don't want the extended warranty for that janky $40 DVD player or the Deluxe Super Special Car Wash either.
"No, thank you," I reply.
"Are you sure? Because…"
"I'm sure. All I really need is the confirmation code for the fraud alert that was placed on my credit file."
"I'm sorry. I can’t give that to you. We don’t give out credit information over the phone."
"Really?" Now it’s my turn to be incredulous. "Because it's my account. And I just placed the fraud alert on it. And I just got the confirmation number. And I did this all OVER THE PHONE. Moments ago."
"I'm sorry, we can’t do that. What we can do is send out a letter in 7-10 business days explaining how…"
Click. I feel much safer now. It’s great to know that when massive fraud occurs, the credit industry's number one priority is selling consumers junk they don't need.
But in all seriousness, if your info might have been compromised as a result of the UCLA database breach, you would do well to call one of these companies (they will supposedly forward your info to the other two), and place a fraud alert on your account. Then some time within the next 90 days, which is how long the fraud alert lasts, request a copy of your credit report (it's free!) and see how all those splurges at the Jack In The Box drive thru are putting you in the poor house.