Your Vigilance Guarantees Safety

🔒

Your Vigilance Guarantees Safety 🔒

    • PHI stands for Protected Health Information

    • It includes: your medical records, prescriptions, lab results, insurance info, and anything tied to your name or identity in a healthcare context

    • PII stands for Personally Identifiable Information

    • It includes: your full name, date of birth, Social Security number, phone number, home address, email, driver’s license, bank account details, and any other data that can be used to identify you — either on its own or when combined with other details.

  • SPI stands for Sensitive Personal Information

    It includes: highly confidential data such as your Social Security number, passport number, biometric data (like fingerprints or facial recognition), financial account numbers, precise geolocation, racial or ethnic background, political opinions, sexual orientation, and other personal attributes that could cause harm, discrimination, or identity theft if exposed.

  • HIPAA specifically protects PHIProtected Health Information.
    However, PII and SPI are both involved within PHI, but they are not protected by HIPAA unless tied to health information.

    • PHI (Protected Health Information) Protected by HIPAA, but only when:

      • It's held by a Covered Entity (like a doctor, hospital, or insurer)

      • AND it includes health information plus any PII/SPI identifiers

      Example: Your diagnosis + your name, your lab result + your date of birth

  • HIPAA stands for the Health Insurance Portability and Accountability Act

    It’s a U.S. federal law that sets rules for how your Protected Health Information (PHI) can be stored, used, and shared by healthcare providers, insurers, and their business partners. HIPAA gives you rights over your health data, including the right to access it, request corrections, and know who it’s been shared with.

  • 2FA stands for Two-Factor Authentication

    It’s a security process that requires you to provide two forms of verification before you can access an account or system. Usually, this means entering your password (something you know) plus a code sent to your phone, email, or authentication app (something you have).

    Even if someone steals your password, they can’t get in without that second factor — making your accounts much harder to hack.

  • MFA stands for Multi-Factor Authentication

    It’s a security method that requires you to verify your identity using two or more different factors before gaining access to an account, device, or system. These factors usually come from three categories:

    1. Something you know (like a password or PIN)

    2. Something you have (like your phone or a hardware token)

    3. Something you are (like a fingerprint or face scan)

    MFA makes it much harder for attackers to break in — even if they have one piece of your information.

  • MFA is typically used when higher levels of security are required — especially in places where a breach could mean legal, financial, or life-threatening consequences.

    You’ll see MFA instead of 2FA when:

    • A system needs to verify multiple risk factors (like location + device + biometrics)

    • You're accessing sensitive government, healthcare, or financial systems

    • An organization follows a “zero trust” security model (never assumes a user is safe)

    • You're in an environment with compliance requirements (HIPAA, PCI-DSS, CJIS, etc.)

    • You’re using tools that support more than two layers (e.g., password + phone code + fingerprint or hardware key)

  • BEST PRACTICES before validating an email source:

    • do not click on links

    • do not open PDFs

    • do not open calendars

    • do not click on anything that looks bold, a different color and or underlined within the email

    How to Validate an email’s source:

    • hover your mouse over the email address to view its entirety.

    • Search the email address on google to see if its tied to an account

    • Utilize paid services such as ZeroBounce, Hunter.io Email Verifier, NeverBounce and EmailListVerify

    • Use MXToolbox (free with paid subscriptions) and Google Admin Toolbox(completely free) for DNS validation

    • Call Customer Service on the back of your cards or do a google search for their number

POP QUIZ - TEST YOUR KNOWLEDGE

    • support@medicare-gov.com

    • help@secure-medicare.org

    • account@healthcaregov.com

    • notifications@healthcare-update.gov.co

    • support@blue-crosss.com

    • service@bluecrossmail.org

    • claims@unitedhealthcareclaims.com

    • uhc-support@uhcgov.net

    • lab@labcorp-results.org

    • results@labcorps.com

    • notifications@medicare-gov.com

    • bluecross_support@bcbsclaims.com

    • uhc.service@uhc-healthplans.net

    • support@cigna-info.org

    • no-reply@medicare.gov

    • support@medicare.gov

    • notifications@healthcare.gov

    • marketplace@healthcare.gov

    • member.services@bcbs.com

    • support@blueshieldca.com

    • claims@bcbstx.com

    • noreply@uhc.com

    • customer.service@uhc.com

    • uhenrollment@uhc.com

    • member.services@aetna.com

    • support@aetna.com

    • info@cigna.com

    • noreply@cigna.com

    • noreply@lapcorp.com

    • results@lapcorp.com

    • info@va.gov

    • secure.message@va.gov

  • Option B are the ONLY correct emails. If you chose Option A. Let’s refresh with best practices.

    1. DO NOT CLICK OR OPEN ANYTHING WITHIN THE EMAIL

    2. hover over the email address to view its entirety

    3. Search the email address on google

    4. Utilize MXToolbox or Google Admin Toolbox

    5. CALL the appropriate customer service to verify emails origin. All Customer Service numbers are presented on the back of your cards or you can do a google search for their number

  • BEST PRACTICES:

    • do not click on links

    • do not open images or audio

    • do not open calendars

    • do not click on anything that looks bold, a different color and or underlined within the text

    How to Validate a texts authenticity:

    • Lookup if the short code (12345…26785) is registered to a real organization (if it’s a random 10-digit number, TREAT IT WITH EXTRA CAUTION unless expected)

    • Call Customer Service on the back of your cards or do a google search for their number and ask

POP QUIZ - TEST YOUR KNOWLEDGE

  • Text Message: “CVS Pharmacy: Your prescription is ready for pick up at [store address]. Reply HELP for assistance or STOP to unsubscribe.”

    Text Message: “Walgreens: Your prescription is ready for pickup. Reply REFILL to reorder or STOP to unsubscribe”

    Text Message: “LabCorp Lab Services: You have new lab results. Sign in to view at patient.labcorp.com. Reply HELP for help, STOP to out-out. Msg & data rates may apply”

    Text Message: “Quest Diagnostics: Your appointment is confirmed for [date and time]. Reply HELP for assistance or STOP to unsubscribe.”

    Text Message: “Johns Hopkins Bayview would like you to take a survey about your recent visit https://pgsms.co/g61g5g16515g25j Text STOP to stop HELP for help

    Text Message: “Citi Alert: Card Ending in xxxx was not present for a $x.xx transaction at [location] View at citi.com/citimobileapp

    Text Message: “Cardmember Service: Ending in xxxx was charged $x.xx at [name of entity] and the card was not present. Msg & Data Rates may apply. Reply STOP to cancel.

  • Text Message: “Medicare Alert: Your benefits may be suspended. Re-verify now at http://secure-medicare-help.org”

    Text Message: ”LabCorp: Your test results are available. Access them securely at http://labcorps.info/results”

    Text Message: “You’ve been approved for $1,200 COVID relief. Claim at govhelpusa.com — deadline 4PM!”

    Text Message: “UHC Notice: Your plan is pending deactivation. Login now: uhc-secureverify.net”

    Text Message: “CVS: Your Rx delivery has been delayed. Please confirm your identity here: secure-cvshelp.com”

  • Option A are the ONLY correct SMS texts. If you chose Option B. Let’s refresh with best practices.

    Best Practices EVEN if you’ve confirmed validity:

    • ALWAYS use another device to access your portals. Centralizing access to one or two locations is IDEAL

    • do not click on links

    • do not open images or audio

    • do not open calendars

    • do not click on anything that looks bold, a different color and or underlined within the text

    How to Validate a texts authenticity:

    • Lookup if the short code (12345…26785) is registered to a real organization (if it’s a random 10-digit number, TREAT IT WITH EXTRA CAUTION unless expected)

    • Call Customer Service on the back of your cards or do a google search for their number and ask

    Medicare DOES NOT typically send out SMS alerts directly, HOWEVER, authorized Medicare Advantage or Prescription Drug Plan providers WILL send out SMS alerts and ALWAYS offer an opt-out option and will provide company information if you reply HELP.

    Verify short codes through your provider’s Terms & Conditions like CVS

  • BEST PRACTICES:

    • DO NOT share you entire Social Security Number - legit organizations will never ask for the full number

    • DO NOT share banking login or card PIN - legit organizations will never ask that

    • DO NOT give out 2FA codes or passwords - legit organizations will never ask that

    • Call Customer Service on the back of your cards or do a google search for their number and ask

    • Caller ID can be spoofed - Let it go to voicemail. Verify the number through a google search, their website or a statement and reach out that way

    • ALWAYS be skeptical with vishing lines such as “your account has been compromised” or “you’ll be arrested if you don’t respond.” Both are commonly used. Stop! Access! Don’t be pressured! Hang up if so, and call back respectfully if you have verified the numbers origin

    • Utilize 3rd Party Call Blocking Apps That Integrate with Your Carrier

      1. Hiya: compatible with Verizon, AT&T and T-Mobile for a monthly or yearly subscription

      2. Robokiller: compatible with Verizon, AT&T and T-Mobile for a monthly or yearly subscription

POP QUIZ - TEST YOUR KNOWLEDGE

  • “Can you please confirm your date of birth and the last 4 digits of your insurance ID number?”

    “Can you verify the month and year of your birth and your ZIP code?”

    “Can you please confirm the last 4 digits of your Social Security Number and your ZIP code?”

    “Can you confirm your full name as it appears on your account?”

    “Please provide the last 4 digits of your Social Security Number.”

    “What is the ZIP code associated with your account?”

    “What are the last 4 digits of the debit or credit card you use with us?”

    “What was the amount of your last deposit or payment?”

    “Can you confirm your full name and date of birth?”

    “What is the last 4 digits of your insurance member ID?”

    “What is the mailing address on file for your account?”

    “Can you provide the name of your primary care physician (PCP)?”

    “Have you recently received care at one of our facilities? If so, which one?”

    “Can you confirm your date of birth and mailing ZIP code?”

    “Can you provide the reference number from the letter or notice we sent?”

    “What is the last 4 of your SSN for confirmation purposes?”

    “Can you confirm your employee ID or date of birth?”

    “What is the name of your direct supervisor or department?”

    “Can you verify the last 4 digits of your SSN?”

    “What is your official work email address?”

    “Can you confirm your account number or phone number on the account?”

    “What is your billing ZIP code?”

    “What payment method is associated with the account?”

    “Can you confirm the last payment amount or date?”

  • "This is the Social Security Administration. Your SSN has been suspended due to suspicious activity. We need to verify your number and date of birth to reactivate it."

    "There has been a breach on your identity file. Can you confirm your full name, address, and date of birth so we can secure your account?"

    "We’ve detected fraudulent activity tied to your SSN. Please confirm your SSN now, or you could face legal action."

    "This is your bank’s fraud department. We’ve noticed a $1,500 charge to your account in Texas. To reverse it, we need to verify your account number and the code we just texted you."

    "Your debit card has been compromised. Please stay on the line to reset your PIN."

    "You’ve won a government grant/lottery. All we need is your bank account and routing number to transfer the money."

    "We are detecting duplicate accounts. To protect you, we need you to move your money to a safe account under your name."

    "We’re calling from Medicare. Your benefits are about to expire, and we need to confirm your Medicare ID and SSN."

    "This is [Health Insurance Company]. We’ve noticed some irregularities and must verify your identity to prevent a policy suspension."

    "Due to a system update, we need to reconfirm your full medical insurance number to avoid service disruption."

    "This is the IRS. You owe back taxes and must verify your identity to resolve the case before arrest."

    "There is a federal warrant in your name. Please confirm your full identity to avoid legal action."

    "You have not responded to your jury duty summons. There is a fine unless you verify your information and pay immediately."

    "This is Amazon security. A $999 iPhone order was just placed on your account. Press 1 to cancel."

    "We’ve detected viruses on your computer. A Microsoft-certified technician needs access to resolve it."

    "You’ve been overcharged on your recent purchase. Please provide your credit card to process the refund."

  • Option A are the ONLY correct prompts when being asked sensitive information. If you chose Option B. Let’s refresh with best practices.

    Best Practices EVEN if you’ve confirmed validity:

    • DO NOT share you entire Social Security Number - legit organizations will never ask for the full number

    • DO NOT share banking login or card PIN - legit organizations will never ask that

    • DO NOT give out 2FA codes or passwords - legit organizations will never ask that

    • Call Customer Service on the back of your cards or do a google search for their number and ask

    • Caller ID can be spoofed - Let it go to voicemail. Verify the number through a google search, their website or a statement and reach out that way

    • ALWAYS be skeptical with vishing lines such as “your account has been compromised” or “you’ll be arrested if you don’t respond.” Both are commonly used. Stop! Access! Don’t be pressured! Hang up if so, and call back respectfully if you have verified the numbers origin

    • Utilize 3rd Party Call Blocking Apps That Integrate with Your Carrier

      1. Hiya: compatible with Verizon, AT&T and T-Mobile for a monthly or yearly subscription

      2. Robokiller: compatible with Verizon, AT&T and T-Mobile for a monthly or yearly subscription

  • Instagram, Facebook, LinkedIn, Twitter, Truth Social, WhatsApp, Telegram, Messenger

    BEST PRACTICES:

    1. Lock Down Your Privacy Settings

    Set your profile to private where possible.

    Limit who can send you friend/connection requests.

    Restrict who can see your:

    • Phone number

    • Email address

    • Friends list

    • Birthdate or employment info

    Regularly review and update these settings.

    2. Beware of Impersonation

    Red Flags:

    • A friend or family member "messages you from a new account" asking for help or money.

    • A company support account (e.g., from Twitter) messages you first.

    • Someone "you know" starts asking unusual or overly personal questions.

    Best Practice:

    • Always verify directly through another channel (e.g., call or text the real person).

    • Report impersonator accounts to the platform immediately.

    3. Don’t Click Suspicious Links or Attachments

    Especially in DMs that say things like:

    • “Is this you in this video?”

    • “I made this for you!”

    • “You won a prize!”

    Best Practice:

    • Hover or long-press to preview the URL.

    • Never click links that redirect through unknown domains or URL shorteners (e.g., bit.ly, ow.ly).

    4. Use Strong, Unique Passwords for Each Platform

    • Don’t reuse the same password across platforms.

    • Use a password manager (e.g., 1Password, Bitwarden, LastPass) to create and store strong, unique passwords.

    5. Enable Two-Factor Authentication (2FA) on All Accounts

    • Use app-based 2FA (e.g., Google Authenticator or Authy) rather than SMS when possible.

    • Turn on login alerts, so you’re notified if someone signs in from a new device.

    6. Stay Skeptical of “Too Good to Be True” Messages

    Common scams include:

    • Fake job offers (especially on LinkedIn).

    • Romance scams (often on Facebook or Instagram).

    • Crypto or investment scams (often via WhatsAppTelegram, or X).

    • Lottery wins, inheritance claims, or government grants.

    Best Practice:

    • Don’t trust anyone offering easy money or asking for payment in gift cards, crypto, or wire transfers.

    7. Don’t Overshare Personal Info

    Avoid posting:

    • Travel dates (“Out of office this week!”)

    • Your exact workplace or job title

    • Your full birthdate

    Scammers use this info to answer security questions or build synthetic identities.

    8. Report Suspicious Activity Immediately

    Use the platform’s built-in tools to:

    • Report fake profiles

    • Report scam content or phishing messages

    • Block users who harass or solicit you

    • On Facebook, for example: Go to the profile → tap three dots → “Find support or report profile”

    9. For Businesses or Public Figures:

    • Claim your official handle on all platforms to prevent impersonation.

    • Use verified checkmarks where possible.

    • Publish contact info or warning messages about known scams (e.g., “We will never DM you asking for payment”).

    10. Regularly Audit Your Social Media Accounts

    • Check which apps and websites are linked to your accounts (under settings).

    • Revoke access for anything unfamiliar or no longer used.

    • Review active sessions/devices logged into your account.

POP QUIZ - TEST YOUR KNOWLEDGE

  • “Your Facebook password was changed.”

    “A login was attempted from a new device.”

    “Your ad has been approved / disapproved.”

    “Your post goes against our Community Standards.”

    “New login detected.”

    “Your password was changed.”

    “Your ad was reviewed.”

    “Your account has been verified.”

    “Your number is now registered on a new device.”

    “Someone viewed your profile.”

    “You have a new connection request.”

    “A recruiter has sent you a message.”

    “Your account has a new login from a new device.”

    “Your account was locked due to suspicious activity.”

  • “Is this you in this video? 😂 [link]”

    “You’ve won a $500 gift card! Claim now.”

    “Hello dear, I saw your profile. I love you.”

    “Can you help me get back into my account?”

    “We’re hiring! $80/hr from home. DM me.”

    “URGENT: Your account will be deleted in 24 hours. Click here to secure it.”

    “You’ve been selected to win a FREE iPhone 15! Just complete this quick survey.”

    “We noticed unusual activity on your account. Please verify here.”

    “Can you send me your number real quick? I lost all my contacts.”

    “Hey, is this you in this embarrassing video? 😳 [link]”

    “Hello beautiful, I saw your profile and fell in love. Can we talk?”

    “I need your help urgently. Can you send me money on Cash App? I’ll pay you back.”

    “I made this art of you! Do you like it? 🎨 [link]”

    “We’re hiring part-time remote workers — $90/hour. Apply now!”

    “Click here to apply for your government relief grant. It’s easy and legit.”

    “We’re investigating a copyright complaint. Click here to respond before suspension.”

    “I just made $2,500 in 4 hours with this crypto trick! DM me for details.”

    “Your page has violated our terms and will be disabled. Click to appeal.”

    “You have a new login request from Russia. Was this you? [login link]”

    “I accidentally sent you a code. Can you tell me what it is?”

    “Get your free Target gift card — today only! 🎁 [link]”

    “Hey [Your Name], you should check this out. This is insane! [link]”

    “Join my trading group. I’ll teach you how to make $1,000 a day.”

  • Option A ONLY. If you chose Option B. Let’s refresh with best practices.

    BEST PRACTICES:

    1. Lock Down Your Privacy Settings

    Set your profile to private where possible.

    Limit who can send you friend/connection requests.

    Restrict who can see your:

    • Phone number

    • Email address

    • Friends list

    • Birthdate or employment info

    Regularly review and update these settings.

    2. Beware of Impersonation

    Red Flags:

    • A friend or family member "messages you from a new account" asking for help or money.

    • A company support account (e.g., from Twitter) messages you first.

    • Someone "you know" starts asking unusual or overly personal questions.

    Best Practice:

    • Always verify directly through another channel (e.g., call or text the real person).

    • Report impersonator accounts to the platform immediately.

    3. Don’t Click Suspicious Links or Attachments

    Especially in DMs that say things like:

    • “Is this you in this video?”

    • “I made this for you!”

    • “You won a prize!”

    Best Practice:

    • Hover or long-press to preview the URL.

    • Never click links that redirect through unknown domains or URL shorteners (e.g., bit.ly, ow.ly).

    4. Use Strong, Unique Passwords for Each Platform

    • Don’t reuse the same password across platforms.

    • Use a password manager (e.g., 1Password, Bitwarden, LastPass) to create and store strong, unique passwords.

    5. Enable Two-Factor Authentication (2FA) on All Accounts

    • Use app-based 2FA (e.g., Google Authenticator or Authy) rather than SMS when possible.

    • Turn on login alerts, so you’re notified if someone signs in from a new device.

    6. Stay Skeptical of “Too Good to Be True” Messages

    Common scams include:

    • Fake job offers (especially on LinkedIn).

    • Romance scams (often on Facebook or Instagram).

    • Crypto or investment scams (often via WhatsAppTelegram, or X).

    • Lottery wins, inheritance claims, or government grants.

    Best Practice:

    • Don’t trust anyone offering easy money or asking for payment in gift cards, crypto, or wire transfers.

    7. Don’t Overshare Personal Info

    Avoid posting:

    • Travel dates (“Out of office this week!”)

    • Your exact workplace or job title

    • Your full birthdate

    Scammers use this info to answer security questions or build synthetic identities.

    8. Report Suspicious Activity Immediately

    Use the platform’s built-in tools to:

    • Report fake profiles

    • Report scam content or phishing messages

    • Block users who harass or solicit you

    • On Facebook, for example: Go to the profile → tap three dots → “Find support or report profile”

    9. For Businesses or Public Figures:

    • Claim your official handle on all platforms to prevent impersonation.

    • Use verified checkmarks where possible.

    • Publish contact info or warning messages about known scams (e.g., “We will never DM you asking for payment”).

    10. Regularly Audit Your Social Media Accounts

    • Check which apps and websites are linked to your accounts (under settings).

    • Revoke access for anything unfamiliar or no longer used.

    • Review active sessions/devices logged into your account.

Only The Aware Remain Secure

🔒

Only The Aware Remain Secure 🔒

  • First, take a big breath and hold that in. Exhale through your nostrils. Now follow the steps below in order.

  • Call all THREE Credit Buraus

    1. Add a freeze to your credit

    2. request a fraud alert to be sent to the other 2 credit Buraus

    3. Request for your credit report to be mailed or electronically sent

    4. Create Profile

  • Go to your Banks and meet with your Branch Manager

    1. Lock your accounts

    2. Request for a payment authorization process - their terminology might be:

    • “callback procedure”

    • “out-of-band authentication”

    • “Manual Release Authorization”

    • “Positive Confirmation”

    3. Create new accounts

  • Change all your passwords that has your PHI, PII and SPI embedded into its data

  • Run a dark web scan on yourself by adding the extension to your emails. Most emails such as Gmail provide free dark web monitoring with more extensive SSL protocols for an additional monthly subscription

    Subscription based Dark Web Monitors:

    • Experian

    • Norton LifeLock

    • Kaduu 1k

    • Aura

    • IDShield

    • ZeroFox

    • IdentityForce

    • There are many more

  • Call Social Security as well as the Federal Trade Commission - a ticket will get created and shared to one another. All parties should be aware of what’s going on. Write down your reference number so you can use it for future check-in calls.

  • Call 911 about the incident for record. While their department and the state attorney may not oversee these cases, they will assist if there is an active crime or eminent danger

  • Compile all your evidence, records, photos, documents, claims and save them into a PDF as well as keeping it saved to your drive. You will want copies of everything. Keep everything together. If you haven’t finished changing all your passwords and setting up either 2FA or MFA, please do so now. You’re almost there.

    By now you should know if you’re identity has been comprised or stolen.

  • 1. Experian IdentityWorks
    Offers credit monitoring, dark web surveillance, and identity theft alerts, plus identity restoration assistance and insurance coverage.

    2. IdentityForce
    Provides comprehensive monitoring of credit, bank accounts, dark web, and public records, along with identity restoration services.

    3. Aura
    Offers real-time alerts for suspicious activity, credit monitoring, social media monitoring, and identity recovery support.

    4. Identity Guard
    Uses AI-powered risk detection to monitor credit, personal information, and financial accounts, plus restoration services.

    5. PrivacyGuard
    Focuses on credit monitoring, identity alerts, and risk mitigation with a simple interface and responsive support.

    6. Norton LifeLock
    Comprehensive identity theft protection service designed to monitor, alert, and help restore your identity if compromised. It actively scans your personal information across a wide range of sources to detect potential threats such as data breaches, identity fraud, and unauthorized use of your sensitive data.

  • 911 will meet you to entertain you but the State Attorney does not oversee these matters - The correct parties are the FBI - HOWEVER, the FBI WILL NOT utilize their resources for incidents not meeting their 100k threshold. So what do you do now?

    You could write a formal letter to the HHS(Human Health Services), OCR(Office for Civil Rights), the U.S. Attorney General in which I will provide in another section.

    First, take a big breath and hold that in. Exhale through your nostrils. Now follow the steps below in order.

  • Call all THREE Credit Buraus

    1. Add a freeze to your credit

    2. request a fraud alert to be sent to the other 2 credit Buraus

    3. Request for your credit report to be mailed or electronically sent

    4. Create Profile

  • Go to your Banks and meet with your Branch Manager

    1. Lock your accounts

    2. Request for a payment authorization process - their terminology might be:

    • “callback procedure”

    • “out-of-band authentication”

    • “Manual Release Authorization”

    • “Positive Confirmation”

    3. Create new accounts

  • Change all your passwords that has your PHI, PII and SPI embedded into its data

  • Run a dark web scan on yourself by adding the extension to your emails. Most emails such as Gmail provide free dark web monitoring with more extensive SSL protocols for an additional monthly subscription

    Subscription based Dark Web Monitors:

    • Experian

    • Norton LifeLock

    • Kaduu 1k

    • Aura

    • IDShield

    • ZeroFox

    • IdentityForce

    • There are many more

    1. Call the provider or facility where the fraud occurred.
      Ask to speak directly with their Privacy Officer or HIPAA Compliance Department.

      • Request a copy of your medical records and an audit trail of access to your information.

      • Ask for a case to be opened to investigate the suspicious activity.

      2. Contact your health insurance company.

      • Report the suspected fraud.

      • Provide details about the claims you are disputing.

      • Request that they open an internal case and connect you with their Privacy or Fraud Investigation Unit.

      • Request a full audit trail of access to your insurance records.

    Under the HIPAA Privacy Rule, healthcare providers and health plans are generally required to respond to your request for records within 30 calendar days.
    They may request a 30-day extension in writing, but they must provide a reason.

    If they fail to respond:

    • You can file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)

    • In certain cases, legal action may be pursued, especially if harm has resulted from the violation

  • Call Social Security as well as the Federal Trade Commission - a ticket will get created and shared to one another. All parties should be aware of what’s going on. Write down your reference number so you can use it for future check-in calls.

  • Pursue Legal Council through your States Bar Association

    google [your state] bar association. Each website will have a section for the public in which you can filter by county - Please note that this is referral based and not guaranteed.

  • Compile all your evidence, records, photos, documents, claims and save them into a PDF as well as keeping it saved to your drive. You will want copies of everything. Keep everything together. If you haven’t finished changing all your passwords and setting up either 2FA or MFA, please do so now. You’re almost there.

    By now you should know if you’re identity has been comprised or stolen.

Seek Legal Council Through Your State

Ex: Nonprofit Maryland Bar Association

  • Public Legal Resources

    1. American Samoaasbar.org🖱️

    2. Alabamaalabar.org🖱️

    3. Alaskaalaskabar.org🖱️

    4. Arizonaazbar.org🖱️

    5. Arkansas — PERMA CLOSED

    6. Californiacalbar.ca.gov🖱️

    7. Coloradocobar.org🖱️

    8. Connecticut — ctbar.org🖱️

    9. Delawaredsba.org🖱️

    10. District of Columbiadcbar.org🖱️

    11. Floridafloridabar.org🖱️

    12. Georgiagabar.org🖱️

    13. Guamguambar.org🖱️

    14. Hawaiihsba.org🖱️

    15. Idahoisb.idaho.gov🖱️

    16. Illinoisisba.org🖱️

    17. Indianainbar.org🖱️

    18. Iowaiowabar.org🖱️

    19. Kansasksbar.org🖱️

    20. Kentuckykybar.org🖱️

    21. Louisianalsba.org🖱️

    22. Mainemainebar.org🖱️

    23. Marylandmsba.org🖱️

    24. Massachusettsmassbar.org🖱️

    25. Michiganmichbar.org🖱️

    26. Minnesotamnbar.org🖱️

    27. Mississippimsbar.org🖱️

    28. Missourimobar.org🖱️

    29. Montanamontanabar.org🖱️

    30. Nebraskanebar.com🖱️

    31. Nevadanvbar.org🖱️

    32. New Hampshirenhbar.org🖱️

    33. New Jerseynjsba.com🖱️

    34. New Mexiconmbar.org🖱️

    35. New Yorknysba.org🖱️

    36. North Carolinancbar.org🖱️

    37. North Dakotasband.org🖱️

    38. Ohioohiobar.org🖱️

    39. Oklahomaokbar.org🖱️

    40. Oregonosbar.org🖱️

    41. Pennsylvaniapabar.org🖱️

    42. Puerto Rico capr.org🖱️

    43. Rhode Islandribar.com🖱️

    44. South Carolinascbar.org🖱️

    45. South Dakotastatebarofsouthdakota.com🖱️

    46. Tennesseetba.org🖱️

    47. Texastexasbar.com🖱️

    48. Utahutahbar.org🖱️

    49. Vermontvtbar.org🖱️

    50. Virginiavsb.org🖱️

    51. Washingtonwsba.org🖱️

    52. West Virginiawvbar.org🖱️

    53. Wisconsinwisbar.org🖱️

    54. Wyomingwyomingbar.org🖱️

    55. Virgin Islandsvibar.org🖱️

    • Albany NY – 200 McCarty Ave, Albany, NY 12209 • (518) 465‑7551

    • Albuquerque NM – 4200 Luecking Park Ave NE, Albuquerque, NM 87107 • (505) 889‑1300

    • Anchorage AK – 101 East 6th Ave, Anchorage, AK 99501 • (907) 276‑4441

    • Atlanta GA – 3000 Flowers Rd S, Atlanta, GA 30341 • (770) 216‑3000

    • Baltimore MD/DE – 2600 Lord Baltimore Dr, Baltimore, MD 21244 • (410) 265‑8080

    • Birmingham AL – 1000 18th St N, Birmingham, AL 35203 • (205) 326‑6166

    • Boston MA/ME/NH/RI – 201 Maple St, Chelsea, MA 02150 • (857) 386‑2000

    • Buffalo NY – One FBI Plaza, Buffalo, NY 14202 • (716) 856‑7800

    • Charlotte NC – 7915 Microsoft Way, Charlotte, NC 28273 • (704) 672‑6100

    • Chicago IL – 2111 W Roosevelt Rd, Chicago, IL 60608 • (312) 421‑6700

    • Cincinnati OH – 2012 Ronald Reagan Dr, Cincinnati, OH 45236 • (513) 421‑4310

    • Cleveland OH – 1501 Lakeside Ave, Cleveland, OH 44114 • (216) 522‑1400

    • Columbia SC – 222 Caughman Farm Ln, Lexington, SC 29072 • (803) 551‑4200

    • Dallas TX – One Justice Way, Dallas, TX 75220 • (972) 559‑5000

    • Denver CO/WY – 8000 E 36th Ave, Denver, CO 80238 • (303) 629‑7171

    • Detroit MI – 477 Michigan Ave, 26th Fl, Detroit, MI 48226 • (313) 965‑2323

    • El Paso TX – 660 S Mesa Hills Dr, El Paso, TX 79912 • (915) 832‑5000

    • Honolulu HI / Guam / CNMI / American Samoa – 91‑1300 Enterprise St, Kapolei, HI 96707 • (808) 566‑4300

    • Houston TX – 1 Justice Park Dr, Houston, TX 77092 • (713) 693‑5000

    • Indianapolis IN – 8825 Nelson B Klein Pkwy, Indianapolis, IN 46250 • (317) 595‑4000

    • Jackson MS – 1220 Echelon Pkwy, Jackson, MS 39213 • (601) 948‑5000

    • Jacksonville FL – 6061 Gate Pkwy, Jacksonville, FL 32256 • (904) 248‑7000

    • Kansas City MO / KS – 11180 NW Prairie View Rd, Kansas City, MO 64153 • (816) 512‑8200

    • Las Vegas NV – 1787 W Lake Mead Blvd, Las Vegas, NV 89106‑2135 • (702) 385‑1281

    • Little Rock AR – 24 Shackleford W Blvd, Little Rock, AR 72211 • (501) 221‑9100

    • Los Angeles CA – 11000 Wilshire Blvd, Suite 1700, Los Angeles, CA 90024 • (310) 477‑6565

    • Louisville KY – 12401 Sycamore Station Pl, Louisville, KY 40299‑6198 • (502) 263‑6000

    • Miami FL – 2030 SW 145th Ave, Miramar, FL 33027 • (754) 703‑2000

    • Milwaukee WI – 3600 S Lake Dr, St. Francis, WI 53235 • (414) 276‑4684

    • Minneapolis MN / ND / SD – 1501 Freeway Blvd, Brooklyn Center, MN 55430 • (763) 569‑8000

    • Mobile AL – 200 N Royal St, Mobile, AL 36602 • (251) 438‑3674

    • Nashville TN – 2868 Elm Hill Pike, Nashville, TN 37214 • (615) 232‑7500

    • New Haven CT – 600 State St, New Haven, CT 06511 • (203) 777‑6311

    • New Orleans LA – 2901 Leon C Simon Blvd, New Orleans, LA 70126 • (504) 816‑3000

    • New York NY – 26 Federal Plaza, 23rd Fl, New York, NY 10278‑0004 • (212) 384‑1000

    • Newark NJ – Claremont Tower, 11 Centre Pl, Newark, NJ 07102 • (973) 792‑3000

    • Norfolk VA – 509 Resource Row, Chesapeake, VA 23320 • (757) 455‑0100

    • Oklahoma City OK – 3301 W Memorial Rd, Oklahoma City, OK 73134‑7098 • (405) 290‑7770

    • Omaha NE / IA – 4411 S 121st Ct, Omaha, NE 68137‑2112 • (402) 493‑8688

    • Philadelphia PA / parts of NJ – William J. Green Jr. Bldg, 600 Arch St, 8th Fl, Philadelphia, PA 19106 • (215) 418‑4000

    • Phoenix AZ – 21711 N 7th St, Phoenix, AZ 85024 • (623) 466‑1999

    • Pittsburgh PA / WV – 3311 E Carson St, Pittsburgh, PA 15203 • (412) 432‑4000

    • Portland OR – 9109 NE Cascades Pkwy, Portland, OR 97220 • (503) 224‑4181

    • Richmond VA – 1970 E Parham Rd, Richmond, VA 23228 • (804) 261‑1044

    • Sacramento CA – 2001 Freedom Way, Roseville, CA 95678 • (916) 746‑7000

    • Salt Lake City UT / ID / MT – 5425 W Amelia Earhart Dr, Salt Lake City, UT 84116 • (801) 579‑1400

    • San Antonio TX – 5740 University Heights Blvd, San Antonio, TX 78249 • (210) 225‑6741

    • San Diego CA – 10385 Vista Sorrento Pkwy, San Diego, CA 92121 • (858) 320‑1800

    • San Francisco CA – 450 Golden Gate Ave, 13th Fl, San Francisco, CA 94102‑9523 • (415) 553‑7400

    • San Juan PR / USVI – 140 Carlos Chardon Ave, Hato Rey, PR 00918 • (787) 987‑6500

    • Seattle WA – 1110 3rd Ave, Seattle, WA 98101‑2904 • (206) 622‑0460

    • Springfield IL – 900 E Linton Ave, Springfield, IL 62703 • (217) 522‑9675

    • St. Louis MO – 2222 Market St, St. Louis, MO 63103 • (314) 589‑2500

    • Tampa FL – 5525 W Gray St, Tampa, FL 33609 • (813) 253‑1000

    • Washington DC – 601 4th St NW, Washington, DC 20535 • (202) 278‑2000

  • Department of Health and Human Services — Office of Inspector General (HHS-OIG)

    Director- JFK Jr.

    • Address: 330 Independence Avenue SW, Washington, DC 20201

    • Hotline: 1-800-HHS-TIPS (1-800-447-8477)

    • Email: hhsoig.hotline@oig.hhs.gov

    • Phone: (202) 619-1343

    • Website: oig.hhs.gov🖱️

    Department of Justice - Office of Inspector General (DOJ-OIG)

    Director- Michael E. Horowitz

    • Address: 950 Pennsylvania Avenue NW, Washington, DC 20530

    • Hotline: 1-800-869-4499

    • Email: oig.hotline@usdoj.gov

    • Phone: (202) 616-4541

    • Website: oig.justice.gov🖱️

    Social Security Administration - Office of Inspector General (SSA-OIG)

    Director- Hannibal “Mike” Ware

    • Address: 6401 Security Blvd, Baltimore, MD 21235

    • Hotline: 1-800-269-0271

    • Email: oighotline@ssa.gov

    • Phone: (410) 965-4620

    • Website: oig.ssa.gov🖱️

    MFCU(Medicaid Fraud Control Unit) Director Directory

    Alabama – Bruce Lieberman · Bruce.Lieberman@AlabamaAG.gov · (334) 353‑8793
    Alaska – James Fayette · james.fayette@alaska.gov · (907) 269‑6279
    Arizona – Steve Duplissis · steve.duplissis@azag.gov · (602) 542‑8426
    Arkansas – Lloyd Warford · Lloyd.Warford@ArkansasAG.gov · (501) 682‑1320
    California – Jennifer Euler · jennifer.euler@doj.ca.gov · (916) 621‑1858
    Colorado – Bob Booth · bob.booth@coag.gov · (720) 508‑6687
    Connecticut – Marjorie Sozanski · marjorie.sozanski@ct.gov · (860) 258‑5929
    Delaware – Stephen McDonald · Stephen.McDonald@delaware.gov · (302) 577‑8513
    District of Columbia – LaVan Griffith · lavan.griffith@dc.gov · (202) 727‑5065
    Florida – Kathleen Von Hoene · kathleen.vonhoene@myfloridalegal.com · (850) 414‑3868
    Georgia – Van Pearlberg · vpearlberg@law.ga.gov · (404) 458‑3831
    Hawaii – Landon Murata · landon.m.murata@hawaii.gov · (808) 586‑1076
    Idaho – Eric Lewis · eric.lewis@ag.idaho.gov · (208) 854‑8096
    Illinois – William Langheim · William.Langheim@illinois.gov · (217) 785‑3321
    Indiana – Matthew Whitmire · matthew.whitmire@atg.in.gov · (317) 915‑5303
    Iowa – Jeremy Ingrim · jeremy.ingrim@dia.iowa.gov · (515) 281‑7086
    Kansas – Jackie Williams · jackie.williams@ag.ks.gov · (785) 368‑8413
    Kentucky – Matthew Kleinert · matthewh.kleinert@ky.gov · (502) 696‑5474
    Louisiana – Jodi Edmonds LeJeune · lejeunej@ag.louisiana.gov · (225) 326‑6202
    Maine – William Savage · william.savage@maine.gov · (207) 626‑8804
    Maryland – Zak Shirley · zshirley@oag.state.md.us · (410) 576‑6864
    Massachusetts – Toby Unger · toby.unger@mass.gov · (617) 963‑2033
    Michigan – David Tanay · tanayd@michigan.gov · (517) 241‑6500
    Minnesota – Nicholas Wanka · nicholas.wanka@ag.state.mn.us · (651) 757‑1394
    Mississippi – Marlin Miller · marty.miller@ago.ms.gov · (601) 359‑4219
    Missouri – Arvids Petersons · Arvids.Petersons@ago.mo.gov · (573) 508‑7418
    Montana – Loren Mardis · lmardis@mt.gov · (406) 444‑6607
    Nebraska – Mark Collins · mark.collins@nebraska.gov · (402) 471‑3843
    Nevada – Andrew Schulke · aschulke@ag.nv.gov · (702) 486‑3218
    New Hampshire – Thomas Worboys · Thomas.Worboys@doj.nh.gov · (603) 271‑1181
    New Jersey – Al Garcia (Deputy) · GarciaA@njdcj.org · (609) 815‑2994
    New Mexico – Constance Tatham · ctatham@nmag.gov · (505) 850‑2453
    New York – Amy Held · amy.held@ag.ny.gov · (212) 417‑5250
    North Carolina – Eddie Kirby · fkirby@ncdoj.gov · (919) 881‑2328
    North Dakota – Marina Spahr · mspahr@nd.gov · (701) 328‑5532
    Ohio – Benjamin Karrasch · benjamin.karrasch@ohioattorneygeneral.gov · (614) 466‑0516
    Oklahoma – Charles Dickson · charles.dickson@oag.ok.gov · (405) 522‑2962
    Oregon – Sheen Wu · sheen.wu@doj.state.or.us · (971) 673‑1992
    Pennsylvania – Laurie Malone · lmalone@attorneygeneral.gov · (717) 783‑1481
    Puerto Rico – Luis Freire‑Borges · lfreire@justicia.pr.gov · (787) 721‑2900 ext 1568
    Rhode Island – James Dube · jdube@riag.ri.gov · (401) 274‑4400 ext 2410
    South Carolina – Stephanie Goddard · sgoddard@scag.gov · (803) 734‑3660
    South Dakota – Paul Cremer · Paul.Cremer@state.sd.us · (605) 773‑4102
    Tennessee – Mike Cox · Mike.Cox@tn.gov · (615) 744‑4316
    Texas – William Marlowe · william.marlowe@oag.texas.gov · (512) 371‑4724
    U.S. Virgin Islands – Julita de Leon · julita.deleon@doj.vi.gov · (340) 774‑5666 ext 10126
    Utah – Kaye Lynn Wootton · kwootton@agutah.gov · (801) 281‑1255
    Vermont – Elizabeth Anderson · Elizabeth.Anderson@vermont.gov · (802) 279‑8707
    Virginia – Randall Clouse · rclouse@oag.state.va.us · (804) 692‑0171
    Washington – Larissa Payne · Larissa.payne@atg.wa.gov · (360) 586‑8880
    West Virginia – John Blair · john.c.blair@wvago.gov · (304) 558‑5206
    Wisconsin – Matthew Moeser · moesermd@doj.state.wi.us · (608) 267‑2222
    Wyoming – Travis Kirchhefer · travis.kirchhefer@wyo.gov · (307) 777‑6858

Don’t Forget!

  • Social Security Administration - Office of Inspector General (SSA-OIG)

    Director- Hannibal “Mike” Ware

    • Address: 6401 Security Blvd, Baltimore, MD 21235

    • Hotline: 1-800-269-0271

    • Email: oighotline@ssa.gov

    • Phone: (410) 965-4620

    • Website:oig.ssa.gov🖱️

    The 10 SSA Regional Office Contacts

    1. Boston Region covering CT, MA, ME, NH, RI, VT — John F. Kennedy Federal Building, Boston, MA 02203‑1900

      Phone: (617) 565‑2881

      Fax: 833‑914‑1971

      Director: LaShonda Downing

      Email: bos.rcd@ssa.gov

    2. New York Region covering NY, NJ, PR, USVI — 26 Federal Plaza, Room 40‑100, New York, NY 10278

      Phone: (212) 264‑2500

      Fax: 833‑914‑1786

      Director: Everett Lo

      Email: ny.rpa@ssa.gov

    3. Philadelphia Region covering DE, MD, PA, VA, WV, DC — P.O. Box 8788, Philadelphia, PA 19101

      Phone: (215) 597‑3747

      Fax: 833‑914‑2038

      Director: Shawn Fordham

      Email: phi.rpa@ssa.gov

    4. Atlanta Region covering AL, FL, GA, KY, MS, NC, SC, TN — 101 Marietta Tower, Suite 1904, Atlanta, GA 30323

      Phone: (404) 562‑5500

      Fax: 833‑928‑2398

      Director: Patti Patterson

      email:atl.orc.rpa@ssa.gov

    5. Chicago Region covering IL, IN, MI, MN, OH, WI — 105 W. Adams St, 10th Floor, Chicago, IL 60603

      Phone: (312) 575‑4000

      Mid-West/West Phone: (303) 844‑1888)

      Fax: 833‑719‑0630

      Director: Shayla Hagburg

      Email: MWW.RPAO@ssa.gov

    6. Dallas Region covering AR, LA, NM, OK, TX — 1301 Young Street, Suite 550, Dallas, TX 75202

      Phone: (214) 767‑4207

      Fax: 833‑914‑1778

      Email: da.rpa@ssa.gov

    7. Kansas City Region IA, KS, MO, NE — Federal Office Building, 601 E 12th St, Room 436, Kansas City, MO 64106

      Phone: (303) 844‑1888

      Fax: 833‑719‑0630

    8. Denver Region covering CO, MT, ND, SD, UT, WY — 1961 Stout Street, Federal Office Building, Denver, CO 80294

      Phone: (303) 844‑1888

      Fax: 833‑719‑0630

    9. San Francisco Region covering AZ, CA, HI, NV, AS, GU, CNMI — 75 Hawthorne St, San Francisco, CA 94105

      Phone: (510) 970‑8430

      Fax: 833‑914‑1810

      Email: sf.rpa@ssa.gov

    10. Seattle Region covering AK, ID, OR, WA — 2201 6th Avenue, M/S RX‑50, Seattle, WA 98121

      Phone: (206) 615‑2490

      Fax: Same as communications line (833) 719‑0630

  • FTC Headquarters (HQ)

    • Address: 600 Pennsylvania Ave NW, Washington, DC 20580

    • Main Phone: 1( 202) 326‑2222 toll‑free 1 (877) 382‑4357)

    • TTY: 1 (866) 653‑4261

    • Office of Public Affairs (Press Inquiries):
      202‑326‑2180 | opa@ftc.govftc.gov

      • Director: Joe Simonson

      • Deputy Directors: Christopher Bissex (202‑326‑2446), Juliana Gruenwald Henderson (202‑326‑2924), Nicole Drayton (202‑326‑2565), Victoria Graham (415‑848‑5121), Mitchell J. Katz (202‑326‑2161)

    FTC Regional Offices

    East Central RegionAddress: Suite 200, 111 Superior Ave., Cleveland, OH 44114 Covering DE, DC, MD, MI, OH, PA, VA, WV

    Director: Jon Miller Steiger

    1‑877‑FTC‑HELP (382‑4357)

    Midwest Region Address: Suite 1860, 55 E Monroe St., Chicago, IL 60603 Covering IL, IN, IA, KS, MN, MO, NE, ND, SD, WI

    Director: Jason Adler

    1‑877‑FTC‑HELP (382‑4357)

    Northeast Region Address: Suite 318, One Bowling Green, New York, NY 10004 Covering CT, ME, MA, NH, NJ, NY, PR, RI, VT, USVI

    Director: Jonathan Platt

    1‑877‑FTC‑HELP (382‑4357)

    Northwest Region Address: Suite 2896, 915 Second Ave., Seattle, WA 98174 Covering AK, ID, MT, OR, WA, WY

    Director: Charles A. Harwood

    1‑877‑FTC‑HELP (382‑4357)

    Southeast Region Address: Suite 1500, 225 Peachtree St. NE, Atlanta, GA 30303 Covering AL, FL, GA, KY, MS, NC, SC, TN

    Director: Anna Burns

    1‑877‑FTC‑HELP (382‑4357)

    Southwest Region Address: Suite 2150, 1999 Bryan St., Dallas, TX 75201 Covering AR, LA, NM, OK, TX

    Director: Matthew Wernz

    1‑877‑FTC‑HELP (382‑4357)

    Western Region – Los Angeles Address: Suite 700, 10877 Wilshire Blvd., Los Angeles, CA 90024 Covering Southern CA, Southern NV, AZ, HI, GU, AS, CNMI

    Director: Maricela Segura

    1‑877‑FTC‑HELP (382‑4357)

    Western Region – San Francisco Address: Suite 570, 901 Market St., San Francisco, CA 94103 Covering Northern CA, Northern NV, CO, UT

    Director: Thomas N. Dahdouh

    1‑877‑FTC‑HELP (382‑4357)

The 3 MAIN Credit Bureaus

Please view the Terms & Services as well the Privacy Policy Below↓

  • 1(888) 397-3742

    1. You accept simply by visiting.
    Just opening an Experian website (even without creating an account) binds you to its Terms. The company treats “viewing and using” any Experian page as agreement. If you keep browsing, you’ve opted in.

    2. You must give accurate info and guard your login.
    When you sign up for credit monitoring, Boost, IdentityWorks, etc., you promise your data are correct and you’ll keep your password private. If someone misuses your account, Experian says that’s on you.

    3. Most disputes go to binding arbitration.
    By accepting the Terms you waive the right to sue in regular court (class actions included) and instead resolve problems through individual arbitration or, in limited cases, small‑claims court.

    4. Limited guarantees and lots of disclaimers.
    Experian does not promise its data are always accurate or up‑to‑date and disclaims liability for indirect losses (e.g., lost wages, “consequential” damages). Some consumer‑protection rights may still apply depending on your state.

    5. They can change or end the service at any time.
    Experian may update prices, features, or shut down products without notice. If you keep using the service after changes post, that counts as accepting the new rules.

    6. Extra features add extra rules.
    Tools like Boost, bill‑negotiation, or identity‑insurance riders come with their own mini‑contracts. Read those add‑ons separately so you know the limits and fees.

    7. Privacy & data use.
    Experian collects personal, device, and browsing data; it shares some of it with affiliates, service providers, and—if you opt in—marketing partners. Opt‑out choices exist but are time‑limited and feature‑dependent.

    Bottom‑line Takeaways

    • Visiting alone = agreement. You don’t have to click “I accept” to be bound.

    • Arbitration only. Suing in regular court is mostly off the table.

    • They can change terms anytime. Keep an eye on updates.

    • No absolute accuracy guarantee. Always double‑check your reports.

    www.experian.com🖱️

  • 1(866) 349-5191

    1.You agree simply by browsing. Even visiting Equifax’s website or services means you’re agreeing to their Terms of Use—no need to click “I accept” to be bound legally.

    2. You must provide accurate info and secure your account. When signing up for credit monitoring, freezes, or alerts, you're required to give truthful personal data and keep your credentials safe. If your account is compromised, you're responsible.

    3. Binding arbitration is mandatory. Equifax forces disputes into binding individual arbitration (not court) and blocks class-action lawsuits. You usually must waive courtroom resolution unless you opt out within 30 days.

    4.No promises on accuracy or unlimited liability. Equifax doesn’t guarantee its credit data will always be correct. They disclaim responsibility for indirect or consequential damages, like lost income or emotional distress.

    5. They can change or end services anytime. Equifax may update, remove, or terminate features and your access at any time. Continuing to use services after changes shows you accept the new terms.

    6. Extra services mean extra rules. Features such as credit freezes, identity theft insurance, or employment verification tools have their own additional terms and limits—check those separately.

    7.Arbitration opt-out window. You can opt out of mandatory arbitration, but only within 30 days of agreeing. You must mail a written notice (with your name, address, Equifax User ID) to their specified address in Atlanta.

    Bottom‑Line Takeaways

    • Browsing = agreement — no clicks needed.

    • Your data, your risk — keep it accurate and secure.

    • Legal rights limited — disputes go to arbitration unless you opt out quickly.

    • No guaranteed accuracy or full liability — Equifax limits its responsibility.

    • Rules can change anytime — staying means you agree to updates.

    • Extra services = extra fine print.

    www.equifax.com🖱️

  • 1(800) 916-8800

    1. You agree just by visiting. Visiting TransUnion’s website or using its services means you’re legally agreeing to their Terms of Use. No need to click “I accept.” Continuous use binds you to updates.

    2. Provide accurate info & secure your account. When registering for credit reports, monitoring, or alerts, you promise your data is correct and you're responsible for safeguarding your login credentials. If your account gets compromised, that’s on you.

    3. Arbitration is the default dispute route. Disputes with TransUnion must be resolved through individual arbitration (not court), unless you opt out promptly. Any class-action claims are waived by default.

    4. No guarantees & limited liability. TransUnion doesn’t guarantee data accuracy. They aren’t liable for indirect damages like lost income. They're only potentially legally responsible where state laws require.

    5. Terms can change at any time. TransUnion may revise or remove features or update the Terms without notice. Continued use after changes counts as agreement to the new rules.

    6. Extra products have extra rules. Products like credit freezes, identity theft assistance, or rental screening tools carry additional terms—review these carefully, as each may have unique conditions.

    7. Privacy & opt-outs. You can manage how TransUnion handles your data—such as opting out from prescreened offers or targeted marketing—via their Consumer Privacy Rights portal or phone.

    Bottom-Line Takeaways

    • Just visiting = you're agreeing

    • You're responsible for your info and login

    • Must go to arbitration if you disagree, unless you act fast

    • Accuracy not guaranteed; liability limited

    • Changes can happen anytime—stay aware

    • Every feature may carry its own rules

    • Privacy controls exist—but only if you use them

    www.TransUnion.com🖱️

Other Credit Bureaus

Please view the Terms & Services as well the Privacy Policy Below↓

  • 1. Browsing = Agreement. Simply visiting Credit Karma’s site (now part of Intuit) and using features—like credit scores, monitoring, or calculators—means you’re agreeing to their Terms of Use. No “I accept” button needed. Continued use equals consent.

    2. Accurate Info & Account Security. You agree to provide honest personal details (name, birthdate, SSN, etc.) and keep your login data private. If someone misuses your account because you were careless, that’s on you.

    3. Binding Arbitration & No Class Actions. Credit Karma enforces individual arbitration for disputes—meaning you give up the right to sue them in court or join a class action. You cannot opt out later (except within a short window for cookie laws but not arbitration).

    4. Limited Liability — No Guarantees. They don’t promise perfect accuracy or completeness of info. Credit Karma disclaims liability for indirect damages like lost income, even if their site provided the data.

    5. Service Modifications & Termination. Credit Karma can remove tools, change features, or shut down services at any time. Continuing to use it after changes means you accept the updates.

    6. Special Features, Special Rules. Products like Credit Karma Money Spend, loan offers, or tax filing tools may have separate terms, fees, or limits. These often include their own arbitration clauses. Review them before opting in.

    7. Privacy & Data Sharing

    • Credibly does not sell your information to unrelated advertisers.

    • Does share data with Intuit, service providers, and partners to improve services.

    • You can control data-sharing settings—like disabling Intuit access—in account preferences.

    Bottom‑Line Takeaway

    • Viewing the site= You’re agreeing to the Terms

    • Account info= You’re liable for its security

    • Disputes= Go to arbitration—no lawsuits

    • Accuracy= Info may not be perfect

    • Service changes= They can change or stop anytime

    • Extra features= Have separate, detailed rules

    • Data privacy= No sale, but Intuit and partners may access your data

    www.creditkarma.com🖱️

  • 1 (800) 319-4433

    1. You Agree Simply by Visiting or Using. Using any part of the myFICO site—even just browsing—means you've accepted the terms. Continued use after changes means you agree to those updates too.

    2. Provide Accurate Data & Secure Your Account. You must give correct personal information when signing up (like name, email, SSN) and protect your login details. If your account is misused due to your negligence, you’re responsible.

    3. Binding Arbitration & No Class Actions. If you have a dispute, you must use binding individual arbitration (via the American Arbitration Association in Minnesota). You can’t join class actions. All arbitrations are confidential. There’s no formal court option unless you and FICO agree.

    4. “As‑Is” Service & Limited Liability. The site is informational only—they don’t provide credit repair or legal advice. They don’t guarantee data accuracy and aren’t responsible for indirect damages like lost income or data.

    5. They Can Change or Remove Features Anytime. FICO can alter or remove services and change the Terms at any time. Continued site use equals acceptance of changes.

    6. Extra Products May Have Extra Terms. Specific tools like credit score simulators, personal coaching, or subscription-based features come with separate customer agreements. If there’s a conflict, the product’s agreement takes precedence.

    7. Indemnification. If your actions violate the terms—such as misusing IP or breaking rules—you agree to cover FICO’s costs, including legal fees.

    8. Intellectual Property Protection. You get limited rights to view and link to content, but FICO retains all ownership of content, trademarks, and software code. Any copyright violations are taken seriously.

    Bottom-Line Takeaways

    • Visiting uses agreement = No need to click "agree" — it's implied.

    • You’re responsible = For your data accuracy and account security.

    • Disputes go to arbitration = No lawsuits or class action unless required.

    • No guarantees = Data is “as-is,” and FICO is not liable for indirect loss.

    • Terms & features can change = Using the site after changes = acceptance.

    • Watch product-specific rules = They may override the general terms.

    • You might owe legal fees = If you misuse the service or breach terms.

    • Content remains FICO’s = You're just getting a limited, personal access license.

    www.myfico.com🖱️

  • 1 (800) 374-8273

    1. Your Membership Auto‑Renews. They're a subscription service: they’ll automatically renew your plan each month (or year) and charge your card until you cancel.

    2. Binding Arbitration & No Class Actions. Any disputes must go to individual binding arbitration—no lawsuits or class actions allowed. They’ll cover the first $125 of arbitration fees; after that, it’s on you.

    3. Limited Liability & “As‑Is” Data. They provide credit reports, identity alerts, and other services with no guarantees on accuracy. They’re not liable for indirect or consequential losses and cap liability at what you’ve paid them.

    4. Auto‑Renewal with Cancellation Rights. You can cancel anytime (e.g. by phone, email, mail, or online), effective immediately. Trial-period cancellations are free. They may raise prices but must notify you—and if you continue, you're agreeing to the new rate.

    5. Identity Theft Expense Coverage (Limits Apply.) Their insurance covers up to $10K in theft-related costs (legal fees, lost wages, notary charges), but only for one incident per year, with coverage caps (e.g. $500/week wages). Claims must be filed quickly with proper documentation.

    6. Third‑Party Providers Like TransUnion. Services like credit monitoring are actually provided through partners (TransUnion, CSID). Your data is shared with them to operate these services.

    7. Changes Can Happen Anytime. They can modify services, terms, or pricing without notice. If you’re billed after a change, you’ve agreed to the update.

    8. Personal Data & Communications. PrivacyGuard may send you emails, texts, or letters. You can opt out of promotional emails, but important notices (like billing or identity alerts) may still be required.

    Bottom-Line Takeaway

    • Auto‑renewing subscription = Charges keep recurring unless canceled

    • Arbitration required = No court or class-action lawsuits

    • No data guarantees = Info is “as-is”; limited liability

    • Insurance support = Up to $10K for identity-theft costs

    • Third parties used = Credit services depend on partners

    • Terms can change anytime = Continued use equals acceptance

    • You’ll get emails & texts = Opt-out for promos, not alerts or legal notices

    www.privacyguard.com🖱️

Know Your Rights as a Victim of Healthcare or Identity Fraud ⬇️

    • Right to be notified within 60 days

    • Notifications MUST include: What happened, what data was involved, mitigation steps, and what the entity is doing to prevent future breaches

    • U.S. Department of Health and Humans Services (HHS) - OCR for HIPAA violations

    • State Attorney General for HIPAA, consumer protection, and privacy violations

    • Federal Trade Commission (FTC) for identity theft, data misuses

    • Social Security Administration if your SSN was involved

    • Credit Bureaus for fraud alerts and freezes

  • Please be patient - coming soon

  • These are bags, sleeves, or pouches lined with special material that blocks wireless signals (like Wi-Fi, Bluetooth, and cellular). They help protect devices and cards from tracking, hacking, or unauthorized access.

    Key Factor: Material Composition

    • The effectiveness depends on the conductive material used, usually copper, silver, nickel, aluminum, or titanium.

    • Titanium, when layered properly or woven into fabrics, offers exceptional durability and conductivity, making it an elite option for rugged, long-lasting signal shielding.

    • Cheap Faraday gear often fails due to poor stitching, gaps in conductive layers, or degraded material over time.

    • Best Practice Tip: Look for products that specify military-grade shielding, tested to block frequencies from 10MHz to 6GHz, and ideally have lab-verified attenuation ratings (like -85 dB or better).

  • Only carry the essentials—such as one form of ID, one credit/debit card, and minimal sensitive documents—to reduce the risk of identity theft if your wallet is lost or stolen.

  • Many modern cards (IDs, credit cards, transit passes) have RFID chips that can be scanned wirelessly. Use RFID-blocking wallets or sleeves to prevent "digital pickpocketing" or skimming.

    Key Factor: Frequency Range & Material

    • RFID systems typically use low (125kHz), high (13.56MHz), or ultra-high (860–960MHz) frequencies.

    • Materials like nickel-coated copper, aluminum mesh, or titanium-infused weaves can block these ranges effectively.

    • Again, titanium alone isn't always sufficient unless it's used in a layered mesh or composite — but when properly integrated, it’s extremely durable and corrosion-resistant, giving it an edge in premium products.

    • Watch Out For: "RFID blocking" labels on thin, purely plastic or leather wallets with no embedded shielding layer — these often provide zero real protection.

  • These are screen protectors that narrow the viewing angle of your device’s display, making it hard for people beside you to see your screen. Useful in public or crowded settings.

    Key Factor: Optical Engineering & Material Layers

    • High-quality filters use microlouver technology — tiny vertical blinds embedded in layers of polycarbonate or PET film.

    • Cheap screens may only dim the display or reduce glare without truly limiting side visibility (leaving you vulnerable).

    • The best filters reduce visibility at 30–60° angles and also offer blue light reduction or anti-glare coatings.

  • Small adapters that allow your device to charge via USB ports (like at airports or cafes) without transferring data—preventing malware or unauthorized access via "juice jacking."

    Key Factor: Circuitry & Shielding

    • Legitimate blockers physically remove or disconnect data pins (usually pins 2 & 3) while maintaining power (pins 1 & 4).

    • Higher-end models add chipsets that simulate “charge-only mode” for modern devices or provide power regulation to avoid voltage spikes.

    • Cheap or fake blockers may look identical but still pass data or fail to protect against voltage manipulation attacks.

  • Always inspect ATMs or card readers for loose or bulky components. Skimming devices can be attached to steal your card info during transactions.

  • Before shredding mail with sensitive info (like account numbers or personal details), tear off or black out that content to reduce identity theft risk from trash scavengers.

  • Use blackout rollers to obscure printed sensitive information (like SSNs or medical details) before disposal. Shredders are essential for destroying personal documents securely.

  • Regularly monitor bank accounts, credit cards, and credit reports for unfamiliar charges or activity. Catching fraud early minimizes damage.

  • Public Wi-Fi is often unencrypted and unsafe. Don’t log into banking, email, or government accounts unless you’re on a secure, private connection or using a trusted VPN.

    DO NOT DO these tasks on Public Wi-Fi:

    • Accessing Your Bank or Credit Card Accounts
      Logging into financial institutions makes you a top target for credential theft or man-in-the-middle attacks.

    • Entering or Updating Social Security Numbers, Driver’s License, or ID Information
      Forms related to taxes, benefits, or employment should always be done on a secured, private connection.

    • Checking Work Email or Internal Portals (Especially for Government, Legal, or Healthcare Jobs)
      Your work login may give hackers access to confidential data or systems that can be exploited.

    • Filing Taxes or Accessing IRS or State Portals
      Filing from Starbucks is a surefire way to get your tax return rerouted or stolen.

    • Submitting Job Applications That Require Sensitive Info
      If a form asks for full legal name, DOB, address, SSN, or scanned documents, wait until you’re on a secure network.

    • Resetting Passwords or Changing Security Questions
      These steps can easily be intercepted — compromising multiple accounts at once.

    • Accessing Medical Portals or Insurance Accounts
      Your PHI (Protected Health Info) is extremely valuable to identity thieves. Only access these sites from private, encrypted networks.

  • Periodically review and limit what permissions apps have on your phone—like access to contacts, location, or your camera—to reduce privacy risks.

  • Be cautious when sharing links, especially from financial institutions, cloud drives, or documents containing sensitive information. Use password-protected links when possible, limit access permissions (e.g., “view only”), and avoid posting them publicly. Cybercriminals can exploit open links to steal data or embed malicious code.

    Many URLs contain tracking data, session IDs, or personal identifiers that can expose your activity or identity.

    Before sharing a link:

    • Remove everything after the ? or # unless you're sure it’s necessary.

    • Only share links from trusted sources and public-facing pages (not account-specific dashboards).

    • Use a link preview tool to verify what’s being sent.

    Example of what a link looks like that should NEVER be shared: https://www.example.com/dashboard?user=jane.doe@email.com&session=ABC123XYZ

    Lets break down the example link! “user=jane.doe@email.com” is the user identification while the “session=ABC123XYZ” is what is considered the token and can be used to grant access.

    REMINDER to DELETE EVERYTHING after the “?” or “#” in a link you are about to share.

  • Sharing identifiable images or personal info of minors online can expose them to identity theft, digital kidnapping, or exploitation. Practice digital restraint for their safety.

    What Your Post ACTUALLY Does

    • Becomes public photos for ANYONE: Predators steal images to create fake profiles or worse.

    • Enables AI & surveillance traps: Your child’s face can end up in databases they never agreed to.

    • Permanently digitalizes your footprint: What you share today can hurt their future job and college chances.

    • Reveals your routines: Posts expose where your kids are — a roadmap for predators.

    • Allows data exploitation: Advertisers and data brokers build profiles on your family without consent.

    • Invites future bullying: Childhood posts can be weaponized against your child later in life.

    What You Can Do Instead:

    • Keep a private, secure photo journal or encrypted cloud folder.

    • Share family updates through private, invite-only groups (and still be cautious).

    • Ask yourself: Would I want this online if I were them?

Everyday Safe Guards

  • Most major U.S. carriers now offer some form of number locking or port-out protection. It protects against SIM swapping and port-out fraud — common tactics used by identity thieves to hijack your number and gain access to sensitive accounts like banking, email, or two-factor logins.

    Verizon (MyVerizon) — "Number Lock"
    Prevents unauthorized port-outs and SIM swaps. Easy toggle in the app.

    T-Mobile — "Number Lock" (formerly Port Validation)
    Blocks port-out attempts until you unlock it yourself via your T-Mobile account or customer service.

    AT&T — “Port Freeze” (Request-Based)
    Not automatically enabled. You must call or visit AT&T to place a port freeze on your number. It stops transfers unless you remove the freeze.

    Google Fi — “Port Out Protection PIN”
    Not a lock per se, but it requires a custom PIN to transfer your number — which you can update anytime for added control.

  • Most major U.S. carriers now offer some form of SIM locking or SIM swap protection. This helps prevent unauthorized SIM swaps — a common tactic used by identity thieves to hijack your phone number and gain access to sensitive accounts like banking, email, or two-factor logins.

    Verizon (MyVerizon) — "Number Lock"
    Prevents unauthorized SIM swaps and port-outs. Easy toggle in the app.

    T-Mobile — "Number Lock" (formerly Port Validation)
    Blocks SIM swap and port-out attempts until you unlock it yourself via your T-Mobile account or customer service.

    AT&T — “Port Freeze” (Request-Based)
    Not automatically enabled. You must call or visit AT&T to place a port freeze on your number. It stops SIM swaps and transfers unless you remove the freeze.

    Google Fi — “Port Out Protection PIN”
    Not a lock per se, but it requires a custom PIN to authorize SIM swaps or number transfers — which you can update anytime for added control.

  • Most major VPN providers offer apps for your devices—phones, tablets, and computers—that secure your internet connection wherever you go. Using a VPN on your device encrypts your data and hides your IP address, protecting you from hackers, trackers, and risks on public Wi-Fi.

    ExpressVPN
    Easy-to-use apps for iOS, Android, Windows, and Mac with fast, encrypted connections.

    NordVPN
    Feature-rich apps that protect multiple devices simultaneously, with strong privacy controls.

    CyberGhost
    User-friendly device apps optimized for privacy and streaming on mobile and desktop.

    ProtonVPN
    Secure apps with a free option, ideal for privacy-focused users on all devices.

    AOL VPN
    Offers basic VPN protection through its AOL Shield service, with apps designed to keep your browsing private on common devices.

  • Privacy Screens (Side-Blackout Filters)
    Privacy screens with side blackout are special filters you attach to your device’s display that narrow the viewing angle, making the screen appear dark or black when viewed from the side. This prevents people nearby from seeing your sensitive information, protecting your privacy in public spaces like coffee shops, airports, or offices.

  • Limiting Your Apps
    Only install apps from trusted sources like official app stores, and regularly review the permissions each app has. Removing unused or unnecessary apps reduces security risks by minimizing access points for hackers and protecting your personal data.

Protect Your Devices

  • Please stay tuned