William Burnett, a retired pilot in Texas, says he’s afraid to go to his mailbox.
That’s where the 68-year-old first learned that someone had stolen his identity, and where he continues to receive evidence that fraudulent accounts have been opened in his name.
He first figured out there was a problem in August when he got a letter from his bank. Ever since, he’s been playing an endless game of whack-a-mole trying to shut down the fake accounts as quickly as they pop up. So far he has not lost any money as a result of the fraud, but his credit has taken a steep and fast nosedive.
His sterling credit score tumbled around 150 points across the three credit monitoring agencies — Equifax, Experian and TransUnion — in a matter of weeks.
“Like many Americans I’ve spent my lifetime building up my credit,” says Burnett. “Each time they try to take out accounts in your name, your credit takes a hit.”
Burnett was already trying to reclaim his identity when he heard about the recent Equifax data breach, in which 143 million people’s personal and financial data were accessed, including Social Security numbers, dates of birth and addresses.
Earlier this month, he learned from Equifax that he was one of the ones affected.
But by then he had already contacted the credit agency to dispute fraudulent accounts and paid for additional credit monitoring. That was in August, a time when the company says it already knew of the breach.
Now he wonders if the Equifax hack is how the thieves got his information. He’s also wondering how many other people are out there are pretending to be him.
Finding the fraud
Burnett, who lives in rural northeast Texas, says his bank, Wells Fargo, was the first to notify him that there was fraud.
“Someone in Yucca Valley, California, was trying to set up a new checking and savings account in my name and change my bank mailing address to California.”
Wells Fargo shut down the new account. Unfortunately, that was only the beginning.
He now has a stack of mail from more than 30 companies that he’s never done business with. All of them are notifying him that someone has tried to open a new account or new line of credit in his name.
The list is long, and he says it includes many web-based financial companies like Allied Direct, Web Bank, Prosper Marketplace and PayPal, as well as other traditional lenders like Citi and Capital One auto finance.
There were also retail cards.
“I’m a retired pilot, I live out here in northeast Texas to be away from the hustle and bustle of cities,” he says in a Texan drawl. “Supposedly, I tried to set up a Victoria’s Secret account?”
When the thief opened an account at a retailer where Burnett also has an account — Sears — the company alerted him that it had put a hold on his own credit card because they felt something funny was going on.
Hearing about Equifax
Although Equifax learned about its data breach in July, hackers accessed the personal and financial information between May and July. The company did not notify consumers until September.
Burnett had assumed his identity was stolen because a doctor or dentist office had been careless with his Social Security number.
Then he found out about the Equifax breach.
“Oh boy, I was really hot to trot,” he said.
There is no way to know for sure how thieves got his information, but the situation Burnett is dealing with is exactly the kind of thing a thief could do with the data they got from Equifax.
And Burnett has no sympathy for the credit agency: “If they go out of business, tough, they aren’t doing anything to help us.”
CNNMoney asked Equifax about Burnett’s situation, and the company selling credit protection services to consumers during the time that the company was aware of the breach. Wyatt Jefferies, a spokesman for Equifax, acknowledged the questions but did not respond to either query.
How to shut down thieves
Burnett has become something of an accidental expert in shutting down accounts and alerting authorities.
The first thing he did when he learned he was a victim of identity fraud was to notify the Federal Trade Commission. He also notified the Social Security Administration and local law enforcement officials.
Next he set out to deal with the individual accounts that had been opened.
When he calls the customer service numbers to alert them to a fake account in his name, the first thing he always says is, “I would like to speak to your fraud department, please.”
Many have been very helpful, he said. “Only a few have been nasty.”
Even though he took and paid for the credit monitoring Equifax offered before it announced the data breach, Burnett has now taken the more extreme step of freezing his credit with all three credit agencies.
A credit freeze prevents anyone from being approved for credit or opening a new account in his name. It is the strongest way to stop this type of fraud.
But by stopping the thieves from getting credit, he stops himself, too.
“If I want to buy my wife a new car I have to lift that freeze,” he said. The freeze can be lifted by notifying the credit agencies of an intention to apply for credit several days before applying.
“It’s going to create a new hassle for us,” Burnett says, “but nothing compared to what we’ve been through.”