National Association of Insurance Commissioners publishes consumer guidance on preventing identity theft

The National Association of Insurance Commissioners has issued consumer guidance explaining identity theft and outlining practical steps to reduce cybersecurity risks as personal information is increasingly stored online. It defines identity theft as unauthorized use or attempted use of an existing account, use of personal information to open a new account, or misuse of information to commit fraud, and notes that individuals remain at risk even if they do not use the internet because companies store data online and thieves can access information from sources such as mail, trash, public records, and social media. Key recommended protections include using multi-factor authentication, keeping software updated (including automatic updates), and exercising caution with links and emails, citing the Cybersecurity and Infrastructure Security Agency’s estimate that more than 90% of successful cyberattacks start with phishing emails. The guidance also advises using strong, unique passwords (including password generators and managers), reviewing financial accounts and obtaining annual free credit reports from each of the three main credit reporting companies, limiting sensitive information shared online (including checking photo backgrounds), and questioning requests for Social Security numbers, reflecting Federal Trade Commission guidance on when they are legitimately needed and how to verify and minimize disclosure. For suspected identity theft, the NAIC directs consumers to report the issue to the Federal Trade Commission and follow the FTC’s recommended steps, and highlights additional resources from the FTC and the Cybersecurity and Infrastructure Security Agency.