Sorry to hear about this. All I can suggest is keeping a very close eye on your financial affairs.
I really appreciate technology in a lot of ways but this is the ugly dark side. I was one of those people who never did any online banking or shopping for fear that I would have a problem eventually. Back around 2012/2013, I received a collection letter from eBay for charges that I knew nothing about. Great, my account was compromised, even though my actual account didn't show any charges. Then there was the Equifax, Home Depot and T-Mobile breaches. It was at this point I learned that no matter how careful I was with my info, all of these morons are storing my info and are unable to secure it. There is absolutely nothing anybody can do about it. With this being the case, I now make my life easier by doing almost everything online since I've lost any ability to safeguard my information anyway. As time has gone by, I have had 2-3 cases where I try to swipe my card and it gets declined only to find out I have yet again had my info compromised. I always check for skimmers and finally gave gave up on paying at the pump years ago. I won't even use an ATM anymore and deal directly with a teller every time I have business at the bank- it has gotten that bad. Fortunately, I have never been in a situation where I was responsible for the fraudulent charges and I have a few cards so I am never totally hosed when this happens although I am inconvenienced while I get everything resolved. That is the only positive I can think of- I've had to deal with this so many times, I am very good at getting it resolved quickl since I know the steps. File a police report and IDTheft.gov report, contact the merchant where the fraud occurred and the credit card company, send certified letters to the merchant with affidavit, police report, demand all records related to the fraudulent account and of course the all important FCRA 609(e) form. How sad is it that I know this?
Every couple years I have to put out fires. It has been quiet for awhile since I've frozen all of my credit reports but I did apply to a Credit Union a few months back that required me to thaw my credit reports. I thawed them for only 3 days and within 2 weeks of that, I received a debit card from a bank that I don't do business with. If that weren't messed up enough, I then found some information where the person whom requested this debit card had set up an online payment portal to obviously defraud people financially using my name and address.
The good news is that no new credit cards were issued in my name over those 3 days and I got the online payment portal shut down. The bad news is that somebody obviously has all of my info that allowed them to open an account that issued the debit card. Since credit reports (Equifax, Experian, and TransUnion) aren't required to open bank accounts, cell phone accounts, accounts for utilities, or get medical care, car insurance, etc., I knew there must be other avenues that I haven't locked down yet. After communicating with the bank where the debit card was issued, it was confirmed that my SSN had to be given on the application to get the debit card. After this last scenario, I started plugging every hole I could find concerning my info online. As of today, you can Google my name and get nothing useful in return other than people with similar names. There was one particular website that I demanded info purged from that showed all of my personal info from 1989 on, every address, phone number and employers w/ annual income over the last 30 years. This website even showed the VIN numbers of my 2 current cars. Scary, especially since I don't remember anyone asking permission to have all of this information online for everyone to see. It's not like I was on the dark web when I found this website, these are websites that everyone can access for free.
This last issue was especially severe so I did some research and found that there was way more places and entities that I needed to contact to hopefully get this under control for the long term. The 3 credit reporting agencies are just the very tippy top of the rabbit hole.
