Gary Koop wondered whether he was being scammed when he received an official-looking letter from Health Net the other day warning that the insurance company had experienced a major security breach.
The insurer offered Koop two years of credit monitoring and fraud protection to reduce the risk of identity theft.
"Like everyone else, I get a lot of free offers in the mail," the Manhattan Beach resident told me. "It looked like they were just trying to sell me something."
Nope — the letter's legit. And it serves as a warning to all consumers that no matter how hard you work to safeguard yourself from fraud and identity theft, someone else's negligence can still put your personal information in the wrong hands.
Case in point: Numerous banks, retailers and other companies are currently notifying customers that hackers penetrated the computers of a major marketing company, potentially making off with millions of people's names and email addresses. The marketing company, Epsilon, says it's investigating the breach.
For its part, Health Net of Woodland Hills says it was notified by IBM in January that the tech heavyweight, which handles Health Net's data center operations, couldn't account for nine disk drives that had been used in the insurer's corporate servers.
The disk drives contained the names, addresses, Social Security numbers, health data and financial information for nearly 2 million current and former Health Net members nationwide, including more than 800,000 in California. That's basically one-stop shopping for ID thieves.
This isn't the first time Health Net has seen confidential data go bye-bye. In May 2009, a portable disk drive containing medical and financial information on about 1.5 million customers went missing from the company's Connecticut office.
A spokeswoman for the California Department of Managed Health Care said officials are investigating Health Net's security practices in light of the latest breach.
Braid Kieffer, a Health Net spokesman, declined to provide details of the new incident. But he said that as far as the insurance company knows, the missing info hasn't been misused.
"It's unaccounted for," Kieffer said. "Our investigation is continuing."
The seriousness of the breach is perhaps indicated by Health Net's decision to provide two years of free identity protection. It's unusual to offer more than a year's worth of such protection.
"We want our affected members to have some comfort in knowing that we're providing them with this service for that amount of time," Kieffer said.
Health Net said in its letter that it was informing people about the incident "out of an abundance of caution." That, and a California law that requires businesses to notify people any time a security breach occurs.
The problem for Koop, 64, was that Health Net is offering fraud protection via a company called Debix. To get it, he'd have to give Debix his Social Security number.
"I don't like to give my Social to anyone," Koop said.
And that's a good policy to have.
So what should you do in a situation like this? Unfortunately, you're stuck between that proverbial rock and hard place. Do nothing and you risk being victimized by fraudsters. Give your Social Security number to a company you've perhaps never heard of, and, well, that's not a comforting thought either.
I recommend that Koop and anyone else in this situation bite the bullet and accept the protection. Having been a victim of ID theft myself, I can tell you it's no fun and a very difficult thing to remedy.
You can contact the leading credit bureaus yourself and place fraud alerts or freezes on your credit files. Or you can accept the offer of free monitoring typically offered by the company that let your info slip into the wild.
For what it's worth, Debix looks like a reasonably reliable fraud fighter. And if your Social Security number is already making the rounds, you don't have much to lose.
Since we're talking about potential scams, here's a real beauty you should know about.
Email from someone identifying herself as Kiyoko Izunami has been showing up in people's inboxes since the earthquake, tsunami and nuclear crisis in Japan started unfolding.
Izunami says she's "a Japanese living in Spain" and working with the Japanese Community Forum, which strives to assist people affected by natural disasters.
"Some of our family members in Japan was severely affected by the earthquake and our community forum has decided to raise money to meet the needs of food, shelter and medical assistance," she writes.
Those wishing to donate funds are instructed to use Western Union to wire money to a location in Madrid for subsequent distribution to people in Japan.
If there really is a Japanese Community Forum in Madrid, it doesn't come up in a Google search. Moreover, the email has all the earmarks of the classic fraud in which victims are compelled to wire money via Western Union to some far-flung location (often for a family member said to be in distress).
Needless to say, this isn't the best way to assist the thousands of people in Japan who are struggling to get their lives back together in the wake of the string of disasters. There are numerous legitimate organizations in need of help.
One good place to start: the Japanese Red Cross Society. You can find out how to donate funds by visiting its website at http://www.jrc.or.jp.