This July 21, 2012, photo shows Equifax Inc., offices in Atlanta.

(AP Photo/Mike Stewart)

Originally posted at Forbes, September 2017.

Equifax’s security breach, which occurred on July 29th, but was not disclosed for six weeks, gave criminals access to up to 143 million of our Social Security numbers. There are some 123 million of us currently working and, for the most part, not collecting Social Security. There are millions of additional Americans not currently working who have not yet applied for Social Security benefits.

The media’s focus is on the thieves taking out credit cards and other credit lines and loans under our names and leaving us with the bills. But no one, to my knowledge, has raised the potentially much greater concern of whether the thieves and their associates (to whom they are surely fencing our identity information) will be able to file for our Social Security benefits.

Imagine you are 62, retired, but waiting till 70 to collect your Social Security benefit. Further, suppose that a thief with your personal data, including your Social Security number, notifies Social Security that you have moved and provides a new address. The thief then can file for your early retirement benefits and have the checks sent to this new address or wired to his/her bank account — a bank account set up in your name with your Social Security number as one of the key forms of identification. This second route may be best from the thief’s perspective because it wouldn’t trigger a likely letter from Social Security to your current address notifying you that your address has been changed.

Eight years later you turn 70 and you file for your retirement benefit only to be told you’ve been receiving it for 8 years. What do you do? You appeal and attempt to prove you are the true John Doe, not the one who has been stealing your benefits. How do you do so? It’s not clear. Social Security has no picture of you. Nor does it have your fingerprints. Birth certificate? The thief could have gotten a copy. What about other information, like where you grew up, what street you lived on, what school you attended? Thieves might be able to collect this information as well.

How about current income and employment information?

Incredibly, Social Security uses Equifax to verify this information! Just read this article, which includes this statement.

“The Social Security Administration leverages current income and employment information from Equifax in tandem with other public sector data for a complete picture of an applicant’s financial situation.”

As many of you who have followed my Social Security Ask Larry columns over the years or read my co-authored book, Get What Yours – The Revised Secrets to Maxing Out Your Social Security, I’ve been answering Social Security questions and studying the system for years. Most people pose their questions at www.maximizemysocialsecurity.com or on my Ask Larry Forbes blog. But I also get direct emails from folks who are in very special circumstances. I’ve received a number of emails over the years from people whose benefits have, they feel, been stolen by a third party. Unfortunately, I’m not an expert on how to resolve the problem. But the main impression I get is that Social Security’s adjudication process takes forever — months if not years. Moreover, you have no idea if your appeal is proceeding or has been filed in some drawer.

Social Security doesn’t have the staff it needs these days to do its current job. Indeed, the current wait time to receive a decision on whether you can collect disability benefits is close to 2 years! Imagine the Social Security system’s having to handle tens of millions of benefit thefts.

What about current beneficiaries? Could their benefits be redirected to a different address or bank account? I don’t see what not. Nor does my company’s in-house Social Security specialist who worked for three decades for the system, many as a Technical Expert. We just discussed the Equifax leak over the phone. He believes Social Security has some means to preventing benefit theft. But he doesn’t know what that might be. Neither he nor other members of the staff were trusted with the information to prevent the staff from learning how to steal other peoples’ benefits.

What should you do? At a minimum, I recommend immediately printing out and safely preserving your Social Security earnings record. The date may help prove that the real you has the earliest Social Security records. And if you are now collecting benefits? I’d start saving notices of benefits you’ve received or changes to your benefits. Also print out bank statements showing you’ve received benefits. Having these things in your possession with dates that pre-date when your benefits were redirected may help. Then again, Social Security may decide you set up a scam involving your pretending to have been scammed — all in order to double your monthly check. This concern might arise if you failed to report in a timely manner not receiving benefits. So make sure your check arrives each month if you are already receiving benefits.

Another idea for those not yet receiving benefits is to send a certified letter, return receipt required, to Social Security every few months stating that you continue to live at your current address, that you have not yet filed for benefits and to notify you if anyone falsely files for benefits on your record. Keep a copy of these letters to document you never filed for benefits prior to the time you did.

As for Social Security, the Commissioner needs to make a public statement concretely reassuring the public their Social Security benefits are safe and that tens of millions of us won’t be placed in a bureaucratic nightmare trying to collect or recover our benefits.

This article was originally published at Forbes on September 10, 2017. (http://bit.ly/2AHXSEx)