SUTTON, Mass. — An identity theft story with a frustrating twist. A Sutton man called 25 Investigates saying he took the right steps after learning he was a victim of identity fraud. But he says doing the right thing made led to an even bigger headache.
For Anthony Deyoe, it started with a routine letter in the mail from a credit card company. It said they were working on a new credit card application that he had submitted, only he did submit it. Deyoe knew immediately he was a victim of identity theft.
H says he called the credit card company to dispute the application and then contacted the three major credit reporting bureaus, including Experian.
“And all I did was open a can of worms and make it worse,” Deyoe told Boston 25′s Kerry Kavanaugh.
He set up accounts with each bureau and froze his credit.
“So, I’m at soccer practice on a Saturday morning. It’s 8:30 in the morning and I my phone dings with an email,” Deyoe said.
The email from Experian said someone had changed his account information. His email, password, and security questions all new and he didn’t know what they were now. Deyoe says he spent days trying to get someone from Experian on the phone.
“It just loops you around, loops you around. I even call their business line to try and, you know, just get to a person,” Deyoe said. “The only way to fix it was to send a bunch of personal documents either to a P.O. Box in Texas or to fax them on some unsecure line.”
Identity theft resolution is also costing consumers a lot of time. According to one fraud study, in 2022 consumers spent an average of 6 hours dealing with identity fraud incidents. In 2023 it jumped to a nearly 10-hour average.
Deyoe says he just wasn’t comfortable mailing or faxing those personal documents.
Later, he got another alert.
“So, the people that got into my account use the information in my credit report and then opened up a digital checking account under my name,” Deyoe said.
For months, he couldn’t access his account until he called 25 Investigates.
We reached out to Experian asking how Deyoe’s information was compromised and if this happened to others.
A spokesperson told us their protocols worked since Deyoe got that notification when his account was changed. In a written statement Experian said “Protecting consumers’ identities is among our highest priorities. We believe this is an incident of fraud using stolen consumer information.”
Experian also contacted Deyoe directly helping him regain access to his account to close it.
“We call this an account takeover like this,” said Lisa Plaggemier, the executive director National Cybersecurity Alliance. The NCA educates people on best ways to keep their data secure as identity fraud is affecting millions of people and costs Americans about $43 billion dollars a year, according to a recent report.
Plaggemier says despite stories like Deyoe’s, contacting the credit bureaus and freezing your accounts is still best practice if you’re a victim of fraud.
“That means you have to create accounts on the credit bureau sites. And you just you know, our recommendation is to create those in a way that they’re secure,” said Plaggemier.
So, the NCA suggests making the passwords tougher to crack. Use 15-16 characters, always use multi-factor authentication on sites where it’s enabled, and don’t repeat passwords from site to site.
“Maybe we were using a password that has been involved in another data breach in another company, so best practice is not to use the same password twice,” said Plaggemier.
The NCA also recommends using password managers because it makes it easier to have completely unique long, random passwords on every account.
Especially as large-scale breaches become all too common. In August we learned of a major data breach affecting nearly 3 billion social security numbers, and other personal information, which were then for sale on the dark web.
But Deyoe says he had taken all those suggested steps.
“It’s upsetting when you go to a company that’s supposed to be protecting things and you make things worse,” he said.
Experian added “Our authentication processes go beyond requiring users to provide personally identifiable information (PII) and answering knowledge-based authentication (KBA) questions. We do not disclose those additional processes for obvious security reasons; however, our data and analytical capabilities verify identity elements across multiple data sources and are not visible to the consumer. "
Download the FREE Boston 25 News app for breaking news alerts.
Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
©2025 Cox Media Group
/cloudfront-us-east-1.images.arcpublishing.com/cmg/7QOJU3BNCJERBNKJC5LWTBYFLU.png)
