September 18, 2017
You have probably been hearing a lot about the recent data breach at Equifax. Here’s the key information that you need to know, as well as what you can do to significantly reduce your risk of identity theft or credit fraud.
Ultimately, hackers stole a large amount of personal data from Equifax — including Social Security numbers, names, addresses, dates of birth, and credit card numbers — which is expected to affect an estimated 143 million Americans. The data breach was discovered on July 29th, and the company acted immediately to block the attack. The company then contacted law enforcement and hired a third-party cybersecurity firm to determine how the attacker gained access to their internal system, and what data was impacted. Rick Smith, Chairman and CEO of Equifax, released a short video press release about the incident on September 7th to help initially inform consumers about the breach, but the investigation is still ongoing.
Equifax has created a website as a resource for consumers to see if you are potentially affected by the data breach (https://www.equifaxsecurity2017.com/); however, there are numerous sources that have found this website to be unreliable at best. Entering some clearly incorrect information into the two simple prompts, such as Last Name “Test” and Last 6 Digits of Social Security Number as “123456” still results in the checker validating the entry and suggesting that the person “may have been impacted.” The sad news, according to security analyst Avivah Litan, is that you will never know with complete certainty and that “There’s a greater than 50% chance that you have been compromised” in either this Equifax breach or any number of other data breaches in the recent past (i.e. Target, Home Depot, and Anthem to name a few).
With that in mind, it’s much more realistic to assume that your personal information has been breached to some extent, and it’s prudent to consider how best to prevent someone from using it to commit identity theft or credit fraud. In a best case scenario of someone illegally using your personal information, you catch it early and it just ends up being a headache that wastes your time and energy before getting it all resolved. In a worst case scenario, there’s a chance you can’t fully get the identity theft or credit fraud cleared up from your credit report and it could result in significant lost time and financial resources. Fortunately, taking proactive action now in a few important areas can dramatically help prevent the chance of someone illegally taking out credit, loans, or services in your name.
The most important action you can take right now is to ‘freeze’ your credit reports at the three leading credit-monitoring agencies: Equifax, TransUnion, and Experian. Freezing your credit report prevents individuals and institutions from accessing your credit report, though it doesn’t prevent yourself or your current credit institutions from accessing your credit report. Unfortunately, putting a freeze on your credit report at each institution isn’t free; each state usually has a fee of $5-$10 per credit bureau. It’s worth noting that freezing your credit does not affect your credit score, and once frozen, you can always request a ‘thaw,’ where the freeze is temporarily lifted so that a particular financial institution or person can access the credit report. Similar to when you initially freeze your credit, you’d have to pay another $5-$10 fee for each ‘thaw,’ and you would just need to provide the PIN that you received from the credit bureau when the freeze was initiated. Equifax will actually freeze your credit for free right now, but your state’s cost for placing a freeze or thaw can be found at ConsumerUnion.org (http://consumersunion.org/research/consumers-unions-guide-to-security-freeze-protection-2/). Regardless of whether you get to freeze your credit for free or whether it costs you $10 at each bureau each time, the cost is well worth it to protect you from credit fraud. You can place the freeze on your credit reports at each of the credit bureaus by phone call, mail, or online – though we recommend a phone call since that’s the most secure:
After taking the most important action of freezing your credit reports, there are a few other actions we recommend. It’s a good idea to revisit your online login & password info to make sure that it’s all secured with strong, unique passwords. After a large data breach, hackers often try to get access to your online accounts and have the most success with people who reuse variations of the same weak passwords across their entire ‘portfolio’ of accounts. On the same note, use two-factor authentication for logging into online accounts when possible. Email is another area where you should remain extra vigilant; be extremely cautious about receiving suspicious phishing emails from thieves who may already have some of your personal info and are using it to craft very convincing email requests for you to send them money or more of your personal info. If it seems like you received an odd request from someone you know, but you don’t recognize the email address it was sent from, it’s always best to call up that person to confirm they were actually the ones who sent it. One final suggestion is to closely monitor your account statements and credit reports to verify that no damage has already been done. There are a number of resources that allow you to monitor your credit reports, but we recommend checking out CreditKarma.com since it provides an easy way to check your credit report and it’s totally free. Just keep in mind that monitoring your credit report and account statements is useful as a way to catch identity theft or credit fraud after it already occurred, but it doesn’t take effective steps to prevent that fraud in the first place in the same way that freezing your credit. When it comes to securing your identity and credit, it’s always better to be proactive than reactive.