Have you been affected? If so, how can you try to protect yourself?
On September 7, credit reporting agency Equifax dropped a consumer bombshell. It revealed that cybercriminals had gained access to the personal information of as many as 143 million Americans between May and July – about 44% of the U.S. population. The culprits were able to retrieve names, Social Security numbers, birth dates, addresses and even driver’s license numbers. In addition, the hack compromised 209,000 people’s credit card numbers and personal dispute details for another 182,000.1,4
How can you find out if you were affected? Equifax can only tell you if your information was potentially compromised. Visit equifaxsecurity2017.com, the website Equifax just created for consumers. There, you can enter your last name and the last six digits of your Social Security number. (Having to enter the last six digits of your SSN hints at how significant this breach is.)2
If you are among the consumers whose data was hacked, Equifax will ask you to return to equifaxsecurity2017.com to enroll in their identity theft protection product, TrustedID Premier. This program will provide you with free credit monitoring for a year.1,2
Is this a marketing opportunity for Equifax? Given the nature of the data obtained in the hack, it is likely that credit monitoring will be required for an extended period of time. Birthdates and social security numbers never change so the value of this information to a potential criminal will exist many years from now. In a case of making lemonade from lemons, this could create a huge group of paying customers for Equifax’s monitoring service.
The fine print. Initially, Equifax required consumers to waive their legal right to sue in order to enroll in TrustedID Premier. After overwhelming pressure from the media, politicians, and attorneys, Equifax has amended its policy.
How should you respond? Beyond simply taking Equifax up on its offer of one year of identity theft insurance and free credit monitoring, you can take other steps.
Check your credit reports now. (Unless you have already done so in the past month). You can get one free credit report per year from Equifax, TransUnion, and Experian. To request yours, go to annualcreditreport.com. Scrutinize your credit card and bank account statements for unfamiliar activity, and sign up for email or text alerts offered by your bank or credit card issuer(s), so that notice of anything suspicious can quickly reach you.
Place a Fraud Alert on your credit file. A renewable, 90-day fraud alert requires creditors to take steps to verify your identity before opening a new account, issuing an additional card, or increasing the credit limit on an existing account. A fraud alert doesn’t prevent a lender from opening credit in your name but it does require that lenders take additional steps to verify your identity first.
Consider placing a Security Freeze on your credit report. When there is a freeze, creditors can’t access your reporting file and therefore won’t offer new credit. This helps prevent identity thieves from opening fraudulent accounts in your name. However, this also means you won’t be able to apply for credit as easily if you were planning to apply for a loan. You can place a freeze on your credit file at any time, but you must contact each credit reporting company. There is a small fee each time you place or remove a credit freeze.
Consider changing the password for your main email account. A weak password on that account is a low bar for a cybercrook to hurdle – and once hurdled, that crook could potentially pose as you to change the passwords on your financial accounts.3
Regarding bank, investment, and credit card account passwords, avoid the obvious. Too many people use simple passwords based on their pet’s name, their last name and year of birth, the high school they attended, etc. Sadly, these same simple facts are often answers to security questions for credit card and bank accounts. Ask your bank or credit card issuer if you can use additional, random words or a PIN for passwords or security question answers. That way, you can avoid logging in using data that is in the public record. You want your password to be long and random, to make it harder for a would-be thief to guess.
You may want to consider paying for additional identity theft protection for years to come. This is one way to try and shield yourself from the unauthorized use of your Social Security number, driver’s license number, email accounts, and credit card numbers.
Be on the lookout for new phishing attacks. If someone calls you out of the blue claiming to be from Equifax, do not cooperate with them. Unless Equifax is returning your call, they will not contact you by phone. The same applies if you get a random, unsolicited email or text from “Equifax” – do not comply, or you may inadvertently hand over personal information to a fraudster. Stay vigilant, today and in the future.
1 – wired.com/story/how-to-protect-yourself-from-that-massive-equifax-breach/ [9/7/17]
2 – washingtonpost.com/news/the-switch/wp/2017/09/08/after-data-breach-equifax-asks-consumers-for-social-security-numbers-to-see-if-theyve-been-affected [9/8/17]
3 – cleveland.com/business/index.ssf/2017/09/devastating_data_breach_at_equ.html [9/8/17]