The Equifax breach is one for the books and has compromised 143 million consumer's private and personal financial data. The unauthorized access occurred between mid-May and July 2017, and was discovered on July 29 – the company just announced it last week.
According to their press release, Equifax states that there is no evidence of unauthorized access to its core credit reporting databases, but is offering consumers identity monitoring services, which is run by Equifax, to all who wish to take advantage of it. These services include copies of your Equifax credit report, the ability to lock your Equifax report, monitoring of all three credit bureaus for changes in your report, scanning of the Internet for your Social Security number, and identity theft insurance.
Equifax, You Had One Job
Understandably, many are skeptical or suspicious of signing up for these offered services through Equifax. Many are hesitant to provide more information to the company that lost it in the first place. I would encourage everyone to assume they were affected, regardless of what Equifax’s site says, as the investigation into the breach is ongoing. I would also encourage anyone who chooses to sign up for the services Equifax is offering to not rely solely on it for credit and identity protection. Identity theft can be crippling, expensive, and incredibly difficult to resolve.
What You Can Do
The following are some steps we can (and likely should) take to protect ourselves from identity theft and to mitigate its repercussions if it does happen:
- Monitor your bank. Start to keep track of your bank and other financial account activity closely. If you notice any suspicious transactions, notify your financial institution immediately.
- Monitor your mail and email. If you get suspicious notices, such as an approval for a credit card you did not apply for, notification of a new account you did not open, or an Explanation of Benefits from your health insurance for services you did not receive.
- Don't provide any personal information. Never give out any of your personal information to someone who has contacted you “regarding the Equifax breach” (or any other breach or circumstance, for that matter). Large breaches like this attract scammers and criminals who try to obtain your personal information by posing as the company who experienced the breach and/or the company providing credit and identity monitoring services as a result of the breach.
- Free services. Check with your financial institutions to see if they offer additional security measures such as email/text alerts, two-factor authentication, and verbal passwords. If so, sign up for them.
- Run your credit reports. You can receive one free credit report every year from each of the three bureaus at www.annualcreditreport.com or 1-877-322-8228. You can stagger these as well, so for example, you may request your Experian report four months after you request your TransUnion report to continually monitor them. If you notice anything inaccurate, notify the appropriate bureau immediately.
- Consider freezing your credit. This prevents any new accounts from being opened in your name while the freeze is in effect unless you provide a designated 10-digit PIN. This may cost a small fee if you do not have proof of identity theft or a police report, and you will have to lift or remove the freeze if you need a third party to access your credit report for a credit card application or car loan application, for example. A freeze remains until you remove it. This will only prevent new accounts from being opened in your name – keep in mind that the majority of identity theft occurs on existing accounts. Here are the links to freeze your credit at Equifax, Experian and TransUnion.
- Consider placing a fraud alert on your credit. This is a less drastic step than a freeze, but can be very effective. This serves as a warning when your credit report is requested that your identity has recently been compromised and additional steps should be taken to verify your identity before proceeding. Note that initial fraud alerts do not require that additional steps be taken to verify your identity and expire after 90 days. Extended fraud alerts do require this, but typically require a police report to put into place – they last for 7 years. If you are active duty military, you can also file a one-year fraud alert while you are deployed. To place a fraud alert, you only need to contact one credit bureau, which is then responsible for contacting the other two: Equifax, Experian or TransUnion.
If you ever have reason to believe that you have been a victim of identity theft, the Federal Trade Commission has a website to guide you through the steps of reporting and recovering at this helpful website.
This is a good reminder to us all that constant vigilance is more necessary than ever when it comes to our credit. As we move into an increasingly connected world, the security of our personal information cannot be fully guaranteed by those we entrust with it. Taking some or all of the steps above also cannot fully guarantee that you will never experience any form of identity theft, but you will be more aware of potential problems before they become larger ones.
Read more about preventing hacks with your personal or business at TechCo