The Equifax data breach stunned the public with its announcement that data on 143 million Americans had been hacked. Equifax keeps detailed financial information on consumers to gauge their risk as a borrower. They are a storehouse of some of the most personal and sensitive information of Americans’ financial lives.
There was a time when the biggest threat to our personal information was our chance of falling victim of a scam or using the same weak password for all our accounts. Today, corporate data breaches are becoming commonplace. Let’s look at what should be done in response to the Equifax breach, in particular, and what steps to take to minimize the chance of personal information falling into the wrong hands going forward.
Equifax has set up an online registry so consumers can check to see if their information was exposed. I wouldn’t bother since 143 million Americans is basically the entire adult population of the country. Instead, here is what you should do:
- Get a copy of your credit report. Check for accuracy and unusual activity. Follow the instructions in the linked article to get a new one every four months from a different agency for free.
- Review your existing credit card and bank accounts closely for transactions you don’t recognize. This is a good time to change all the passwords to your online financial accounts, including banks and credit cards.
- Review your Social Security benefits statement online. Look for anything unusual.
- Consider a monitoring service to alert you of any activity. Equifax is offering complementary credit file monitoring and identity theft protection through its TrustedID Premier service. Details of the service can be found at equifaxsecurity2017.com.
- Watch for signs of identity theft. These signs include unexplained activity on your financial accounts, debt collection calls, medical records that don’t match your medical history, and receiving unfamiliar statements in the mail.
These steps alert you to suspicious activity after it happens; however, the best preventative step is to freeze your credit so no one can access it with your identity. Freezing your credit will create some headaches because it locks your credit file. You will need to go through the process of lifting the freeze anytime you want to access your credit, i.e. take out a loan, apply for a credit card, etc. Also, it is not free.
For instructions on placing a freeze and a list of fees by state see Consumers Union’s Guide To Security Freeze Protection. You can also freeze your credit by contacting the agencies by telephone:
- Equifax: 1-800-349-9960
- Experian: 1‑888‑397‑3742
- TransUnion: 1-888-909-8872
Be sure to take all these precautions for your spouse or other loved ones to protect them from exposure.
Self-Monitoring vs. Using A Credit Monitoring Service
Everyone should review their bank and credit card statements regularly for unauthorized transactions. You can review your credit report on your own at no cost. You have a legal right to request a free credit report from each of the three credit reporting agencies as explained earlier in this newsletter. Staggering the reports as recommended allows you to review a report for free every four months.
Credit monitoring services typically scour all three of the credit reporting agencies daily for notification of new accounts or suspicious activity. Most services offer email or text notifications, periodic credit reports, and customer support. Fees for these services tend to run between $15 and $30 per person per month. Keep in mind the service doesn’t prevent theft, it just informs you when it happens so you can lock things down that much quicker. Equifax’s service is complementary only if you sign up by November 21, 2017. LifeLock and IDShield are other sources of credit monitoring services.
Precautionary Steps Moving Forward
The most cautious approach to protect your sensitive information can be derailed by a hack at a major retailer, website, or even a credit reporting agency. Nonetheless, you can take precautions to reduce your exposure.
- Be cautious about what you post on social media. Don’t post answers to common security questions such as your first pet or mother’s maiden name on Facebook. Be prudent with how much information you disclose.
- Use credit cards rather than debit cards. Credit cards enjoy greater federal protections in the event of fraudulent activity.
- Never submit sensitive data while using non-secured, public Wi-Fi connections.
- Pay by cash. While this avoids the chance of your credit card going through a skimmer, you are still not immune. A thief who has your identity from a corporate breach can open new cards in your name.
- Encrypt your phone. A six-digit pin is much more difficult to guess correctly than a four-digit one. Consider turning on a ‘self-destruct’ mode so that your phone will completely wipe itself after a certain number of failed attempts.
- File your taxes early. As soon as you have the tax information you need, file before a scammer can get your information.
- Use two-step verification. Protect sensitive information by using services that not only ask for your password, but provide a code via text message or require an authentication to verify your identity.
Everyone is exposed to this type of risk. It is prudent to focus on not only preventive measures, but also on a proactive monitoring strategy that will provide early detection when there is a breach or other unauthorized use of your identity.
- Be diligent in the review of your monthly financial statements and report unusual activity to your financial institution promptly.
- Review your credit reports regularly or use a monitoring service to check the reports for you.
- Be cautious with who you share personal information and how this information is transmitted.