Toll-Free: 800.687.6551

News & Blog

The Equifax Data Breach.

BLOG, PERSONAL FINANCE  |  12 Sep 2017

The Equifax Data Breach.  OK, Now What Do I Do?

By Jon Aldrich

Equifax(AP Photo/Mike Stewart, File)

The world is really a dangerous place and just seems to get more so all the time. As I write this on September 11th, and reflect on that awful day that none of us will ever forget, it is apparent that “terrorist” attacks can take many different forms. Case in point, is the recently announced data breach of the large credit reporting firm, Equifax, by cyber terrorists, criminals, thieves, or whatever you want to call these scourges of our world. The breach occurred in July of this year but was not announced by Equifax until just recently. The breach has reportedly left 143 million individual’s highly personal data exposed to hackers.

A smaller number (around 200,000) had credit card numbers and credit dispute documents, which contained personal identifying information, exposed. If you were one of this select minority of people you will receive a letter in the mail from Equifax letting you know that you were one of the “lucky” ones whose data was revealed.

Equifax is one of the 3 major credit reporting agencies, with the others being TransUnion and Experian. These companies are in the business of capturing, updating, and storing credit histories on almost all U.S. consumers. Whenever, you are looking to open a new credit account, this is where the request goes to get a glimpse of your credit status. Thus, they have some very sensitive information and are a hot target for hackers.

What Should I Be Doing?

OK, now that the genie is out of the bottle, so to speak, what should you be doing now that some potentially very sensitive information could be in the hands of cyber thieves? First, it is probably a good idea to work under the assumption that your data has been breached. Sure, Equifax has a website they set up https://www.equifaxsecurity2017.com/ that you can put in 6 digits of your Social Security number and your last name to see if your data was at risk. However, the site has turned into a dumpster fire of sorts, as the results offer less than reassuring results. Users have entered random numbers and names and sometimes the site says you are at risk and other times that you are not at risk based on the bogus information. Therefore, I am not sure how accurate this tool is and do not really recommend using.

So, if the Equifax website tool is of little help, what should I be doing since I am assuming my data is at risk? Here is a possible Action Plan you can use as a guide and implement as many or as few of the suggestions as you wish. However, I strongly recommend that doing nothing at all will likely leave you exposed to substantial more risk than just doing one or two of the items listed below:

Suggested Plan of Action:

  1. Sign up for Trusted ID or another credit monitoring service– Equifax is offering its identity protection program known as Trusted ID (which is a credit monitoring service owned by Equifax) free for one year. This service will give you alerts if there is suspicious activity in your credit files, provide internet scanning of your social security number to make sure it is not out there in the wild internet and provide identity theft insurance. Some other notes:
    • Signing up for Trusted ID WILL NOT prevent you from participating in any lawsuits against Equifax related to damages from the data breach. This has been a common misconception. Enrolling in Trusted ID only precludes you from suing Trusted ID which is a separate company even though Equifax owns it. The agreement you sign with Trusted ID, would only apply to any breaches that Trusted ID was at fault. They were not at fault in the Equifax breach.
    • Trusted ID is not the highest regarded credit monitoring service out there, but it is free for a year and will offer a certain amount of protection. Some of the credit monitoring services that rate high in many reviews are Lifelock, Identity Force and Identity Guard. Remember, though that these services will run anywhere from $17.95 to $26.99 a month depending on the level of service, while the Trusted ID is free for a year.

 

  1. Check Your Credit Reports – This is something you should be doing already. If you are not doing this you can get your free credit report at annualcreditreport.com . The site is run by the big 3 credit agencies and allows you to get one report per year from each of the companies. I generally recommend that you set up a rotation to get a report every 4 months from them. For example, in January get the report from Experian, in May, from TransUnion and in September from Equifax. Doing it this way will allow you to get a regular update on your credit report for free. I don’t recommend paying for their FICO credit scores however, since these are readily available from your credit card companies such as Discover and Capital One with your monthly statements for free.

 

  1. Freeze Your Credit – You can go online or call each of the 3 credit agencies and request that your credit be frozen. This means that no new credit accounts can be open while the credit freeze is in effect. It is the ultimate in credit protection. However, your existing lenders and their debt collectors can see your credit report and you are still allowed to access your free credit reports mentioned above. The fee generally runs about $10 for each of the agencies to put a freeze on and another $10 for a temporary or permanent lift of the freeze. Thus, it would cost you $30 in Illinois to have a freeze enacted with all 3 agencies as an Illinois resident and will cost you $10 each time you want to lift the freeze for a new credit account. However, if you are a victim of identity theft, credit freezes are free.
    • You can sign up online at each of the 3 company’s sites or you can call them:
    • You will need to make sure the PIN # you receive is kept in a safe place so that you can use it for lifting the freezes. You can lift the freeze by either calling or going to their sites online. You can also get a Temporary, one-time PIN a creditor can use to access your credit if you are looking to obtain additional credit.
    • Lifting the freezes can be a bit of a hassle, so if this would be a problem for you, a credit monitoring service or fraud alerts are probably a better idea.

 

  1. Sign up for Fraud Alerts – You can place a fraud alert with just one of the 3 agencies by either going to their website or calling them. When you place the alert with one of the companies, they are required to notify the other 2 companies of the alert. Setting up a fraud alert can make it harder for an identity thief to open accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit. The initial alert stays on your report for 90 days and you can renew it after 90 days. An alert could be considered a Credit Freeze “Lite” as it is less draconian than a freeze but still offers a fair amount of protection. There is also no cost for setting up the alert as many times as you like. The Federal Trade Commission has some additional information here. This is a very simple and free way to get at least some monitoring of your credit.

 

  1. Keep an Eye on Your Bank and Credit Card Accounts – You should already be keeping a close eye on these, but it is even more critical now after this large breach. If you see anything suspicious, report it immediately. The quicker you act, the less mess there may be to clean up.

 

  1. Watch out for Phishing Scams – Breaches like this are going to bring out all the roaches as they will try to take advantage of this. Really be alert for phishing emails purporting to be from banks or other companies hoping to get you to provide information they can use to hack your accounts. Legitimate companies are never going to e-mail or call you for this information. Go an take this test here to see how adept you are at identifying phishing emails.

It is unfortunate that we must take steps like these to protect our identities, but this is the world we live in for 2017. This was a HUGE data breach and really should not be taken lightly. If you need help or would like assistance with any of the above, please contact us so that we can arrange a time to help.