Last Friday, Equifax, one of the major credit reporting bureaus, issued a press release announcing that on July 29 it had discovered “unauthorized access” to data belonging to as many as 143 million U.S. consumers. We have compiled some information that we hope may help you understand what happened and what to do next. There has been a lot of information being thrown around the web the last several days ranging from solid to bizarre conspiracy theories. At the end of the day, this is not likely to disappear overnight, and yes, this is absolutely a big deal.
Equifax has stated its internal investigation determined no evidence of unauthorized activity on its core consumer or commercial credit reporting databases. However, the data accessed includes names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. In addition, credit card numbers were accessed for approximately 209,000 U.S. consumers and personal identifying information on documents for another 182,000 people.
Equifax has set up a website on which you can enter your last name and the last six digits of your Social Security number to see if you have been affected by the breach.
Many people using this website have received error messages, perhaps due to the volume of people accessing it. Unfortunately, at this time, the results provided by the website can be vague and not necessarily reliable. Considering that the 143 million U.S. consumers affected represent 55 percent of the adult U.S. population over the age of 18, we recommend that you act as if your information was accessed as part of this data breach.
Details have been quite limited to date in terms of what specifically has been compromised, so until we learn more, it is best to plan for the worst and hope for the best.
YOUR NEXT STEPS
Free enrollment is being offered in the identity protection program TrustedID Premier, a three-bureau (Equifax, Experian and Trans Union) credit monitoring service run by…wait for it…Equifax. Many of the conspiracy theories tie back to here. Anyone can enroll in this program at no charge — regardless of whether their information was accessed — through Nov. 21, 2017. The “free” service is to run for a year. However, if someone uses your Social Security number 7 years from now to establish credit, the one year of service doesn’t help much.
A few things to keep in mind regarding this offer:
Credit monitoring services, such as the one being offered by Equifax, do not prevent thieves from stealing your identity. What they can do is alert you that your identity has been stolen and, in some cases, be helpful in recovering from identity theft.
Moving forward, attentiveness to your credit profile and monitoring of your personal information is more important than ever.
In conjunction with credit monitoring, consider placing a security freeze on your credit files. A credit freeze basically blocks all access to your credit files for anyone attempting an inquiry. If someone tries to use your information to establish a credit line, the company they are applying through will not receive your information, and therefore, will deny credit.
We highly suggest a credit monitoring service if you are not already using one. Personally, I use two of them, and will take up Equifax on their offer for a third through Trusted ID. My household also employs the services of ID Shield (a paid service) and Credit Karma (free, which means it comes with lots of advertisements). ID Shield also offers a comparative tool on their website to see a side by side comparison with seven other leading providers. At the very least, this will give you a solid feel for what is out there.
One important caveat to this is that typically, once a credit freeze is in place, you can’t sign up for a credit monitoring service, as that service will not have access to your files. The order in which you take these steps is important if you choose to do both, which is highly recommended.
The following are some frequently asked questions about security credit freezes:
What does a security freeze do?
A security freeze blocks potential creditors from seeing your credit file while it is in place. Therefore, an identity thief who has your information has no way of gaining new lines of credit because a creditor won’t issue one without being able to see your current credit score and file.
How do I put a security freeze in place?
You will need to notify four credit bureaus — Equifax, Experian, TransUnion and Innovis. This notification can typically be done online. Once completed, each bureau will provide you with a PIN to be used to unfreeze or “thaw” your credit file when you need to apply for new lines of credit.
Many states allow you to do this at no charge, but some states charge a nominal fee — typically up to $15 — for each credit freeze per bureau.
What is the advantage of a security freeze over a fraud alert?
A fraud alert is good for only 90 days, but can be renewed. Alternatively, you can get an extended fraud alert, which lasts for seven years.
When you have a fraud alert in place, lenders and service providers are expected to contact you for approval before issuing any new line of credit. A key point regarding fraud alerts is that lenders and service providers are supposed to receive your permission before granting new lines of credit in your name, but they are not legally required to do so.
What is the downside?
For things seemingly as simple as getting new cell phone service, providers will check credit. Every time you need to access credit, you will have to unfreeze – then refreeze – your credit.
The Equifax data breach is an unfortunate reminder of how valuable your data and personal information is, and an opportunity to revisit what you can do to protect yourself:
Consider requesting new credit cards with new numbers. Per the notes above, many credit card numbers were stolen, and a simple way to eliminate that concern is getting new cards. A minor pain to avoid potentially bigger issues down the road.
Do not send personal, confidential information, including your financial account numbers, Social Security number or passwords, through email. Regardless, always use an email encryption service.
Review your credit card and bank statements each month for any suspicious transactions or activity.
Most identity theft occurs via phishing emails in which the end user is tricked into clicking on links or providing information that allows fraudsters to gain access to accounts or personal information.
Use string passwords and don’t default to the same password multiple times. If you have a lot of passwords, this can be difficult. Consider using password management software.
For more general information about how to protect against fraud, we recommend visiting the Federal Trade Commission’s consumer information website.