23 Tips to Prevent Identity Theft and Other Cyber-Scams after the Big Equifax Breach
Remember when you got your first credit card? So does Equifax, which also knows your name, Social Security number, and a whole lot of other very personal stuff. We’ve outlined what you need to know and do to protect yourself and your personal information going forward.
Equifax Breach 101
RHONA WISE/EPA EFE/REX/Shutterstock
Just when you were getting all excited because your credit score went up, THIS happened: 143 million Americans were impacted by a significant data breach at Equifax, which is one of the nation’s three major credit reporting agencies, says Seena Gressin, an attorney with the Division of Consumer & Business Education with the United States Federal Trade Commission (the FTC). The data that was leaked included:
- Social Security Numbers (SSNs)
- Birth dates
- Driver’s license numbers
- Credit card numbers
- Credit card dispute documents
It’s not the biggest data breach in recent cyber-history (that distinction goes to Yahoo), but it might feel to you like the most terrifying because:
- Equifax has your financial information, including your entire credit history, a record of every late payment you’ve ever made, every credit card account you’ve ever held, every car lease, every mortgage, every loan for which you’ve applied, the details of every dispute you’ve ever had with a lender, and any claims, liens, or judgments against you.
- As a storehouse of Americans’ financial and credit history, Equifax also holds a lot of very personal information that identifies you as you, including your full name, any aliases, your Social Security Number, your birthday, and potentially your driver’s license number.
- You didn’t even GIVE your information to Equifax, and yet they have it! Equifax receives your information from credit card companies, banks, and other lenders (Equifax compiles the information to come up with a credit rating for you).
- The information Equifax has about you can be used not only in deciding whether to give you a loan. Your credit report is one of the most essential pieces of a background check. If the info is wrong and to your detriment, it could mean that you don’t get the job or the apartment you want.
- Equifax is one of three major credit bureaus that compiles and warehouses this information. The other two, Experian and TransUnion, have not been hacked. “Yet,” some say, and they don’t mean to sound paranoid, just realistic.
- Although this event brings up legitimate concerns about privacy, identity theft, and identity theft protection, you cannot opt out of this information-compiling system unless you never want to lease a car, rent an apartment, and possibly get another job.
But try to remain calm. You’ve got this, especially now that you’ve got this handy outline of what you can do going forward to respond to this particular event, as well as a primer on how to prevent identity theft and protect your data and your money from wannabe thieves.
Was your data impacted?
Equifax created a dedicated website where consumers are theoretically able to learn whether they were impacted. That said, you’ll need to log in, which involves providing the last six digits of your Social Security Number (SSN).
“No big deal,” you might say, if you routinely give out the last four digits of your SSN. But there are a number of caveats to be aware of:
- Your Social Security Number is a nine-digit number, the first four digits of which are tied to where you lived when you (or your parents) applied for your number; the next two digits are a “group number” within the geographical location; and the last four digits are your serial number. Here’s more information about how much your SSN reveals about you.
- Since where you were born isn’t all that hard for cybercriminal to suss out, it’s really only the last four digits of your SSN that stand between you and all the problems you’re trying to avoid by reading this article.
- Equifax is not asking for the last four digits; they’re asking for the last six.
- Equifax was already hacked once. No, wait, they’ve actually been hacked more than once. We’re not saying that should make you wary of trusting Equifax with your information, especially since there’s nothing you can do about them having most of the information they have on you. We’re just saying that maybe you should consider their history of protecting your personal, identifying information before voluntarily handing over still more personal, identifying information.
- Every single person we spoke to who has handed those digits over to Equifax in the hopes of determining whether their data was compromised has received the same message, which we paraphrase here: “Maybe.”
A bankruptcy attorney in New York that we spoke to said he’d be shocked if Equifax would ever volunteer to an individual that his info had been hacked. “An individual who knows for certain his data’s been hacked can theoretically blame Equifax for almost anything that happens to him going forward, from getting a lousy rate on his mortgage to getting turned down for his dream job.” Leaving it as “maybe” leaves Equifax open to less liability. Here are the times you should never give your social security number out.
Therefore, perhaps you’d be better off simply assuming you were impacted and then taking the following steps.
Consider Equifax’s offer of a bundle of post-hack protective services
Equifax has offered free a package of services of post-hack protective services to all US consumers, regardless of whether they were definitely impacted. The package is offered under the name, TrustedID Premier, and includes:
- Credit monitoring through the three major credit bureaus, one of which is Equifax, itself, and the other two of which are Experian, and TransUnion (collectively, the “Big 3”). Credit monitoring is the process of periodically reviewing your credit reports for accuracy and changes that could indicate fraudulent activity. This is not a service unique to Equifax or TrustedID Premier, as discussed below in “Consider credit monitoring”).
- The ability to lock and unlock Equifax credit reports. Locking and unlocking credit reports so that lenders have no access to them (which also means that cybercriminals can’t open up accounts using your credit information) is traditionally known as getting a “credit freeze. It is not unique to Equifax as is discussed below under “Consider a credit freeze”).
- Identity theft (ID theft) protection services, which consist of the above, as well as internet scanning for the use of your SSN. This is not unique to Equifax’s TrustedID Premier service, as discussed below.
- ID theft insurance, which would help victims of ID theft resolve the resulting issues. This is not unique to Equifax’s TRUSTED ID Premier service, as discussed below.
This story of ID theft actually happened, and it’s chilling.
Understand the limits of TrustedID Premier
Everything TrustedID Premier can do for you can be done by you, yourself, or by another third party service. You need to understand that because when you contract for the TrustedID Premier service, you are agreeing to their terms of service, which include a binding arbitration clause and a class action waiver with regard to the services going forward (not with regard to the Equifax breach that already happened, as discussed immediately below). What these two provisions mean is that if you have a problem going forward, you can’t sue TrustedID Premier individually or as a member of a class action lawsuit.
You can sue Equifax
There has been quite a bit of noise on the Internet and around dinner tables regarding whether or not you have the right to sue Equifax in connection with the breach. The terms of Equifax’s website include binding arbitration and class action waiver clauses. As a result, many were under the impression that their legal remedies would be confined to arbitration. However, Equifax has now made a public announcement that it won’t enforce its arbitration and class action waiver clauses in connection with the existing breach. This means that you CAN potentially sue Equifax for damages specific to yourself as a result of the breach, or you can join a class action (many have been proposed already). Joining a class action precludes you from suing Equifax individually. If you’re interested in either, we advise you to consult an experienced attorney. And, well—sorry, not sorry—we can’t say “attorney” without offering up these hilarious jokes about attorneys.
Consider credit monitoring
Credit monitoring is the process of periodically reviewing your credit reports for accuracy and changes that could indicate fraudulent activity. Theoretically, all credit monitoring services monitor your credit card and identity activity around the clock, checking thousands of databases for misuse of your personal information and notifying you if there are any key changes to your credit report, a new application for credit, new inquiries from lenders, new account information, changes of address, and any other use of your identity (here are the secrets an identity thief doesn’t want you to know). By being notified of fraudulent activity, you have the opportunity to put a stop to it, including closing down fraudulent accounts and correct any credit report mistakes.
Equifax is offering credit monitoring free of charge for one year as long as you sign up by November 21, 2017. There will be a charge for the service after the first year. Only you will be able to decide if you’re comfortable enrolling in a service pursuant to which you’ll be giving Equifax access to the very information that was leaked during the existing breach. Instead of enrolling with Equifax, you monitor your credit yourself, and you can contract with a third party to do it for you. Both are discussed below.
Self-monitoring is the process whereby you monitor your credit reports on your own, without the help of an automated credit monitoring service. Under the Fair Credit Reporting Act (FCRA), you are entitled to a one free copy of your credit report every 12 months from each of the Big 3. To claim them all, you can visit this website, which is the one mandated by the federal government, or you can call toll free: 1-877-322-8228.
To stagger your credit monitoring activities, you can make a request every four months from each of the Big 3 individually. The contact information is as follows:
PO Box 740241
Atlanta, GA 30374
PO Box 9554
Allen, TX 75013
PO Box 2000
Chester, PA 19016
Some state laws provide for additional free credit reports from each credit-reporting agency. If you live in a state where you’re entitled to additional free credit reports, the self-monitoring process is more effective.
Of course, for self-monitoring to be the most effective, you need to remember to order your reports. These apps could help you stay organized, which will help you to stay on top of your credit-report requests.
Third party monitoring
create jobs 51/Shutterstock
If you don’t think you can stay on top of your own credit monitoring, and you’re not comfortable leaving it in the hands of Equifax (via TrustedID Premier), you can pay for a third party service. One option is to enroll with Experian or TransUnion for their paid credit-monitoring services. But if you’re willing to pay for a third party service, those which are independent of the Big 3 tend to track more sources and generally offer more comprehensive monitoring. Several consumers we spoke with have expressed an interest in signing up with LifeLock because it offers a variety of packages that include services such as privacy monitoring tools, lost wallet protection, monitoring of existing credit card and bank accounts, reimbursement for stolen funds, legal assistance in the event of ID theft, and scanning of court dockets for your name.
If this is stressing you out, take a breath and try these stress management tips.
Consider a credit freeze
The FTC recommends you consider initiating a credit freeze with all three of the Big 3 if you’re concerned you’re a victim of ID theft. A credit freeze prevents lenders and anyone else from accessing your credit information and prevents anyone else from opening new accounts using your name and identifying information. It doesn’t affect your credit score. And it doesn’t prevent you from self-monitoring, as described above, although if you’ve initiated a credit freeze, there is going to be little to monitor. Here’s what you need to know to get started with credit-freezing:
- Each of the Big 3 must be contacted separately. You can use the following toll-free telephone numbers:
- Freezing your credit carries a fee. Fees vary based on where you live, but commonly range from $0 to $10 (freezing is free in seven states). Various state laws also mandate free credit freezing for certain consumers, including those who are already ID theft victims. As noted above, Equifax is offering to freeze your credit free of charge (the offer will be open through November 21, 2017), so if you already paid for a security freeze with Equifax since the breach, you’re entitled to a refund. Equifax’s offer of free credit freezing does not extend to a freeze with TransUnion and Experian.
- Unfreezing: Credit freezes last until you lift them, except in a few states, where they expire automatically after seven years. If you need your freeze lifted, a credit reporting company must do so within three business days after receiving your request, although it might happen more quickly. Anything you do that requires a credit check will require that you un-freeze your files. These include:
- Applying for a credit card
- Applying for a job
- Renting an apartment
- Buying insurance
- You have to give up more information. Freezing will require that you supply to the reporting bureau your name, address, date of birth, SSN, and other personal information. That obviously may cause you some discomfort at this juncture.
- What freezing can’t do. Some people will still have access to your information notwithstanding a freeze. These include your existing creditors (and their debt collection agencies) and government agencies in response to a court order, search warrant, and the like. And freezing cannot prevent a thief from making charges to your existing accounts. You will still need to monitor your accounts for suspicious transactions.
OK, enough about credit freeze for the moment; let’s talk about brain freeze, shall we?
Instead of a credit freeze, consider a fraud alert
A credit freeze is “worth considering,” according to credit analyst, Matt Schulz, although it’s quite the “nuclear option.” If you don’t want to go quite that far in the wake of the Equifax breach, you can consider placing a fraud alert on your credit files. A fraud alert is a notice on your credit file that lets lenders know that they should take the step to contact you and verify your identity before approving you for new credit. A fraud alert is available at no charge to place on your report. You can opt for a 90-day alert (which is renewable), or for a seven-year alert. To place a fraud alert on your credit reports, contact one of the Big 3 (contact info as above); the company you call must tell the other credit reporting companies, who will, in turn, place an alert on their versions of your report.
This woman must wish there were a fraud alert for online dating services.