The Equifax Hack: What You Should Do Now
Signing up for credit monitoring, freezing your credit report, and other steps you should take to protect your information.
By now you’ve probably heard the news…
Equifax, one of the three major credit bureaus, announced yesterday that its databases were hacked and that consumer information affecting as many as 143 million Americans was compromised. Based on the company’s own investigation into the incident, the hack was said to have occurred between mid-May and July of this year.
The information that hackers stole was primarily names, social security numbers, birth dates, addresses, and driver’s license numbers. However, Equifax also reports that “credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
In short, this is bad. In terms of both the number of people impacted and the sensitive nature of the data that’s been stolen, it’s basically unprecedented.
“Frankly, to me, this is probably the most frightening data breach that we’ve ever experienced,” says lawyer, author, and identity theft expert Steve Weisman (@Scamicide).
We’re not telling you that you shouldn’t be worried. You should be.
“The information that was taken from Equifax is especially problematic because it provides much more access than just stolen credit card numbers or bank accounts,” says Justin Lavelle(@Justin_Lavelle_), Chief Communications Director of BeenVerified.com (@BeenVerified), a leading online background check platform.
“The information taken from Equifax is basically your financial packet and all of the information that may be used to access retirement funds and bank accounts. Those are things that current credit monitoring doesn’t watch.”
But there are steps that you can take to help your identity safe.
Here’s what you should do.
Check to see if your information was stolen.
Equifax is understandably scrambling right now. But they are taking steps to help out the people affected by the breach. The company has set up a website, www.equifaxsecurity2017.com, where you can check to see if your information was compromised.
They’ve also set up a dedicated call center that can be reached at (866) 447-7559 seven days a week between 7:00 am and 1:00 am EST. But be warned: There are reports from people who’ve tried calling that the experience has been … less than stellar.
The site also asks you to enter the last six digits of your social security number in order for them to determine your status. The irony has escaped approximately no one.
Still, you should go to the website and check.
As for the people who had their credit card and other financial information stolen, Equifax reports that they “will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.”
Look into TrustedID and other forms of credit monitoring.
Equifax is offering people affected by the hack a free year of their TrustedID Premier program, which offers credit monitoring from all three bureaus, as well as free Equifax credit reports; identity theft insurance, and the ability to lock and unlock your Equifax credit reports, among other features.
Signing up for this service is a good way to keep on top of your financial data. There are many different credit monitoring services out there, but this is the only one where you’ll be able to get a whole year for free.
“The concern from some victims of the massive Equifax breach is that the offer being made by the company includes terms and conditions which would limit their rights in court,” says Robert Siciliano (@RobertSiciliano), CEO of IDTheftSecurity.com.
“Identity theft victims shouldn’t have to choose between getting the protection they need and the day in court everyone deserves. Equifax should seriously consider the concerns of these victims and consider modifying the terms of service accordingly. ”
We’re not telling you what to do. But signing up for some kind of credit monitoring is strongly recommended.
Request a credit freeze.
A credit freeze puts your credit report on lock and prevents any loans or lines of credit from being opened. The only way to open a new account is to remove the freeze.
According to Weisman, a credit freeze is the best way to prevent hackers from improperly using your financial data. And while credit monitoring is still important, Weisman points out that monitoring only lets you know sooner that your identity has been stolen. A credit freeze actually lets you prevent it from happening.
“If you’re crossing the street and you get hit by a truck,” says Weisman, “and someone comes out and tells you ‘Guess what? You just got hit by a truck.’ It’d be a lot better if they prevented the truck from hitting you instead of telling you sooner.”
Signing up for TrustedID Premier through Equifax will allow you to freeze (or “lock”) your credit.
Watch out for phishing emails.
Even if your financial information wasn’t stolen, the other info obtained by the hackers could still help them get their hands on it.
How? By helping them craft targeted “phishing” emails.
These are messages from fake email accounts that look super similar to email addresses from friends and websites that you actually click on. These emails contain a link that, when clicked, infects your computer with malware. The malware then steals your usernames, passwords and credit data.
Because of the hack, we should all be extra cautious and on the lookout for phishing scams. To learn more, check out our blog post: Don’t Let a Phishing Scam Lead to Bad Credit!
Regularly monitor your accounts.
How often do you pop into your bank or credit card accounts online to look for any unusual activity? Once a month? Once a week? Daily?
Well, whatever your current rate is, double it. Even though you won’t be able to see any new accounts that hacker might have opened, the power to keep track of activity on your current accounts is totally yours.
Another thing you can do is regularly check your credit reports. If a new account has been opened in your name, your report will let you know. It’s not as good as credit monitoring, but it is far, far better than doing nothing at all.
And here’s some good news: You can get copies of your credit report for free! Equifax, TransUnion, and Experian, the three major credit bureaus, are all required by law to give you one free copy of your credit report per year. If you space them out, that works out to one free report every four months.
To request a free copy of your credit report, just visit www.annualcreditreport.com.
Lavelle also suggests that you run a background check on yourself to see if anything weird pops up:
“Run a background check on yourself, ensure all the information is correct. If your name is connected with unknown associates or a number of incorrect relatives, then that could be a sign of a larger problem. Likewise, ensure your current and past address information is accurate and that no criminal infractions are attached to your name. If you notice a high number of irregularities, then further research may be needed to ensure no other person is utilizing your details.”
Beef up your financial security.
Nick Santora is the CEO at Curricula (@Curricula), a cyber security training company that teaches employees how not to get hacked. He has four great tips for keeping your sensitive information accounts safe from harm:
- “Protect any of your financial accounts with strong passwords. That means something that isn’t a plain dictionary word and your birthdate. Think of your passwords like the keys to your house. Protecting your financial accounts is a priority. Any account that has access to financial information, social security number, addresses, etc. should be well protected.”
- “Use multi-factor authentication to protect these accounts whenever possible. Yes, it might seem annoying to have to take an extra second to log in to these accounts, but are you annoyed that you have a lock on your house or car door? Probably not, so why would you be annoyed with protecting your entire life’s financial assets?”
- “Don’t email sensitive information. If you are ever asked to email sensitive information, don’t. Social security numbers and other privileged account information should never travel via email.”
- “Lastly, your information is in the hands and trust of others. We trust the originations that we work with that they have secure practices and their employees follow those practices. Security awareness training helps employees prevent security breaches due to human error and can help educate businesses on the risks to their customers and businesses.”
Know the signs of identity theft.
If you’re going to keep watch over your identity, then you need to know what danger signs to look for. Safety expert Sage Singleton from Safewise (@SafeWise) says that you should keep an eye out for the following:
- “You are denied for credit cards or financing and you know you have good credit. This signifies your credit may have been damaged already.”
- “You receive statements for accounts you did not open. Someone may have opened faulty accounts in your name.”
- “You receive collection notices for things you do not recognize.”
- “You notice suspicious activity on your credit and debit card. If you notice strange charges, immediately call your bank to see what is going on.”
- “You do not receive your regular bank statement. Criminals may change your address so you don’t receive your financial statement. If this does not come via mail or email, talk to someone at your bank immediately.”
If you do discover that your identity’s been stolen, Singleton says that you should file a police report and alert your bank and credit card companies. If you have an active card, she advises that you “tell them to suspend or cancel your card until you can get to the bottom of the problem.”
You should also visit IdentityTheft.gov, a website maintained by the Federal Trade Commission (FTC). If your identity’s been stolen, they’ll walk you through what to do next.
This Equifax hack is bad. But it’s also just the beginning. As breaches like these become a more regular part of everyday life, so will the steps we take to combat them. Get a head start now so that you can stay one step ahead later.
|Justin Lavelle (@Justin_Lavelle_) is a Scams Prevention Expert and the Chief Communications Officer of BeenVerified.com (@BeenVerified). BeenVerified is a leading source of online background checks and contact information. It helps people discover, understand and use public data in their everyday lives and can provide peace of mind by offering a fast, easy and affordable way to do background checks on potential dates. BeenVerified allows individuals to find more information about people, phone numbers, email addresses and property records.|
|Nick Santora is the CEO of Curricula (@Curricula), which helps teach organizations how to not get hacked. Curricula delivers short animated stories through their cyber security awareness training platform. Nick spent 7 years as a cyber security advisor for the agency that regulates our nation’s power grid.|
|Robert Siciliano (@RobertSiciliano) is a #1 Best-Selling Author and CEO of IDTheftSecurity.com. IDTheftSecurity.com is funny, but serious about teaching you and your audience fraud prevention and personal security. Robert is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure. Your audience will walk away as experts in identity theft prevention, online reputation management, online privacy and data security.|
|Sage Singleton (@SafeWise) is a safety expert for SafeWise. She enjoys teaching, individuals, families and communities about safe home and lifestyle habits. In her free time, she enjoys wedding planning, traveling and learning French.|
|Steve Weisman is a lawyer, college professor at Bentley University and author. He is one of the country’s leading experts in identity theft. His most recent book is “Identity Theft Alert.” He also writes the blog Scamicide.com (@Scamicide) where he provides daily updated information about the latest scams and identity theft schemes.|