Equifax’s recent announcement regarding a massive breach of consumers’ personal and financial information has many of us panicking about what to do next. The news that as many as 143 million customers may have had data such as their birth date, Social Security number, driver’s license, address and/or credit or debit card information fall prey to hackers demonstrates the enormity of the problem. Surprisingly, even though this is the largest known hack this year, there have been 975 other breaches thus far in 2017 according to the Identity Theft Resource Center — an increase of 23% over 2016. One thing is clear: if consumers took steps to protect their finances before the recent breach, they are now in a better position to protect themselves against the fallout from the hack. We can’t change the past but we can certainly plan for the future.
Here are some tips on how you can protect yourself and your family.
What can be done to address the fact that nearly half of Americans’ personal information may have already been exposed to criminals? First, understanding when the breach occurred is important. Equifax discovered the hack in late July of 2017, which is said to have started in mid-May. Consumers were then informed about the issue in September—weeks after it was discovered.
Upon learning of the breach, many consumers contacted the credit bureaus to request an immediate credit freeze. And if they were not planning on using their credit again—to apply for a credit card, home mortgage, home equity line of credit, car loan or any other type of loan—this might have been prudent. In seeking a credit freeze, the consumer should contact each of the three credit bureaus, individually. Some of them will allow you to freeze your credit via telephone or online. There may be a fee to file the credit freeze, which varies by state, although Equifax has announced that they will waive this fee for a limited time.
Other consumers have taken the step of filing a fraud alert with the credit bureaus. This less restrictive option shows on one’s credit report, and businesses issuing credit are required to obtain proof of identity anytime they encounter this alert. These alerts, which last for 90 days, are free of charge. Any credit bureau that is notified about the alert is required to contact the other two bureaus regarding the alert.
A credit alert and credit freeze may not undo previous damage due to exposure
It’s important to note that if a consumer’s data was exposed in May of 2017 and remained accessible to hackers until the breach was discovered in late July, it’s possible that there may already be damage that won’t be resolved by a credit freeze or an alert. If fraud and identity theft monitoring was in place before the breach, it’s likely that the consumer was notified if there was suspicious activity affecting their financial accounts and/or their credit report. If not, then this type of service should be seriously considered going forward. A comprehensive monitoring platform should provide a daily analysis of a consumer’s financial accounts, credit cards and credit report data for erratic transactions as well as signs of identity theft on the dark web. Hackers often target consumers’ bank and investment accounts and credit cards, and their activity may never affect that victim’s credit report.
Please refer to the following link for more information on how to file a credit freeze or fraud alert:
Here are some other recommendations on actions to take now!
Check for new account openings in your name and changes to existing accounts.
There are three major credit reporting agencies, also called credit bureaus, in the United States: Equifax, Experian and Trans Union. Under federal law, you may request a free copy of your credit report once a year. You can obtain and review this report to determine whether there are any credit-based accounts that have been opened in your name. You can request your free credit report at www.annualcreditreport.com.
Credit monitoring services will not typically inform you about the opening of unauthorized financial accounts that do not involve a loan or credit line (e.g. auto loan, credit card, mortgage, home equity line of credit). For this reason, it’s a good idea to use a service that includes monitoring of direct deposit accounts to verify there are no unauthorized accounts opened in your name and that no changes have been made to your existing accounts.
Monitor for the sale of your personal information on illicit web sites.
Once you have reviewed your credit reports for past suspicious activity, you should plan for the future. Although there may be no signs of fraud or identity theft in your accounts now, exploiters may still have information that could be used to victimize you in the coming weeks, months or years. To monitor your credit report(s) and consumer report for new inquiries, the opening of new, unauthorized accounts and changes to existing accounts, sign up for a service such as EverSafe (www.EverSafe.com). Since fraud may occur in your existing financial accounts (i.e. bank accounts, credit cards, investment accounts) that never appears in your credit reports, it’s critical to monitor these on an ongoing basis as well. You can do that by carefully reviewing your statements as they come in at different times of the month. Ideally, you should review all transactions daily and utilizing a service such as EverSafe to see what the human eye may miss.
Lastly, you should utilize a service that monitors for the appearance of your personal information on illicit web sites, as well as other data sources, such as the National Change of Address database and court records, among others. For folks who may not understand the alerts or who would like an “extra set of eyes” to help detect erratic activity, the designation of one or more trusted individuals to receive alerts with the consumer, can be very helpful. Finally, if a consumer plans to enroll in a fraud and identity monitoring service and also wishes to file a credit freeze, it is important to file the credit freeze after enrolling in the monitoring service so the monitoring service is not blocked from verifying your identity.
Opt-out of websites that sell your data.
In addition to the illicit data bases which may be selling your personal information, there are “legitimate” data bases which sell your information for marketing or other purposes. Exploiters may combine information from the illicit databases along with the legitimate databases to form a more complete picture about you. Please refer to https://www.eversafe.com/resources-list/ for a list of legitimate websites you may want to visit to opt out of these marketing offers.
No fraud and identity theft prevention strategy is completely foolproof. But with some basic advance planning involving adherence to these guidelines, you’ll be in a better position to protect yourself in the event of a data breach.