In case you missed the news, Equifax has indicated that there was a data breach that may have affected 143 million consumers. At this stage it’s not clear who has stolen this data and Equifax’s site is of little use to determine if your data was actually stolen or not. A lot of readers have been asking what they should be doing in light of this. Here’s my suggestions, as always do your own research and implement a plan that works for you.
Contents
Pro-active Steps
Set Up A Fraud Alert
Fraud alerts are designed for people that are or could be the victims of identity theft. The aim of a fraud alert is to let those who are accessing your credit report know that there is an increased risk of fraud regarding your account. This allows them to take additional steps to verify your identity. There are multiple types of fraud alerts, at this stage I’d suggest it’s advisable to set up an initial 90 day fraud alert. You only need to set up a fraud alert with one of the three major credit bureaus know and they are required to let the other two know.
This can all be done online or by phone. For more information regarding add a fraud alert please read this post. Keep in mind that setting up a fraud alert will opt you out of pre-approved/screened offers by default as well. You can opt back in.
Set Up A Security Freeze
A security freeze is more significant than a fraud alert as it makes your credit report inaccessible. This means that nobody can open new accounts in your name (assuming the creditor pulls your credit report). When you set up a security freeze you will be provided with a PIN/password and this can be given to a creditor so they can still access your report (you can see what credit card issuers will accept a PIN for a frozen report here). The downside to security freezes is that they aren’t free unless you’re the victim of identity theft. The cost of a security varies by state, you can view the cost of implementing and lifting a security freeze for each state here. You can view how to implement a security freeze with each credit bureau here.
A security freeze isn’t necessary for everybody, but it’s important to know what your options are.
Set Up Credit Monitoring
If somebody has gotten access to the data that Equifax is indicating was breached it would be fairly easy for them to open up fraudulent accounts. By setting up credit monitoring you can be informed whenever a new account is opened. There are lots of free solutions available. For more information on the best & cheapest way to set up credit monitoring please read this post.
Set Up SSN Searches
Discover offers free social security alerts. This alerts you if your SSN is found on a risky website.
Enable Two Factor Authentication Where Possible
Reader Kashmoney rightfully pointed out that the information breached could also be used by attackers to reset passwords and access other accounts. One of the best ways to prevent this is by setting up two factor authentication (or multiple factor authentication). The idea behind two factor authentication is that accessing your account requires a second set of authentication besides a normal username and password. The most common way this is done is by requiring you to enter an access code sent to your phone.
Be Aware Of Fake Websites
Reader Jeff H has reported receiving spam e-mails for sites pretending to be Equifax. At the moment the only official Equifax site is:Â https://www.equifaxsecurity2017.com/, we know this is the correct website because www.equifax.com directs us here and it has been confirmed as legitimate multiple times by Equifax. This is a major news story and hackers are using people’s fear to try to get them to disclose their personal information.
Check To See If Your Data Has Been Breached
This would normally be the first thing you should do, but the Equifax site isn’t working properly currently (e.g fake details are showing as affected when they don’t exist). When it is working properly I’ll make sure to create a new post on the site to remind readers that they can now check to see if their information has been breached.
Create Accounts With The Social Security Administration and IRS
Good idea to do this before somebody else does it in your name. The websites you want are:
If you want to do this you’ll need to do it before you set up security freezes/alerts.
What To Do If You’re The Victim Of Identity Theft
If you become the victim of identity theft (e.g somebody opens an account in your name) then there are a number of other things you should do immediately. The government has a great website called IdentityTheft.gov. Rather than giving you the same advice I’d recommend just following the clear steps there instead.
Should You Sign Up For TrustedID?
As part of the data breach Equifax is providing a free one year of credit monitoring with TrustedID. This is a company owned by Equifax. An issue a lot of people have is that in the fine print of TrustedID it states by signing up you’re waiving your rights to abritration and class actions. Equifax has updated the https://www.equifaxsecurity2017.com/ website to state:
- In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.
WSJ is saying that only the terms are binding so the above statement is meaningless. I’m not a lawyer but my personal feeling is why should I trust Equifax & TrustedID again when they are the cause of the issue in the first place. Especially when there is other free monitoring available.
Final Thoughts
A lot of these things you should have in place regardless of whether your information has been accessed or not. I’m sure there are some things that I’ve missed, please let me and other readers know what they are in the comments below.
Looks like the TrustedID website is down since two days. No chatter in the news as well. can anybody confirm the same ?
The link to the IRS has an ALERT that they are not accepting new users. Any idea when this will reverse?
I notice this was posted 9/10. I looked at the Equifax page to check if I’ve been affected, and that posted page was dated 9/20. It told me I was not affected. Is there any update as to whether this is reliable or not? Thank you so much.
Would it be possible to move section 1.8 (set up accounts with SSA and IRS) up to the top, before section 1.1 (create fraud alert) please? Anybody that goes down the list step by step will not be able to create their SSA / IRS accounts, because the fraud alert will prevent it from working. Thank you for the write-up.
I thought the DoC article indicated free freeze option for LIFE. I failed to find a valid link to make such an arrangement.
I am unsure ya or ney about doing so since Equifax is the service with the least HPs I have amoung the three major services. Still, I would appreciate the information for my sister who has had to do some freeze and thaw due to a family member in her family.
Does anybody know which credit bureau does SSA.gov pull? I followed the post step-by-step, so I froze my credit reports first made me not able to create account at ssa.gov.
Will – It is all your fault :D, seriously, thanks for the write-up.
BTW: do we need to freeze report from the one USBank likes to pull? I can’t remember the name out of the top of my head.
Both IRS and SSA pull Equifax
Another thing one should do because of the Equifax breach is to contact customer support on all bank accounts, utility bill accounts, cell phone bill accounts, and any account that is important, and ask them if you can set a password or a PIN solely for the purpose of contacting customer support; this password is not the same password you would use to log in to your account online. This would prevent someone who has your SSN, DOB, address, full name and any other information that may have been breached in the Equifax incident from calling support, pretending to be you, and modifying your accounts.
Once a password/PIN is set, in the future, when someone calls customer support, they will ask what the password/PIN is before they will access the account. Please note: Not all companies, banks, etc. support this feature. Another form of authentication for calling customer support is voice recognition technology. If your bank supports voice recognition, be sure to turn that feature on in addition to setting the password/PIN for 2 factor authentication.
Excellent advice. Thank you !
I’ve been doing this for years on all our bank accounts. When I go to bank drive thru where the tellers recognize me, they still ask for the verbal password I set when I ask them to write my current balance on my receipt. I’ve also tested this via phone calls asking for my current balance and there is a prompt on their screen asking for my verbal PW. DH is the only other person that knows our verbal PW and it has not be written anywhere. There is a POD annotation on all our accounts in case both of us die at the same time so our adult kids can get whatever balance is on our accounts.
Warning: once you have frozen your credit reporting agency accounts, you can’t create a new account with the IRS!
All three freezes (TU, Experian, Equifax) were free for me this morning (in CO).
Question: will these freezes ALWAYS affect my ability to rapidly start a new checking or savings account? I know banks can do a soft or hard pull, and surely either kind of pull will not work if the accounts are frozen.
So presumably if I want to open a new checking account, I should first do a temporary lift of the freeze, then open the account. But is it necessary to lift the freeze with all three of the big agencies?
you won’t be able to do anything until your credit is unfrozen.
they will get you on the fees once you unfreeze
Just FYI, freezing Innovis is free for all. Freezing Chex online was somehow also free for me even though my state makes me pay $10 to freeze/thaw the big 3.
Check out this thread on Twitter on what to do in the case of ID theft.
https://twitter.com/patio11/status/906384638733467648