In case you missed the news, Equifax has indicated that there was a data breach that may have affected 143 million consumers. At this stage it’s not clear who has stolen this data and Equifax’s site is of little use to determine if your data was actually stolen or not. A lot of readers have been asking what they should be doing in light of this. Here’s my suggestions, as always do your own research and implement a plan that works for you.
Contents
Pro-active Steps
Set Up A Fraud Alert
Fraud alerts are designed for people that are or could be the victims of identity theft. The aim of a fraud alert is to let those who are accessing your credit report know that there is an increased risk of fraud regarding your account. This allows them to take additional steps to verify your identity. There are multiple types of fraud alerts, at this stage I’d suggest it’s advisable to set up an initial 90 day fraud alert. You only need to set up a fraud alert with one of the three major credit bureaus know and they are required to let the other two know.
This can all be done online or by phone. For more information regarding add a fraud alert please read this post. Keep in mind that setting up a fraud alert will opt you out of pre-approved/screened offers by default as well. You can opt back in.
Set Up A Security Freeze
A security freeze is more significant than a fraud alert as it makes your credit report inaccessible. This means that nobody can open new accounts in your name (assuming the creditor pulls your credit report). When you set up a security freeze you will be provided with a PIN/password and this can be given to a creditor so they can still access your report (you can see what credit card issuers will accept a PIN for a frozen report here). The downside to security freezes is that they aren’t free unless you’re the victim of identity theft. The cost of a security varies by state, you can view the cost of implementing and lifting a security freeze for each state here. You can view how to implement a security freeze with each credit bureau here.
A security freeze isn’t necessary for everybody, but it’s important to know what your options are.
Set Up Credit Monitoring
If somebody has gotten access to the data that Equifax is indicating was breached it would be fairly easy for them to open up fraudulent accounts. By setting up credit monitoring you can be informed whenever a new account is opened. There are lots of free solutions available. For more information on the best & cheapest way to set up credit monitoring please read this post.
Set Up SSN Searches
Discover offers free social security alerts. This alerts you if your SSN is found on a risky website.
Enable Two Factor Authentication Where Possible
Reader Kashmoney rightfully pointed out that the information breached could also be used by attackers to reset passwords and access other accounts. One of the best ways to prevent this is by setting up two factor authentication (or multiple factor authentication). The idea behind two factor authentication is that accessing your account requires a second set of authentication besides a normal username and password. The most common way this is done is by requiring you to enter an access code sent to your phone.
Be Aware Of Fake Websites
Reader Jeff H has reported receiving spam e-mails for sites pretending to be Equifax. At the moment the only official Equifax site is:Â https://www.equifaxsecurity2017.com/, we know this is the correct website because www.equifax.com directs us here and it has been confirmed as legitimate multiple times by Equifax. This is a major news story and hackers are using people’s fear to try to get them to disclose their personal information.
Check To See If Your Data Has Been Breached
This would normally be the first thing you should do, but the Equifax site isn’t working properly currently (e.g fake details are showing as affected when they don’t exist). When it is working properly I’ll make sure to create a new post on the site to remind readers that they can now check to see if their information has been breached.
Create Accounts With The Social Security Administration and IRS
Good idea to do this before somebody else does it in your name. The websites you want are:
If you want to do this you’ll need to do it before you set up security freezes/alerts.
What To Do If You’re The Victim Of Identity Theft
If you become the victim of identity theft (e.g somebody opens an account in your name) then there are a number of other things you should do immediately. The government has a great website called IdentityTheft.gov. Rather than giving you the same advice I’d recommend just following the clear steps there instead.
Should You Sign Up For TrustedID?
As part of the data breach Equifax is providing a free one year of credit monitoring with TrustedID. This is a company owned by Equifax. An issue a lot of people have is that in the fine print of TrustedID it states by signing up you’re waiving your rights to abritration and class actions. Equifax has updated the https://www.equifaxsecurity2017.com/ website to state:
- In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.
WSJ is saying that only the terms are binding so the above statement is meaningless. I’m not a lawyer but my personal feeling is why should I trust Equifax & TrustedID again when they are the cause of the issue in the first place. Especially when there is other free monitoring available.
Final Thoughts
A lot of these things you should have in place regardless of whether your information has been accessed or not. I’m sure there are some things that I’ve missed, please let me and other readers know what they are in the comments below.
