Editor’s note: This post was updated on September 14 to reflect the most current information on this developing story.
On Thursday, September 7, Equifax reported a breach of its computer systems in which the information of up to 143 million consumers was compromised.
Equifax has published a web site where consumers can go and determine whether or not their personal information might have been affected. Our testing of this site has revealed that if, after entering your last name and the last six digits of your Social Security Number (SSN), Equifax reports that your information may have been compromised, you are given a future date on which Equifax will allow you to enroll in a one-year credit monitoring program. You need to take additional steps to complete the enrollment with their company, TrustedID, but cannot do so before the date indicated.
Equifax responded to social media backlash regarding unclear language in the terms and conditions that seemed to indicate that enrolling in credit monitoring may result in waiving your rights to participate in a class action lawsuit (one of which has already been filed). They have stated that consumers do not waive their rights to take legal action if they sign up for TrustedID.
Equifax also faced criticism regarding the way Personal Identity Numbers (PIN) were generated for security freezes. They have since implemented a system so that a PIN number is now randomly assigned, which is more secure than the previous method.
Some steps you can take to help protect yourself against this and other similar breaches are:
Put a Credit Freeze in Place
This restricts access to your credit report, which makes it more difficult for anyone (including you) to open any new financial accounts in your name. This is the best way of protecting yourself from identity theft, and one that we strongly suggest. However, there are some important caveats:
- For it to be most effective, you should process the freeze with all four (yes, four) credit reporting agencies (Equifax, Experian, TransUnion, and Innovis). Most people know about the first three but the fourth, Innovis, is lesser known. It is a smaller agency but, because it is a repository of consumer information, you might want to consider not ignoring it in this exercise.
- Each agency will assign you, or ask you to create, a PIN that you will use to unfreeze your credit report when desired. (Be sure to keep this PIN for your records.)
- There may be a nominal cost (usually $5) with each agency to freeze, unfreeze, and/or re-freeze your credit report.
- If you need to apply for credit or open a new financial account, you have to remember to remove the freeze. Best practice is to ask the bank or vendor in advance which credit agency they use so that you can remove the freeze temporarily with only that agency (rather than having to do it with all four).
- See our previous blog post on this topic for more details.
Consider Signing Up for Credit Monitoring
Credit monitoring services alert you to various attempts to use your SSN to open, access, or change financial accounts. There is usually a monthly fee for this service, and each of the three credit reporting agencies offers it, as do independent companies like LifeLock, IdentityForce, or IDShield.
Check Your Credit Report
We recommend that clients check their credit reports at least once a year and/or after you have been notified of any security breaches. Federal law mandates that all US consumers can access a free copy of their report from each of the three agencies once per year. You can do this at each bureau’s web site or by using the only consolidated site authorized by the government (www.annualcreditreport.com).
Maintain and Manage Your Passwords
- Change your passwords to email and financial sites, and change them regularly.
- Use strong, complex passwords (at least ten to twelve digits in length, with a combination of upper and lower case letters, numbers, and special characters if allowed).
- Consider using a secure password manager like LastPass, Dashlane, or 1Password.
- Use dual-factor (also known as two-step) authentication login processes whenever offered.
Beware of Email Phishing Scams
Whenever there are well-publicized breaches, you can be certain they will be followed by emails from scammers trying to get you to think they are offering protection or information. Most government and financial institutions will never ask for personal information via email (Equifax has already said that it is going to send notifications only by US mail to customers whose credit card information was compromised in this latest breach). Always be wary of emails that contain attachments or links in them. Hover your mouse cursor over any links in emails to see where they really lead (no matter what the link is named).
Closely Monitor Your Credit Card and Bank Account Activity
Review your credit card and bank account activity online or closely watch your statements for fraudulent activity and immediately report or dispute any that are not authentic.
Consider Purchasing Cyber Security and/or Identity Theft Insurance
There are now insurance products on the market that provide coverage in the event you are a victim of identity theft or cyber fraud.
The JDJ team stands ready to answer questions and assist our clients with any of the services described above.