The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The company is already being criticized for this website because it doesn't really tell you if you have been impacted but simply tells you to register for the free monitoring service. (3 executives including the CFO are also under fire for selling over $1.8 million in company stock after the breach was discovered).
Unlike other data breaches like Target and Home Depot, not all of the people affected by the Equifax breach may be aware that they're customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.
Because some of your data was likely impacted, you should be extremely vigilant in monitoring all your financial data going forward. Here are 5 simple steps to protect yourself from the Equifax data breach.
Equifax is offering free monitoring for a year from their own subsidiary TrustedID Premier, which includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers. You can go to www.equifaxsecurity2017.com to sign up for free. (Note that the terms of use for the credit-monitoring service appears to require consumers sign away their right to sue Equifax. By waiving away their legal rights, consumers instead agree to mandatory arbitration, a tactic that has come under fire by consumer rights advocates as “rip-off clauses” because they bar consumers from banning together to sue in a class action.)
2) Put a free fraud alert or security freeze on your credit report
This is an easy and free service provided by all the major credit agencies. I do this myself after data breaches for peace of mind. Simply go online and fill out the form. This service lasts for 90 days but can be renewed free of charge. Just set up a reminder for yourself so you are fully covered. This will prevent others from opening credit cards in your name. Keep in mind that if you need a new credit card or loan, the application will get flagged because of this and you will need to talk to service representative to confirm your identity.
For a longer term lock, you can put a security freeze on your credit report. You have to do this with each credit agency. You can call or do it online:
- Equifax — 1-800-349-9960
- Experian — 1‑888‑397‑3742
- TransUnion — 1-888-909-8872
3) Check and monitor your statements
This one is the obvious one. Check your credit card and bank statements for any fraudulent activity. Look for any suspicious purchases and any activity that you didn't authorize. Given today's technology, credit cards like Amex offer real time alerts on your phone via text or apps. You can setup alerts at certain thresholds like transactions more than $500 or you can see every charge that is made on your credit card.
4) Don't over share on social networks
This is a difficult thing for people as we tend to post everything on Facebook, Instagram, Snapchat and Twitter. Over sharing makes it easier for identity thieves and they have easy access to your information if you aren't careful. First and foremost, don't post your birthday or hometown online. At the very least, tighten your privacy settings. The less you share, the safer you will be. Keep in mind that social network users have a higher incidence rate for identity theft than the national average. In Javelin's 2012 Identity Fraud Report, LinkedIn users were twice as likely to report identity theft.
5) Use strong and unique passwords
Data suggests that between 31% and 65% of people use the same password at multiple sites. This is a major problem because if your username and password are compromised at one website, cybercriminals use automated means to test your credentials against other unrelated websites (a.k.a. credential stuffing.) This means a single hacked password could lead to a cybercriminal potentially taking control of your email account and online bank accounts.
Most people do not use complex enough password and a shocking 17% of people use the password “123456” – don't do this! By using a password manager, you can easily implement the use of unique, highly complex passwords for every one of your accounts. That means you can use a 16-character password like @2a&AY8mePu8HU@H for logging into your email account and a completely different password for shopping at Amazon.com. A password manager requires you to remember a single master password (DO NOT LOSE this password!) and can sync across all of your Windows, Mac, Android, and iOS devices. I'm using LastPass, and I highly recommend it.
Don't become a victim of identity theft. Take these simple steps to start protecting yourself today. If you have any additional tips, please leave them in the comment section below.
Additional Reading
- 5 Tips to Keep Thieves Out of Your Bank and Brokerage Accounts
- 7 Things To Do Right Now Because Your Personal Data Is Under Attack
- 3 Steps to Protect Your Brokerage Account From Cybercriminals
Header photo from Unsplash Markus Spiske