Equifax has stated its internal investigation determined no evidence of unauthorized activity on its core consumer or commercial credit reporting databases. However, the data accessed includes names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. In addition, credit card numbers were accessed for approximately 209,000 U.S. consumers and personal identifying information on documents for another 182,000 people.
Equifax has set up a website on which you can enter your last name and the last six digits of your Social Security number to see if you have been affected by the breach.
Many people using this website have received error messages, perhaps due to the volume of people accessing it. Unfortunately, at this time, the results provided by the website can be vague and not necessarily reliable. Considering that the 143 million U.S. consumers affected represent 55 percent of the adult U.S. population over the age of 18, we recommend that you act as if your information was accessed as part of this data breach.
Details have been quite limited to date in terms of what specifically has been compromised, so until we learn more, it is best to plan for the worst and hope for the best.
YOUR NEXT STEPS
Free enrollment is being offered in the identity protection program TrustedID Premier, a three-bureau (Equifax, Experian and Trans Union) credit monitoring service run by…wait for it…Equifax. Many of the conspiracy theories tie back to here. Anyone can enroll in this program at no charge — regardless of whether their information was accessed — through Nov. 21, 2017. The “free” service is to run for a year. However, if someone uses your Social Security number 7 years from now to establish credit, the one year of service doesn’t help much.
A couple things to keep in mind regarding this offer:
- Credit monitoring services, such as the one being offered by Equifax, do not prevent thieves from stealing your identity. What they can do is alert you that your identity has been stolen and, in some cases, be helpful in recovering from identity theft.
Moving forward, attentiveness to your credit profile and monitoring of your personal information is more important than ever.
For the best protection against identity theft, we recommend placing a security freeze on your credit files. A credit freeze basically blocks all access to your credit files for anyone attempting an inquiry. If someone tries to use your information to establish a credit line, the company they are applying through will not receive your information, and therefore, will deny credit. All residents of Indiana can request a credit freeze free of charge (see this link from the attorney general’s office for more information). If you live outside of Indiana, a modest $5-10 fee may be charged.
The following are some frequently asked questions about security credit freezes:
What does a security freeze do?
A security freeze blocks potential creditors from seeing your credit file while it is in place. Therefore, an identity thief who has your information has no way of gaining new lines of credit because a creditor won’t issue one without being able to see your current credit score and file.
How do I put a security freeze in place?
You will need to notify three credit bureaus — Equifax, Experian, and TransUnion. This notification can typically be done online. Once completed, each bureau will provide you with a PIN to be used to unfreeze or “thaw” your credit file when you need to apply for new lines of credit.
What is the advantage of a security freeze over a fraud alert?
A fraud alert is good for only 90 days, but can be renewed. Alternatively, you can get an extended fraud alert, which lasts for seven years.
When you have a fraud alert in place, lenders and service providers are expected to contact you for approval before issuing any new line of credit. A key point regarding fraud alerts is that lenders and service providers are supposed to receive your permission before granting new lines of credit in your name, but they are not legally required to do so.
What is the downside?
For things seemingly as simple as getting new cell phone service, providers will check credit. Every time you need to access credit, you will have to unfreeze – then refreeze – your credit.
The Equifax data breach is an unfortunate reminder of how valuable your data and personal information is, and an opportunity to revisit what you can do to protect yourself:
- Consider requesting new credit cards with new numbers. Per the notes above, many credit card numbers were stolen, and a simple way to eliminate that concern is getting new cards. A minor pain to avoid potentially bigger issues down the road.
- Do not send personal, confidential information, including your financial account numbers, Social Security number or passwords, through email. Regardless, always use an email encryption service.
- Review your credit card and bank statements each month for any suspicious transactions or activity.
- Most identity theft occurs via phishing emails in which the end user is tricked into clicking on links or providing information that allows fraudsters to gain access to accounts or personal information.
Use string passwords and don’t default to the same password multiple times. If you have a lot of passwords, this can be difficult. Consider using password management software. We published a recent blog post on the topic, which can be found here.