There has been a lot of talk and confusion around the massive data breach of one of the three large credit bureaus, Equifax. Here is an article from the Washington Post describing it.
Equifax provides credit checks and credit monitoring services for millions of Americans. They have our most sensitive information such as names, addresses, social security numbers, past addresses, work history and more. All the best information for identity theft and credit card fraud. Usually when businesses have such an event, they will hire a company like Equifax to provide free credit monitoring service. Kind of ironic, huh?
I don’t want to do any victim shaming here. Let’s be clear, Equifax was subject to a criminal act. Whether they were breached due to some negligence on their part we will have to wait and see. What can and should you do to now?
Do not use the Equifax “Have I been affected” website
Equifax’s response when you enter information on their site is inconsistent. One time it will show you have not been affected, and the next time it will show that you “may” be affected. For example, I entered “Smith” as the last name and “111111” for the 6 Social security number digits and I was told that my fictitious “Smith” may have been affected. So I’m not sure this website is working totally correctly. Here is some additional information about this from security reporter Brian Krebs.
Do not sign up for Equifax’s Credit Monitoring Service TrustedID
Jury is out whether or not credit monitoring is even effective against fraud or identity theft. Its one more place you’re providing your information. And in this case, according to the terms of service, you’re forgoing any potential direct or class action litigation as a result- not a good look. Whether or not those terms are even enforceable legally is irrelevant. Don’t bother with credit monitoring.
Put a Security Freeze on your credit
This is most likely going to provide you the most protection against fraud and ID theft. What this does is lock out your credit scores from anyone requesting it, thus preventing an account being opened or information being accessed. The issue is that you have to contact each of the four credit bureau to do this. When you do need to get a loan or credit card, you have to manually unlock your credit once you know which credit bureau is going to be used for the check. There is also a small fee per bureau for this service. Equifax has a chart on the various fees and state laws. Here are websites for each credit bureau on freezing your credit:
The process was quick and painless and with the exception of Experion which requested some information be mailed to them, I was able to do all of them online- your mileage may vary.
Check your statements to catch any fraudulent activity. Be careful with calls to you asking for your social security number or other information. Ask them for a number to call back, search online to verify the number is legitimate and make the calls yourself. Watch out for emails pretending from being from Equifax, another credit bureau or other service claiming they can help. The links in their emails may not be legit, hover over them to see if they match the company name. Read our article on How to Spot a Phish for more detail.
Regardless of how the news shakes out, the above will help keep you safe. Nothing and nobody is perfect. We wish you safe computing.