On the off-chance you haven’t heard— maybe you were distracted by the horrifying natural disasters of Harvey, Hurricane Irma, or Mexico’s 8.1 earthquake— but Equifax was a man-made disaster affecting the data of 143 million Americans. Between May and July hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, from Equifax’s servers. They also stole credit card numbers from 209,000 of us. Equifax is one of the Big Three of the credit-rating agencies.
This data breach is especially egregious because Equifax reportedly learned of the breach on July 29 and waited six weeks before making it public, and three senior Equifax executives sold shares of the company worth nearly $2 million before the breach was announced. Moreover, we as consumers don’t choose to do business or share their data with Equifax; rather, Equifax (along with TransUnion and Experian) unilaterally collects financial data on consumers and supplies that data to potential lenders without a consumer’s approval or consent.
So, what to do now?
- Be wary of any emails you receive from Equifax that suggest you click on a link. Make sure the email actually comes from Equifax. There will be fraudsters who will develop an email that pretends to be from Equifax. The best thing to do, always, when you receive an email from any business that asks you to click on their link is to instead find the company’s website and follow any links you find there.
- Visit the Federal Trade Commission’s page at www.consumer.ftc.gov/blog/2017/09/… or, per item #1 above, google “Federal Trade Commission Equifax Data Breach”. Follow the instructions to discover if your information was disclosed to hackers.
- After you learn if your personal information was exposed you will receive an offer to sign up for one year of complimentary identity theft protection and credit monitoring service. If you do not already have such a service, it would be a good idea to take them up on their offer. If someone tries to take out a credit card or loan in your name you’ll find out about it immediately and early enough to manage the issue.
- Consider freezing access to your credit files. All three major credit bureaus — Equifax, Experian, and TransUnion — give you the ability to freeze your credit. The benefit is that most lenders will not offer a loan to anyone pretending to be you if they can’t check your credit first. The cost is $10 per service. Be aware that if you freeze your credit you must remember to unfreeze it temporarily if you apply for a mortgage or credit card, an auto loan, or sign up with a new utility company and the like. But it’s actually easy and fast to unfreeze your credit file.
- Equifax has changed it’s mind and says that you are not giving up your right to legal action if you take their offer of free credit monitoring. But if you are worried, there are several other companies that specialize in credit monitoring for a fee.
Some other tips for security
- Pick “strong” passwords for your online accounts, keep them secure. A strong password is one that is not easy to guess and generally uses eight or more characters that include symbols, numbers, and both capital and lowercase letters. A strong password should not use words found in a dictionary, or personal information such as a name or birthday. Make sure you secure your password and never share it via electronic messaging (such as e-mail or text messages) or over the phone.
- Take the time to two-step verification or “two-factor” authentication, if available. Two-step verification is a practical way to add more security to your account by requiring a second factor to your username and password sequence. With a two-step verification process, each time you attempt to log into your account from an unrecognized computer, the company sends a unique code to either your e-mail or mobile device. Before you can gain access to your account, you must enter this code and your password. This is not as hard as it sounds, and only happens when you use a new browser or computer.
- Add biometric safeguards, if available. Biometric safeguards may include fingerprint, facial or voice recognition, or iris scanning. These safeguards may be used with or instead of a password.
- Don’t use public computers to access your online accounts. Don’t use public computers that require you to enter personal information in order to gain access. Use a VPN if using free WiFi in a public place like a cafe or on a train.
- Be extra careful when clicking on links sent to you by email. You should always verify that e-mails containing links come from legitimate sources. Clicking on a malicious link could link to a website designed to trick you into providing sensitive account information that can be used to steal your money or identity, or cause malicious software (e.g., computer viruses, worms, Trojan horses, or spyware) to automatically infect your computer and allow fraudsters to obtain sensitive account information.