Protecting Yourself in the Wake of the Equifax Data Breach

On September 7, 2017 the credit reporting agency Equifax announced that their systems had been breached. Over the next few days it became clear that the breach had gone on for several months, from May through July 2017, with an earlier, smaller breach in March 2017. Over145 million Americans discovered that their personal information and financial data - names, birthdates, addresses, credit card numbers, Social Security numbers, and in some cases driver's license numbers and dispute documents - had been accessed by hackers.

It soon came out that the CEO of Equifax had been infomed of the breach on July 29th, but did not inform the board until mid August.  Equifax did not announce the breach to the public until September 7th, nearly six weeks after they discovered it. (The CFO and two other high-level employees took advantage of this delay to sell their Equifax stock.) Equifax also took advantage of the delay to complete the purchase of a credit monitoring service company, ID Watchdog, on August 10th.  Knowing they had a major data breach, they knew there would be increased demand for credit monitoring services. Purchasing such a company also made their eventual offer of one year of free credit monitoring to those affected a much less expensive prospect.

The big question: How to protect yourself?

The hackers had access to data starting in May. They probably started selling the data almost immediately - and that data is now out there and could be used at any time in the future.  There is no quick fix, and you will need to carefully monitor your credit for years to come. 

There  are a few things you can do to help keep an eye on your credit:

1. Check your credit reports.  The Fair Credit Reporting Act ensured that you have the right to a free copy of your credit report every 12  months from each of the three major consumer reporting agencies (Equifax, Experian and TransUnion).  The best way to do this is through  Because you can get one free report from each agency, a good rule of thumb is to request one, then about four months later request from a second agency, and four months later from the third. That way you're checking each agency report once per year, but you're checking your credit every four months.

2. Place a Fraud Alert on your credit report.  Placing a Fraud Alert on your account requires financial institutions to take additional steps to verify the identity of anyone attempting to: open an account in your name, request additional cards on your account, or increase your credit limit.  You can still open a new account, request a loan, apply for a job, etc. with a fraud alert in place.

To set up a Fraud Alert, contact any of the three credit reporting agencies and request a fraud alert. The credit reporting agencies are required by law to notify the other agencies of your request, and they are required to place a fraud alert on your accounts as well. You will receive notification from them that they have done so.  A basic fraud alert lasts for 90 days, but can be renewed - so keep track of when you requested it, and be ready to re-request when that time is almost up. You can also set up an extended fraud alert for identity theft victims, which is good for seven years. 

3. Place a Security Freeze on your credit report. A Security Freeze restricts access to your credit report.  It prevents anyone (including you) from opening accounts, applying for loans, or getting employment or rental background checks done. Unfortunately, there are currently fees (which vary by state) for applying AND removing the security freeze. You would need to remove a freeze before applying for a car loan, or renting a new apartment, for example., then reinsate the freeze when that was complete.  A Fraud Alert may be a more user-friendly option to start with.

4. Review all statements for unusual charges, and don't ignore bills from companies you don't recognize.  Keep an eye out for any indication that someone is using your information fraudulently. Sometimes they will start with a small charge - if that goes unnoticed they'll try for more.  If you see anything usual, call the credit card company and check on it.

Bills from unknown sources could be from people using your information, so pay attention and contact the biller for more information. If it's not something you set up, contact the police and file  an identity theft report. Keep ALL documents related to any questionable charges. 

5. Get Credit Monitoring. You have the option of taking Equifax up on their offer of one free year of protection. The other credit monitoring agencies have their own recommended  monitoring services, and many companies, credit cards, and clubs offer a credit protection benefit.

For example, if you are a member of the American Automobile Association (AAA), you have access to a free subscription to basic credit monitoring services through  ProtectMyID Essential, which is connected to Experian. 

6. Change your passwords.  Always a good thing to do if there has been a data breach anywhere you have an account. It's always a good idea to change your passwords regularly, but after a breach is an especially good time to  do it! Keep an eye out for emails or other notifications that "you have requested to change your password", and make sure those were actually the ones you were changing.

7. File your taxes as soon as you have all your information. Scammers sometimes use a stolen Social Security number to file a false return and get your refund. Head them off by filing early.

There is almost no way to make yourself 100% safe from identity theft, but taking a few precautions such as those listed above can greatly improve  your odds.  At the very least, they help you catch it early so that the damage can be contained.

The Equifax breach is going to be affecting people for many years to come.

All Rights Reserved © ACORN.ORG