Equifax – one of the three primary credit bureaus – announced last Thursday, September 7th, that they were the victims of a massive cyber-attack spanning from May – July 2017. While cyber-attacks have unfortunately become more common in recent years, this attack is particularly notable as it is considered the largest breach of consumer data in US history, impacting approximately 143 million people in the US. The most sensitive of personal data was compromised in this breach including Social Security numbers, birth dates, addresses, driver’s license numbers, and it is believed that around 209,000 people had credit card information stolen.
Here’s Our View on the steps necessary to remain protected from the ramifications of a breach of this magnitude.
Check to see if you were affected
Equifax has set-up an online portal that allows individuals to check whether their personal data was compromised as part of the data breach – the web address for the site is as follows: https://www.equifaxsecurity2017.com/enroll/.
To check whether you were impacted, Equifax requires your last name and the last 6 digits of your Social Security Number – if you are uncomfortable providing this information to Equifax given the circumstances, you can call the company at 866-447-7559.
Despite the efforts Equifax is making to keep consumers apprised of whether they have been affected by the breach, there were early reports that the site is delivering inconsistent results to people who try to find out whether this information was compromised. For that reason, we recommend proceeding under the assumption that you were affected regardless of what Equifax has reported to you. Here are some steps you can take to protect yourself from a possible identity theft.
Sign up for credit monitoring
Equifax is offering free credit monitoring for a year as a result of this security breach; however, there has been confusion about whether enrolling for this service waives your right to participate in a class action suit that may come from this. Equifax has since clarified that the arbitration clause in the terms of agreement does not apply to the cybersecurity incident and that they have removed the language from the Terms of Use on their website.
Having said that, you understandably may be uncomfortable with free credit monitoring from the bureau that was hacked and may be willing to pay for an alternate service. We use EverSafe with clients as they allow us as your financial advisor to have access to the dashboard they provide you with and get alerts on any activity just like you receive – you may feel more comfortable with a second set of eyes on your credit. They have provided us with a discount code for clients to use which saves 20% off the published rate (https://www.eversafe.com/pricing.html). Please contact us for the discount code if you are interested in signing up for EverSafe.
Continue pulling credit reports
Unfortunately, the security threat Equifax has exposed you to will not simply go away after a year. If you decide not to proceed with credit monitoring after the initial year, we recommend pulling your credit report from www.annualcreditreport.com. A credit report should be pulled AT LEAST once a year, but for those more sensitive to the security concerns you can pull from a different agency (Experian, TransUnion, Equifax) every 3 to 4 months to monitor your credit year-round without being charged.
Place a fraud alert
At the very least you should consider placing a fraud alert with the credit rating agencies. Essentially, a fraud alert is intended to warn creditors that you may have been the victim of identity theft. It is free to set-up and lasts for about 90 days. You can set-up a fraud alert through calling the bureaus or following the links below:
Equifax – 1-888-766-0008
Experian – 1-888-397-3742
TransUnion – 1-800-680-7289
Innovis – 1-800-540-2505
Freeze your credit
If you prefer to take the most conservative path in response to this breach you may want to consider a credit freeze. A credit freeze makes it much more difficult to access your credit file or open a new account in your name. The catch? There is a cost to doing this ($10 at the most with each separate credit bureau) and it can be difficult for you to perform certain financial actions that typically require a credit report to be pulled (i.e. – opening new accounts, applying for loans, opening credit cards, etc.). You will receive a PIN from each credit bureau which you will need to temporarily unlock your credit report if you plan to perform any of these actions. To have a credit freeze placed on your files, you can call each credit bureau individually or follow the steps detailed in the following links:
Equifax – 1-888-766-0008
Experian – 1-888-397-3742
TransUnion – 1-800-680-7289
Innovis – 1-800-540-2505
Pay attention!
Be a little more diligent in monitoring your credit card and bank activity for the foreseeable future. Closely monitor your accounts for charges you do not recognize and be proactive in reporting any suspicious activity.
File your taxes early
Scammers have a history of filing fraudulent income tax returns using their victims’ Social Security numbers to get a refund by filing your taxes before you do. To the extent possible, try to file your tax returns as soon as possible to ensure the hackers do not beat you to the punch.
We understand that this can be a stressful time and we remain committed to ensuring our clients are comfortable and confident in the measures being taken to ensure they are as insulated as possible from the ramifications of this unprecedented breach. Please contact us with any individual or general questions you have – we stand ready to help!