By now, many of you have heard of the Equifax breach and may be one of the estimated 143 million American consumers, or roughly 55% of Americans age 18 and older whose vital personal identification information was exposed. According to Equifax, the breach lasted from mid-May through July and hackers accessed people’s names, SSNs, dates of birth, addresses, and driver’s license numbers. Equifax has faced widespread criticism following its delayed disclosure of the hack, both for the breach itself and for its response.
Has my information been leaked?
Equifax has set up a website, www.equifaxsecurity2017.com, where consumers can check if they've been affected by the breach. Once on the site using a secure computer and encrypted network, click on the button "Potential Impact" at the bottom of the main page and then click on "Check Potential Impact," where you will be asked to provide your last name and the last six digits of your Social Security number.
Equifax has stated that regardless of whether your information may have been affected, everyone has the option to sign up on the website for one free year of credit monitoring and identity theft protection. You can do so by clicking the "Enroll" button at the bottom of the screen and go through an enrollment process.
It was previously understood that enrolling in the free year of credit protection meant that consumers gave up the right to join any class-action lawsuit against Equifax and agreed to be bound by arbitration. An Equifax spokesperson has since stated that the binding arbitration clause related only to the one year of free credit monitoring and not the breach itself; Equifax has since removed that language from its site
What steps can I take to protect myself?
This breach has far reaching implications and we highly recommend that you monitor your own personal information and be vigilant against identity theft. Below is a sample of best practices:
Fraud alerts: Your first step should be to establish free 90-day fraud alerts with the three major credit reporting agencies and your credit and debit cards. You will then be alerted if someone tries to establish credit in your name. Though the fraud alerts are only good for 90 days, you will have the option to do another fraud alert upon the completion of the 90 days. It’s best to confirm with the agency you requested whether they will notify the other credit reporting companies of your fraud alert request.
Credit freezes: A credit freeze will lock your credit so that only companies you already do business with will have access to them. Thus, if a scammer at a distant bank tries to apply for credit in your name using your address and Social Security number, the bank won't be able to access your credit report. A credit freeze won't prevent a scammer from making changes to your existing accounts however. Equifax announced that it would waive all fees for the next 30 days for credit freezes starting September 12. If you want to apply for credit with a new financial institution in the future, or you are opening a new bank account, applying for a job, renting an apartment, or buying insurance, you will need to unlock or "thaw" the credit freeze.
Credit reports: You can obtain a free copy of your credit report from each of the three major credit agencies once every 12 months by requesting the reports at www.annualcreditreport.com or by calling toll-free 877-322-8228. Because the Equifax breach could have long-term consequences, it's a good idea to start checking your report as part of your regular financial routine for the next few years. It has long been recommended that you review your credit report every 4 months. Since you are entitled to one free credit report from each agency every 12 months, checking this often should be possible with no cost to you.
Bank and credit card statements: Review your bank and credit card statements regularly and look for any transactions that appear fraudulent. Sign up for any alert features so you are notified when suspicious activity is detected.
File your taxes early: As soon as you have the information you need, file your tax returns before a scammer can. If you receive any letters from the IRS or a state department of revenue, please notify an ECS professional immediately. Don’t believe anyone who calls and says you’ll be arrested unless you pay taxes or debt, even if they have part or all of your social security number, or they say they’re from the IRS. Do not give out any personal information to these types of callers. Legitimate agencies will not ask for this type of information over the phone.
Secure personal information in your home and workplace. Shred documents that contain personally identifiable information. Destroy expired cards or use the return envelope provided with a replacement card to mail the expired card to the issuer for destruction.
Keep your computers protected and secure using the latest antivirus patches and software. For best practices regarding internet fraud protection, see www.onguardonline.gov.
Secure wireless networks and double check a website’s URL before entering any personal information. Check for a lock icon and/or “https:” on the status bar of the internet browser, which generally means it’s safe to transmit information.
Create strong passwords. A 2015 Identify Theft survey released by MasterCard found that 46 percent of respondents rarely or never change their passwords for online financial accounts, and 44 percent of respondents use the same password across multiple online platforms.
Stop preapproved credit offers for five years or permanently at www.optoutprescreen.com.
Sign up for the National Do Not Call Registry and the Direct Marketing Association’s Mail Preference Service (www.dmachoice.org) to stop receiving unsolicited calls and mail and emails.