Last week credit reporting giant Equifax announced some very unsettling news. Equifax fell down on the job. There is no other way to put it.
The credit reporting agency experienced a massive data breach which unfortunately compromised the personal identifying information of approximately 143 million people. For a company which makes billions of dollars collecting, storing, and selling your private information this breakdown in security is not just negligent, it is inexcusable.
If you understandably missed this disturbing announcement last week amidst all of the news coverage about Hurricanes Harvey and Irma, here is what you need to know right now.
Why This Breach Is a Big Deal
Data breaches have occurred with increasing regularity over the past several years. Insurance providers, hospitals, retail chains, online gaming services, and many other businesses have experienced cyber theft which compromised the personal information of millions. In fact, it almost feels as if you cannot turn on the news or log into your favorite social media newsfeed without hearing about a new breach of security.
The regularity of these data breaches can unfortunately be desensitizing. It can cause you to drop your guard. That, however, could be a dangerous mistake especially if your information has indeed been compromised in the Equifax breach.
Equifax's breach does not simply involve credit card information which can be easily changed to prevent fraud. Instead, the breach involves exposed information you are not going to be able to change: names, social security numbers, dates of birth, etc. The hacked information could be sat on for years, allowing you to forget about the danger, before any actual fraud or identity theft is even attempted. The stolen information will be just as valuable to thieves in the next week, the next month, the next year, and even potentially the next decade to come. If you were among the 143 million consumers compromised, your exposure to identity theft is now a long term risk.
Action May Be Needed. Panic Is Unnecessary.
Now that you have digested the bad news, let's talk about what you can do to protect yourself. Panic is not going to solve anything, but a solid plan can go a long way.
1. Find Out If You Are a Victim
Equifax maintains credit files on over 200 million consumers. That means that approximately 29% of you were fortunate enough not to have your personal information compromised. You can find out if you were exposed to the data breach here: https://www.equifaxsecurity2017.com/potential-impact/.
(NOTE: Equifax initially came under fire on social media and from several lawmakers, including New York Attorney General Eric Schneiderman (D), for including fine print in the terms of service on the above webpage which reportedly may have attempted to dupe consumers into waiving their rights to enter a class action lawsuit or to sue Equifax over the breach. Equifax has since changed their terms of service to remove the offending clause. Really, Equifax?!)
2. One-Call Fraud Alerts
If you visit the website above and discover that your "personal information may have been impacted by this incident" then placing a fraud alert on your credit reports may be a good next step. You can easily place a 90 day fraud alert on all 3 of your credit reports by requesting an alert with Equifax, TransUnion, or Experian. Per the Fair Credit Reporting Act (FCRA), once any of the credit bureaus receives a request for a fraud alert they must communicate that request to the other 2 remaining bureaus on your behalf.
The FCRA also gives you the right to place an extended, 7 year fraud alert on your reports as well. However, you will first need to prove that you have actually been a victim of identity theft (aka someone has opened or tried to open a fraudulent account in your name). Both types of alerts are free under the FCRA.
3. Credit Monitoring
Equifax is offering free credit monitoring (TrustedID) for 1 year to anyone who wants to take advantage of the offer. It is not a bad idea to take advantage of this offer, but it is probably not going to be enough. You need to keep in mind that this is a single-bureau credit monitoring service (Equifax only) and it will do nothing to help you monitor your credit reports on Experian or TransUnion (where you could also experience identity theft as a result of the breach).
If you want to truly keep an eye for fraud on your credit reports then you will need to monitor all 3 credit bureaus and you will probably have to pay a fee to do so. There are a lot of good services out there which offer 3-bureau and even 3-score monitoring. Some are more expensive than others. If you are looking for some comparisons of available services, visit http://www.greatcredit101.com/credit-reports-and-monitoring/.
It has always been important to routinely check, monitor, and review your credit reports for fraud and errors. If your information has been exposed in the Equifax data breach, that importance has simply become magnified for you more than ever before.
4. Credit Freeze
Fraud alerts can potentially help to prevent identity theft and credit monitoring can help you to quickly discover fraud when it occurs. However, if you want a tool which can help to prevent fraudulent accounts from being opened in the first place then a credit freeze is the biggest gun you can use to defend yourself.
When you place a credit freeze your credit report is taken out of circulation. This means that no future lender will be able to access your reports. If a scammer tries to use your information to open a fraudulent account then the freeze will stop a lender from pulling your credit and, viola, any future loan applications will most likely be denied as a result. Almost no lender is going to approve a new application if they cannot pull your credit.
It is worth pointing out that it is not free to place a credit freeze unless you have actually already been a victim of fraud. However, credit freezes are relatively inexpensive (under $10 per credit bureau at the time of publication). Unlike fraud alerts, you must place an individual freeze at Equifax, TransUnion, and Experian.
Additionally, the credit bureaus also offer a service known as a "credit lock." Equifax has even announced that it will be giving away credit locks for free to victims of the breach. While credit locks are advertised by the credit bureaus as more convenient than freezes, it is unclear whether or not they offer the same protections. Credit freezes are generally covered by state law, potentially giving you more protection in the event that there is a problem.
5. Keep It In Perspective
The truth is that identity theft is a growing crime. Over $16 billion dollars was stolen by fraudsters and approximately 15.4 US consumers were affected by identity theft in 2016 alone. Even before this Equifax data breach, your personal information may have been vulnerable to thieves in one way or another.
It has always been and will continue to be your personal responsibility to check your credit reports regularly in order to verify that they contain only accurate information about accounts you really applied for and opened yourself. (Remember, you can check your 3 credit reports every 12 months for free at AnnualCreditReport.com.) If you ever discover fraudulent accounts on your credit reports the Fair Credit Reporting Act (FCRA) gives you a long list of rights with a lot of teeth to help you recover from the identity theft.
If you want some tips on how to recover from identity theft, CLICK HERE. You have the right to try to correct identity theft issues on your own, but you can also hire a professional credit expert to work on your behalf if you are too busy or feel too overwhelmed by the process.
Michelle Black is an author and leading credit expert with a decade and a half of experience, a recognized credit expert on talk shows and podcasts nationwide, and a regularly featured speaker at seminars across the country. She is an expert on improving credit scores, budgeting, and identity theft. You can connect with Michelle on the HOPE4USA Facebook page by clicking here.