What to do in the wake of the Equifax breachSubmitted by Younity Wealth Partners on September 10th, 2017
Updated: September 10th, 2017 by Kara Downing, CFP®
As widely reported, one of the three largest credit reporting bureaus, Equifax, was hacked late last week. The breach lasted more than a month, from mid-May until July of this year, and hackers gained access to names, Social Security numbers, birth dates, addresses, and even some driver’s license numbers of 143 million Americans—or nearly 50% of the country. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken. The breach was not reported to the public until Friday, September 8th, 2017.
If you have a credit report, as most of us do, your data was likely exposed. Here are some steps you can take to determine whether your information was compromised and what you can do about it:
- Verify if your information was exposed. Visit Equifax’s website www.equifaxsecurity2017.com from a secure computer and internet connection (not over public Wi-Fi!), and enter your last name and the last six digits of your social security number to check your status.
- Enroll in free credit monitoring. Regardless of whether your data was compromised, it is worthwhile to have your credit monitored on an ongoing basis. It’s important to note that monitoring your credit will not prevent ID theft before it occurs, but it will alert you by text or email within a few weeks of any activity (authorized or not) on your credit report. The speed at which you receive notification depends on how quickly the lender reports activity to the bureaus.
Because of the breach, Equifax is offering their credit monitoring service free of charge to all US consumers for one year. If you are uncomfortable using Equifax to monitor your credit, you can use one of many other reputable credit monitoring services available (for a fee), including those offered by banks, credit card companies, and private credit monitoring firms.
- Consider setting up fraud alerts at each of the credit bureaus (Equifax, Experian, Transunion, and Innovis). Setting up a fraud alert will make using your credit a bit of a hassle, but it can help protect you from new lines of credit being opened in your name fraudulently. Alerts do not prevent third-parties from viewing your credit file or giving you a line of credit, but they instead require them to take certain steps to verify that you have authorized the activity on your account. Fraud alerts are free and last 90 days. However, if you’ve been a victim of identity theft, you can request an extended fraud alert that lasts for 7 years.
- Consider placing a “freeze” on your credit at each of the credit bureaus. If you’re not planning on making any big purchases soon or opening any new credit cards, then a freeze can be an effective way to keep your credit safe. Freezes prevent new lines of credit from being opened in your name and provide the most protection against identity theft. Be aware that it can be inconvenient and expensive to place or lift a freeze each time a lender needs to check your credit. While credit freeze laws and fees vary by state, Ohio residents pay $5 to freeze their account at each bureau and another $5 to lift it—even temporarily, and bureaus are required to unlock credit within 15 minutes of receiving your request (and payment). When you need to unlock your credit, be prepared to provide each bureau with a significant amount of documentation and a special PIN to prove your identity. Even if you’ve placed a freeze on your account, it won’t keep identity thieves from charging to your existing accounts, so make sure you continue to monitor all transactions.
- Check your credit reports immediately for free. Federal law allows you to obtain a free copy of your credit reports from each of the three main credit bureaus annually at www.AnnualCreditReport.com. This is the only free, government-provided service for checking your credit report and should not be confused with sites with similar names or web addresses. You will never be asked to provide your credit card, and you can request all three reports at once or one report at a time. Regardless of how you choose to monitor your reports, be sure to repeat the cycle every 12 months, checking for discrepancies. If you see any derogatory items on your credit reports, contact the creditor and the credit bureau immediately to report the potential identity theft and have it removed from your credit file.
- Keep a close eye on your credit card and bank transactions. Many breaches start small, and hackers can siphon funds over time hoping you won’t notice. And while each bank has their own set of rules to follow when it comes to reporting breaches, you’ll want to report any suspicious activity right away. If you wait too long, you could be on the hook for the full amount that was stolen from your account with little sympathy from your bank.
- Change your passwords regularly, and use caution when giving out your personal information. Because it can be difficult to remember all the passwords we use daily, it’s tempting to re-use the same password over and over. This makes you significantly more vulnerable to the risk that a security compromise in one of your accounts could lead to exposure across all your online credentials. Having a unique password for each of your financial services accounts protects you from this type of risk. At larger institutions like Charles Schwab, your passwords are stored in very secure ways. However, they may not be stored in the same ways, or as securely, at an online retailer, a government website, or within a social media database.
Banking by telephone, internet, and now your mobile phone saves us a lot of time, but it has also opened up more opportunities for fraudsters. Make sure you never give out your full PIN, account numbers, Social Security number, or banking passwords, and never click on unsolicited, unexpected, or suspicious-looking links sent to you by email or text. They could download malware capable of spying on your phone or personal computer activity.
- Contact each of your financial institutions and ask them how they protect your information. Every financial firm must commit to protecting customer data from fraud, but the measures they take vary widely between institutions. For example, if you are a Charles Schwab account holder, you can enable two-factor authentication which provides you with a single-use numeric password that you use in addition to your usual password when logging into your accounts. You can also add verbal passwords to your accounts to help authenticate you when you call Schwab. Check with your specific financial institutions to find out what steps you need to take to prevent unauthorized access to your accounts.
- Consider identity theft insurance. Identity-theft insurance coverage usually includes assistance in straightening out the aftermath of identity theft (canceling unauthorized accounts and so forth), which is generally easy when the fraud involves credit cards—the most common type—but can be more time-consuming for accounts at banks and other institutions. The assistance can vary from simple advice to a dedicated case manager who will make the calls on your behalf. Certain insurance companies, including major insurers such as Allstate, Liberty Mutual, State Farm, and Travelers, offer identify-theft insurance through an add-on "rider" or "endorsement" to homeowners or renters policies. If you purchase identity-theft insurance, make sure you know what it provides.
- Notify your financial advisor, accountant, and financial institutions immediately when your identity is compromised. The advisors who work on your behalf can help you take the necessary steps to deal with the aftermath and prevent further breaches from occurring.
There is a common misconception that your information is safe from hackers if you don’t have online access to your financial accounts. However, it’s important to keep in mind that banks, credit bureaus, and even the IRS store our personal information electronically, making us all vulnerableto identity thieves. Proactively protecting your personal data before a breach occurs is crucial to preventing ID theft. The Equifax data theft, or any breach for that matter, can have life-long consequences. When a credit card number is stolen, you simply get a new card with a new number. You can't, however, get a new date of birth or Social Security number.
We at Younity Wealth take our clients’ security very seriously. That’s why we will never share your personal information with anyone but you and only through very secure channels. We also require your verbal consent each time we receive a third-party withdrawal request from your account. As hackers become more creative and sophisticated in the ways they target their victims, it requires extra due diligence on each of our parts to protect your accounts. That means it might take a little longer to complete your request, but it’s worth it to have the peace of mind that we’re doing our best to protect you.