Equifax Did a Bad, Bad Thing and What Will You Do About It?

By now, most Americans know that a data breach at Equifax exposed personal security information for some 143 million individuals. What is much harder to learn is whether your personal information was involved.

While the breach itself is bad news, what is particularly upsetting is that there was a significant delay in making the breach public knowledge. Further, Equifax could likely have prevented the breach by installing a patch when it was made available. This was not the first cyber security attack on antiquated software, or software based on open source code, nor the first time a major corporation and government agency failed to take action promptly.

What’s a consumer to do? I suggest to my clients that they accept the things they can’t control and that they do the things they can to protect their personal information., Here are a few options:

Fraud Alert – When notified that your credit information has been leaked, you can call one of three credit agencies and request that a “Fraud Alert” be put on your credit account. What this means is that a business must verify your identity before it issues credit. In other words, you may be contacted by the business establishing the credit. The downside of a fraud alert is that this alert expires after 90 days, but it may be renewed. https://www.consumer.ftc.gov/articles/0275-place-fraud-alert

Security Freeze – When you place a freeze on your credit accounts, you will be unable to obtain any new credit until you unlock the account. This may take days. You need to protect and remember the pin number you set up in order to unlock the account. It does not expire. If you lose the PIN that was issued to you when you added the Security Freeze to your credit file, you may request a new one in writing. You will need to provide proof of identification, such as a copy of your driver’s license, passport, birth certificate or other proper identification. A fee may be required for residents of some states for a replacement PIN. This is the most common recommendation among my financial planning associates.

Credit Card Monitoring Services – For a price, companies like Life Lock® will monitor your credit and notify you of any suspicious activity. You can choose whether you want a text, phone call or email. Their price range is $9.99 to $29.99 monthly depending on the type of accounts they monitor, e.g. credit cards, checking and saving accounts, and investments accounts, and the amount they will reimburse for losses related to identity theft. The limits are $25,000 – $1,000,000. I’ve read mixed reviews about the effectiveness of these services.

For free, if you will endure advertising, there are organizations such as Credit Karma that will monitor your credit and notify you of changes to your credit rating. While it may sometimes come after the problem has occurred, I do like the information that it provides, such as the number of hard inquiries about your credit rating. It also provides useful education about topics such as what influences your credit rating most.

Early in the Equifax incident, Equifax made an offer of a free credit reporting service to the 143 million consumers. Hidden in the fine print was a provision, effective with consumer acceptance of the offer that precluded participation in any class action lawsuit. After blowback the limitation was removed.

DIY Credit Card Monitoring – Every consumer is allowed one free credit report a year from each of the three credit agencies. This means you could request a credit report every four months to monitor your own credit rating at no cost and without advertising. annualcreditreport.com

In addition to taking one or more of the above steps, I suggest the following:

  • Encrypt your computer so that if your laptop or desktop is stolen, a second password on steroids must be hacked:
  • Consider using a password vault like Last Pass, and/or use two method verification for banking and investment accounts.

Here is a link that provides the addresses of the three credit agencies and the Federal Trade Commission’s recommendations: consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.  And when considering whom to consult to secure your financial future, I suggest you seek the advice of an independent, hourly financial planner. No names, of course.