EQUIFAX HACK: HOW TO SECURE YOUR CREDIT

By now, you’ve already heard of the massive data breach at Equifax. But did you know there’s a good chance your personal information was among the stolen data?

Because this includes your name, SSN, and date of birth, it’s imperative that you understand how you can protect yourself from identity and credit fraud.

Unlike stolen credit card numbers, your SSN and date of birth cannot be cancelled and do not expire. That means that the stolen data can be used against you at any point in the future. Now that the information is out there, there’s no way to take it back.

Equifax set up a website where you can check if you were affected and sign up for their credit monitoring service for free. We do not see any major value in using this service, and in fact, there are several serious concerns about the website itself, including:

  • The website is running on an insecure platform (link)
  • The tool to check if you were affected by the breach is bogus— if you put in bad data, it may still tell you that you’re affected (link)
  • The free credit monitoring service they are offering had dubious legal terms and may autorenew after the free period (link)

 

Should I enroll in credit monitoring?

That’s up to you.

Let’s say you have a vacation home and you set up a security camera to monitor the front door. The camera can tell you that someone broke in, but it won’t stop the intruder from stealing your valuables.

Credit monitoring works the same way. While it certainly doesn’t hurt, by the time you notice a problem, you’re already in a big mess.

 

What’s the best course of action?

FREEZE YOUR CREDIT.

Freezing your credit means that no one, including you, can make any inquiries to your credit. This effectively blocks anyone from opening new lines of credit in your name, or using your personal information to obtain information about your credit history.

If you do want to open a new credit card or apply for a mortgage, you will have to contact the credit bureau to temporarily “thaw” your account.

The inconvenience of freezing your credit (which you’ll have to do with all four credit bureaus and pay a small fee to each) is well worth the protection it offers now that your personal information has been compromised. Click here for more information on credit security freezes.

You will need to contact each of the following bureaus and ask them to put a security freeze on your account. Your partner/spouse should do the same.

Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
Innovis — 1-800-540-2505

 

What else can I do?

GET A FREE CREDIT REPORT ONCE A YEAR.

Because cyber-thieves now have your name, SSN and DOB, you need to take precautions to keep would-be criminals from obtaining your credit report—which contains even more sensitive information about you.

Create a calendar alert to request your free credit report  once per year. You will need to request a report from each of the credit bureaus every year for this to be effective.

 

FILE YOUR TAX RETURNS AS SOON AS POSSIBLE.

Tax fraud is another likely outcome of this breach. Thieves can use your personal information to file fraudulent tax returns and obtain refunds in your name, which is a long and complicated issue to resolve.

The IRS will process returns in the order they are received, so filing yours as early as possible is the best way to prevent an attacker from filing a return in your name.

. . . . . UGH!

Yeah. This is all one big mess, and we haven’t seen the end of it. It especially stings because we are not Equifax’s customers—we are the product that it sells. And now, we are its victims.

This hack illustrates that ultimately, the responsibility for your credit, privacy, and security is yours and yours alone. While it’s certainly a big headache to take all of these recommended precautions, it’s better than having your identity stolen, getting your credit ruined, or dealing with the fallout from a fraudulent tax return.

Of course, there are many more considerations here, too. For that, we refer you to an excellent write-up by security researcher Brian Krebs.

 

Note: We at Steel Root are not tax or credit experts, and you should consider the recommendations in this email as a lay person’s opinion. Please consult your accountant or attorney for expert advice, and good luck to us all!

Comments
  • Will
    Reply

    Steel Root team – good work helping to make this “big mess” more understandable for folks. As I was reading this I thought back to your earlier post about securing home networks. I see similar threads in the following: extremely common services (and actually difficult to live without these days), information and “settings” that often remain default and unknown to many users, and quite potentially life-altering consequences of not knowing how to harness our own accounts, devices, and options as consumers.

    It sounds like you all are in the business of raising awareness and helping folks understand some basic, yet high-stakes technologies and systems of our day.

    On a personal note, I appreciate your research into the services Equifax is offering in response to this. I was admittedly left wondering how much trouble to go to for these services (wanting to be secure, but with a mindset surely tainted by cynicism), and it sounds like they simply aren’t worth it. You’ve given me a more clear direction in which to head.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us

We'd love to hear from you. Send us an email and we'll get back to you ASAP.

notebook for safe passwordsSteel Root Secure Email