By now, you’ve already heard of the massive data breach at Equifax. But did you know there’s a good chance your personal information was among the stolen data?

Because this includes your name, SSN, and date of birth, it’s imperative that you understand how you can protect yourself from identity and credit fraud.

Unlike stolen credit card numbers, your SSN and date of birth cannot be cancelled and do not expire. That means that the stolen data can be used against you at any point in the future. Now that the information is out there, there’s no way to take it back.

Equifax set up a website where you can check if you were affected and sign up for their credit monitoring service for free. We do not see any major value in using this service, and in fact, there are several serious concerns about the website itself, including:

  • The website is running on an insecure platform
  • The tool to check if you were affected by the breach is bogus— if you put in bad data, it may still tell you that you’re affected
  • The free credit monitoring service they are offering had dubious legal terms and may autorenew after the free period

Should I enroll in credit monitoring?

That’s up to you.

Let’s say you have a vacation home and you set up a security camera to monitor the front door. The camera can tell you that someone broke in, but it won’t stop the intruder from stealing your valuables.

Credit monitoring works the same way. While it certainly doesn’t hurt, by the time you notice a problem, you’re already in a big mess.

What’s the best course of action?

FREEZE YOUR CREDIT.

Freezing your credit means that no one, including you, can make any inquiries to your credit. This effectively blocks anyone from opening new lines of credit in your name, or using your personal information to obtain information about your credit history.

If you do want to open a new credit card or apply for a mortgage, you will have to contact the credit bureau to temporarily “thaw” your account.

The inconvenience of freezing your credit (which you’ll have to do with all four credit bureaus and pay a small fee to each) is well worth the protection it offers now that your personal information has been compromised. Click here for more information on credit security freezes.

You will need to contact each of the following bureaus and ask them to put a security freeze on your account. Your partner/spouse should do the same.

Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
Innovis — 1-800-540-2505

What else can I do?

GET A FREE CREDIT REPORT ONCE A YEAR.

Because cyber-thieves now have your name, SSN and DOB, you need to take precautions to keep would-be criminals from obtaining your credit report—which contains even more sensitive information about you.

Create a calendar alert to request your free credit report once per year. You will need to request a report from each of the credit bureaus every year for this to be effective.

FILE YOUR TAX RETURNS AS SOON AS POSSIBLE.

Tax fraud is another likely outcome of this breach. Thieves can use your personal information to file fraudulent tax returns and obtain refunds in your name, which is a long and complicated issue to resolve.

The IRS will process returns in the order they are received, so filing yours as early as possible is the best way to prevent an attacker from filing a return in your name.

. . . . . UGH!

Yeah. This is all one big mess, and we haven’t seen the end of it. It especially stings because we are not Equifax’s customers—we are the product that it sells. And now, we are its victims.

This hack illustrates that ultimately, the responsibility for your credit, privacy, and security is yours and yours alone. While it’s certainly a big headache to take all of these recommended precautions, it’s better than having your identity stolen, getting your credit ruined, or dealing with the fallout from a fraudulent tax return.

Of course, there are many more considerations here, too. For that, we refer you to an excellent write-up by security researcher Brian Krebs.

Note: We at Steel Root are not tax or credit experts, and you should consider the recommendations in this email as a lay person’s opinion. Please consult your accountant or attorney for expert advice, and good luck to us all!