The Equifax Breach is Worse Than You Imagined

A massive data breach at Equifax has compromised over 140 million people's personal information. But this was not one of those data breaches that everyone is accustomed to hearing about – like the ones at Target, Dairy Queen, Yahoo, or Home Depot. This one is much worse.

Credit reporting agencies know more about you than you know about yourself. In this case, names, Social Security numbers, birth dates, addresses, driver’s license numbers, and credit card numbers were accessed from Equifax’s databases.

Having your credit card information stolen (like what happened in the Target breach) is a hassle, but poses no huge risk. Credit cards can be shut down, and consumers are well-protected from unauthorized credit card charges.

Having access to your detailed personal information is a different story. With up-to-date information, criminals can easily impersonate someone to create or gain access to accounts. This information can be used to:

• open new credit cards and bank loans
• file fraudulent tax returns
• commit Social Security and government benefit fraud
• contact you with convincing information to receive some form of payment (fake IRS agents, computer support technicians, or “long-lost” cousins)
• secure access to your bank, credit, or investment accounts

Unfortunately, this list is not exhaustive. Basically, anything you can do online or over the phone has the potential of being replicated by criminals. Scared yet?

Equifax’s Recommendation Is Not Enough

Equifax is recommending you go to their website to see if your information was compromised. If confirmed, they recommend you sign up for the free credit monitoring service they are offering for the next 12 months.

Credit monitoring is great, and I highly recommend using one of these services (see specific recommendation below). But, given the breadth of the information available to criminals, this is not enough.

My Recommendations

Unfortunately, there is no simple solution that will provide comprehensive and foolproof protection. Here are several items that have always been “best practices” to help protect you:

• Protect your computer(s). Do not use your computer without updated anti-virus software installed and running. I prefer Norton, but most options are excellent.
• Select passwords wisely. Use a unique, “complex” password for every website you access. I use a password manager to keep everything straight (LastPass is my favorite), but these are unnecessary. I use a simple formula to build a password for each site; you might do something similar using the first three digits from the website you are using and a complex “core” password. For example, you might use amaDrag0n$ to access Amazon.com and welDrag0n$ for Wells Fargo. If you use the same password on your bank account and 401(k) and Amazon.com account (like most people), a hacker will have access to all if they get your password from any of them. Start making this change with each new login.
• Review your credit reports. Everyone is entitled to a free copy of their credit report from each of the three biggest reporting agencies one time per year. The review process takes only about 10 minutes per report. Check your reports through www.annualcreditreport.com at least annually or (better yet) cycle through one report every four months to catch “issues” more quickly. Each agency will try to sell you their credit score or ID theft service – I skip their offers. 
• Sign up for credit monitoring. I’ve used LifeLock and TrustedID’s services over the last ten years and find the service valuable. It’s comforting to know I’ll receive a notification whenever credit is opened in my name, so I can quickly deal with the problem if I did not open the account. These services also offer assistance if you have troubles.
• Be skeptical of all mail, email, and phone calls asking for money. Recently, scammers posing as IRS agents (complete with detailed financial information to bolster their claims) were successfully receiving “tax payments” from frightened consumers.
• Opt-out of unsolicited credit card and insurance offers. Doing this via www.optoutprescreen.com or 888-5OPT-OUT should block most unsolicited applications and reduce the incidence of identity theft. This will remove your name, address, and personal identifiers from lists supplied by Equifax, Experian, TransUnion, and Innovis. 
• Review your bank, investment, and credit card statements frequently. I’m most worried that criminals will go after your bank and investment accounts. Credit monitoring services and credit freezes (mentioned below) will not alert you to unauthorized account access. We all must pay better attention to our accounts. Review your bank and credit card account transactions at least monthly. (I review them as I’m paying my bills on the 1^st and 15^th of the month.) For your investment accounts, TD Ameritrade has solid protections in place, and I monitor client accounts for unusual activity, but you need to also review these accounts yourself.

Anything Else?

Several articles I’ve read are recommending consumers place “fraud alerts” on their credit reports. The idea is that lenders will contact you before issuing credit in your name. Unfortunately, many lenders pay no attention to these alerts. My preference is to pay for a credit monitoring service that’ll alert me once an account is opened.

Credit reporting agencies allow you to “freeze” your credit. This makes your credit report unavailable to everyone, so attempts to take out credit will be denied. There is a small fee to set up a credit freeze and you must set one up with each reporting agency. You can temporarily unfreeze your credit when necessary with the PIN provided; the “thawing” process can take up to three days. Freezing your credit can be quite a hassle, as credit reports are not only pulled when applying for credit cards and personal loans, but also when renting a home/apartment or securing cell phone or cable services. If your concerns are bigger than the potential inconvenience, a credit freeze might make sense.

If I have not worried you enough, here are additional resources:

• Krebs on Security – The Equifax Breach: What You Should Know
• Identity Theft Resource Center – Freeze or Fraud Alert
• Krebs on Security – Are Credit Monitoring Services Worth It?
• Consumer Reports - A Credit Freeze Won't Help With All Equifax Breach Threats

My goal is to help you be comfortable with your finances. Following the recommendations above will put you in a better position to protect yourself from financial predators.  Contact me at 949-441-4410 if you’d like me to walk you through any of these recommendations.

---

Other items you might want to read: