These days it’s harder than ever to protect our personal information. I get phishing emails daily alerting me I am the lucky lotto winner in a foreign country – all I need to do is send my bank information to have the proceeds deposited into my account. Those scams are pretty straight forward. While the everyday person might not have all the right security measures in place to protect themselves, we assume the big businesses and government do – they have a whole IT department that focuses on that kind of stuff, right?
Apparently, not so. This month, we found out that Equifax, one of the nation’s three major credit reporting agencies had a data breach that lasted from mid-May through July in 2017[i]. During that time, hackers accessed personal information data including names, social security numbers, dates of birth and addresses. The data breach affects as many as 143 million people[ii] in the US, Canada and United Kingdom. In the wrong hands, this data could be used by identity thieves to rack up debt in your name and potentially ruin your credit.
A week after the Equifax breach, the Securities & Exchange Commission (SEC), the nation’s top financial markets regulator, admitted it had also been a victim of computer hacking. Although just recently discovered, the data breach occurred in 2016. The top securities regulator said hackers accessed corporations’ financial information before it was made public (financial statements, quarterly earnings reports, IPOs, mergers and acquisitions, etc.) in its’ corporate filing system EDGAR (Electronic Data Gathering, Analysis and Retrieval). According to the SEC, that data could have been used to make “illicit gains” through stock trades[iii]. Somewhat ironic, the SEC had been pressuring investment advisors and broker dealers to beef up their cybersecurity protections. At the same time, the Government Accountability Office which audits the SEC found that the organization had not implemented 11 of 58 security recommendations related to its own computer network that would have helped to detect intrusion[iv].
Am I at risk?
You can visit the Equifax website, www.equifaxsecurity2017.com to find out if your information was exposed. Under the “Potential Impact” tab, you will be asked to enter your last name and the last six digits of your Social Security number. The site will tell you if you’ve been affected by this breach.
If Equifax feels your data was compromised they will encourage you to enroll in TrustedID Premier, a credit file monitoring and identity theft protection program. There are five types of credit monitoring offerings, complimentary. You can customize which of the below services you want to utilize. You will be asked for a great deal of personal information so make sure you are on a secure computer and encrypted network connection. Credit monitoring options include:
1. Equifax Credit Report – Copies of your Equifax Credit Report.
2. 3 Bureau Credit File Monitoring – Credit file monitoring and automated alerts of key changes to your Equifax, Experian and TransUnion credit files.
3. Equifax Credit Report Lock – Allows you to prevent access to your Equifax credit report by third parties, with certain exceptions.
4. Social Security Number Monitoring – Searches suspicious web sites for your Social Security number.
5. $1M Identity Theft Insurance – Up to $1 million in ID theft insurance. Helps pay for certain out-of-pocket expenses in the event you are a victim of identity theft.
After signing up for TrustedID Premier, you will receive an email with a link to finalize your enrollment and activate your customized security protection. Due to the recent breach, traffic to the Equifax website is quite high and they warn it might take several days before the confirmation email arrives in your inbox.
In a highly criticized move, Equifax added an arbitration clause to the free credit monitoring service that required users to give up their right to sue or join class-action lawsuits. Due to public backlash and social-media shaming, the arbitration clause was rescinded[v].
What else can I do?
If after visiting the Equifax website, you are told your data was not compromised, US consumers still have the option to obtain one year of free credit monitoring. Due to high volume on the website currently, you will be given a date to come back to enroll in the future. You have up until November 21, 2017 to enroll for this benefit.
Other steps you might consider to protect yourself could include the following:
- Placing a credit freeze on your files – A credit freeze locks your credit file with a PIN that must be used for anyone to add new credit in your name. The freeze won’t stop someone from fraudulently charging to your existing credit lines. You will have to enroll with each of the three credit agencies individually to initiate the freeze.
- Active monitoring – Above and beyond annual credit report reviews, you should also monitor your existing credit cards and bank accounts regularly and question any charges you don’t recognize.
- If you have minor children, consider checking their credit history regularly. It is counterintuitive because minors should not be issued debt. However, some young adults have applied for their “first” credit card, only to find their credit is shot because identity thieves have been using their social security for years, undetected.
- File IRS taxes early – The Federal Trade Commission (FTC) recommends you file your tax return as early as possible to avoid tax identity theft which occurs when someone uses your social security to collect your tax refund before you do. The FTC recommends that you respond to any IRS notifications timely, but remember that the IRS only sends letters. They do not call you and ask for your personal information.