Have you ever done anything, ever, with your finances? Paid taxes, checked on your credit/credit score, bought a house? Then you might be affected by the Equifax data breach!
You’ve probably already heard of the Equifax data breach, but here’s a quick summary. Equifax is one of three major credit bureaus, and over this past year, it lost control of customer data including Social Security numbers, home addresses, credit card numbers, and more. Equifax estimates 143 million people’s information was exposed – nearly half the population of the entire United States.
One reason I’m particularly concerned about this is I studied Homeland Security in graduate school. I have a certificate in Homeland Security (didn’t fully major in it, chose another related field) and studied cybersecurity.
On one hand, we should all be concerned by this breach. On the other hand, we shouldn’t be that surprised it’s happened. If you’re shocked that your information is out there for sale, you haven’t been paying attention.
That said, there are ways to protect yourself and even if someone does get a hold of your information, it doesn’t have to be the end of the world. My mom’s information was stolen and used maliciously a few years ago, and we worked through it together. Here are my tips for protecting yourself after a breach like this (and the breaches to come).
Step One: Assume You’ll Be Compromised and Monitor Your Accounts
You can visit Equifax’s website to see if you’ve been compromised, but frankly, just assume you have. If you have ever applied for credit (credit card, mortgage, loan, etc.), your information is out there and companies don’t do a great job of protecting it.
I should say: they try and it’s in their best financial interest to protect your information, but cybersecurity is expensive and time-consuming and humans make mistakes or get lazy. It just takes one employee putting in a USB drive they shouldn’t, or opening an email they shouldn’t, etc. to jeopardize lots of information.
Monitoring your accounts, particularly your bank statements, credit card accounts, debt accounts, even retirement and savings accounts, should be something you do regularly. This doesn’t have to take a lot of time.
Every month when I pay bills, I check all my accounts:
- Checking and savings
- Credit card accounts
- Student loans
I check for discrepancies: is there a charge on my credit card I don’t recognize? If so, investigate it. Highlight the name of the company charging you, Google it and, if that fails, call your bank and ask what company the charge is from.
If you don’t recognize it, dispute it. This is much easier to do with a credit card company than it is with a debit card, which is why I use credit cards more often than debit cards. It’s easier to close a credit card that’s been compromised than close a debit card that’s connected to my direct deposit, mortgage payments, etc.
My mom first noticed her identity had been stolen when she noticed gas station charges in Texas. My mom hasn’t visited Texas in years, and she knew she wasn’t in Texas when these charges were made. She noticed the charges, called her credit card company, disputed the charges then notified the company that her card had been compromised.
Her credit card company immediately canceled her card and erased the charges.
Step Two: Set Yourself Up with Fraud Alerts and Credit Freezes
The criminals who bought your information may try to apply for credit in your name, so you can sign up for fraud alerts with the three major credit bureaus to at least deter them.
Fraud alerts last for 90 days, and you can request them again after those 90 days are up. When you have a fraud alert on your report, businesses must verify your identity before issuing credit. You’ll be contacted that a business is trying to establish credit in your name, and you can either approve or deny the request.
Fraud alerts and credit freezes (which usually have a cost to them) can be a hassle, especially if you’re in the process of applying for a mortgage, credit card, or student loan. It’s not a bad thing to do, but be aware it could delay your approval of any loans if you put on a fraud alert while you’re applying for those loans.
A credit freeze allows you to restrict access to your credit report, making it difficult for identity thieves to open new accounts in your name. It’s a helpful tool, although it costs money in many states, and lasts as long as you want it to. You can also request a temporary lift of the freeze if you’re applying for a mortgage, for example, and need to give access to your credit.
You can find more information on placing fraud alerts and credit freezes here:
- TransUnion Fraud Alert and TransUnion Credit Freeze
- Experian Fraud Alert and Experian Credit Freeze
- Equifax Fraud Alert and Equifax Credit Freeze
While the process is time-consuming, it makes it so no one can get credit reports from your frozen accounts (with the exception of existing lenders or government agencies) unless you temporarily or entirely lift the freeze.
After her information was stolen, my Mom signed up for fraud alerts from the three major credit reporting agencies, but she didn’t sign up for freezing her credit as she was applying for a mortgage.
Step Three: Be Vigilant and Stay Educated
You may consider signing up with free identity protection services offered by Equifax (although it’s only free for a year), or signing up with a company like LifeLock.
These can be good options, but before you pay for anything, see if your bank offers free identity protection to members. I belong to a credit union, and they offer free identity theft monitoring for all of the credit union members. Some major credit card companies also offer options for monitoring your credit score, which can alert you if your score takes a dive abruptly.
Also, make sure you request your free credit report from the three major credit reporting agencies (Experian, Equifax, and TransUnion). I like to ask for all three once a year so I can sit down and review them all at once, but others request one report every 4 months to be even more vigilant.
There are a lot of great resources out there for tips on keeping you safe, and a few I highly recommend:
- Be suspicious of anyone who calls you asking for sensitive information, like your credit card number, bank account info, Social Security, etc. Don’t confirm over the phone with anyone unless you know them and even then, try to call them back at an approved number or even meet with them face to face.
For example, let’s say your “credit card company” calls you to verify some banking information. First of all, I let all numbers I don’t recognize go to voicemail, but if you don’t, tell them you’ll call them back using the approved bank number on the back of your credit card. If they get angry at you, 99% chance they are a scammer and they’re mad you’re not playing along.
Another scenario: your mortgage lender calls you and asks you to verify sensitive personal information over the phone. Ask to call him/her back using the phone number on their business card or, better yet, ask them to send over a form using a secure portal (all mortgage/lending companies should have this) or meet them in person to provide your information.
- Update your passwords and store them with a company like LastPass. I know this sounds sketchy, because LastPass can be hacked too… but what’s worse: using one password for everything (ilovecake, for example) and getting hacked, or using a complex password generated for LastPass that stores it and remembers it for you?
For more tips, check out this excellent resource from the Federal Trade Commission. If you want to learn more about cybersecurity in general, I highly recommend reading Krebs on Security. He’s highly respected in this field and has a lot of great, easy to read information on these topics.
Cybersecurity threats do worry me, but not for the reasons outlined above. I’m vigilant with my banking information and know how to put on fraud alerts and credit freezes. What worries me is health care. Someone can steal your information and use it as a person in the US – and what happens when they go to the hospital and use your information? What if they say you’re allergic to something you’re not, or worse, say you’re not allergic to something you are?
This isn’t far-fetched, and people don’t usually check their medical records until they’re at the doctor’s office or the hospital. It’s important to have a copy of your medical records, the medicines you take, surgeries you’ve had, etc. and take it with you if you go to the hospital. Let a trusted family member know where this information is so they can bring it if you get into an accident.
Finally, criminals are dumb but sometimes they’re smart: they may sit on this treasure trove of consumer information from Equifax for a while, much longer than 90 days. Stay vigilant and educated about your information throughout the year, because you never know when they’ll decide to use it.
Questions about protecting yourself online, or want to share what you do to protect yourself online? Let me know in the comments!