If you have read the newspaper or had any news channel on today, you have undoubtedly read about the data breach at Equifax, one of the nation's three largest credit reporting agencies.
The breach, which actually occurred in late July 2017, is believed to have impacted 143 million Americans and is reported to have included significant amounts of public information, including names, social security numbers, driver license numbers, credit card numbers, and addresses. Both the scope and scale of the information stolen makes this data breach significantly more alarming than others in recent months (Target, Yahoo, etc).
After reading the news and discovering that my information was likely part of the breach (you can check your own at Equifax's response sight here), I felt it was worth sharing some steps that can be taken to monitor and address the potential risks from this breach, as well as to keep your information secure online going forward.
1.) Consider Taking Equifax up on their offer
In response to this breach, Equifax is rightfully offering their credit reporting services (TrustedID Preimier) to customers for a year. This includes a full credit report and ongoing monitoring. You can enroll at the response site here. Note that the fine print says you will agree to arbitration for any legal issues and not participate in any class action lawsuits, so please remain aware of those legal factors as you evaluate this offer
2.) Review and monitor your credit reports
The main risk with this breach is that your personal data will be used to obtain credit/loans in your name. In order to monitor for this risk, you can request your credit report. (Please note this has always been a "best practice" - not just one to use in response to this breach). Annualcreditreport.com provides you FREE access to your credit report from each of the three credit reporting agencies once per year. Since it's only an annual offering, consider whether you wish to obtain all three today, or if you prefer to spread them out for ongoing monitoring
There are other paid services (such as IdentityForce, LifeLock and IDShield) that tend to monitor at a more detailed and expansive level than the credit reporting agencies. There is a cost for these services however, so it is up to you to evaluate the cost/benefit
3.) Consider a Freeze
You have the ability to freeze your own credit. This stops anyone (including you) from getting new forms of credit, until you remove the freeze. This does come with a cost, both to add the freeze and to remove it - a fee charged by each of the three major credit reporting agencies. Here's an article that discusses freezes in more detail
4.) Monitor your credit score
Many credit card companies now offer you your FICO score every time you log in (and some also offer credit monitoring). Review your credit card company's website or give customer service a call and watch for any negative movements that could indicate suspicious activity
As always, passwords remain a huge source of exposure to your personal information. We all know that we should have nonsensical/long/hard to guess passwords and that they should not be repeated in more than one place. But some of that is hard to execute upon. There are some smart options (like password managers and two-step verification) that can help keep log-ins more secure. We will have much more on these topics in our upcoming quarterly newsletter.
We know this is a scary and unsettling topic and one that leaves us all wondering "what else do I possible have to worry about." All we can say is that we are in this together and are here to help you in any way we can. Stay safe out there and please reach out if we can be of assistance.