Recent revelations regarding the security breach of the credit reporting agency Equifax, more lately, the SEC, are indeed troubling. These are organizations that should be impossible for hackers to penetrate. But, I suppose it’s worth sharing that I spent a few years early in my career as an analyst in a national bank’s fraud department and I can tell you that the fraudsters are the ones driving the hacking technology. The good guys, holding square jobs, are often just trying to keep up with their electronic adversaries.
In any event, on September 7, Equifax reported that on July 29 they discovered cybercriminals had broken into their system and accessed the personal information of as many as 143 million Americans. That’s about 44% of the US population.
What to do? First, visit equifaxsecurity2017.com/potential-impact/, enter your last name and the last six digits of your SSN. A pop-up window will alert you to whether or not you were affected. Then, don’t panic if it says you were.
Equifax is offering both affected and unaffected parties a free year’s subscription of credit monitoring and identity theft from TrustedID Premier. Due to high volume, the enrollment process may take several weeks, but should you be alerted that you are an affected party, you will be automatically prompted to enroll in the program. It’s a voluntary program. Although Equifax is offering to pay for credit monitoring, it’s possible that strings may be attached to the acceptance of this offer, so you should do what you feel is appropriate to protect yourself. I have personally enrolled in the program but have nothing to report regarding its features or conditions as yet.
Beyond the program discussed above, you can take other steps to monitor and protect your information:
- Check your credit reports at least annually. Visit annualcreditreport.com to access one free credit report per year from Equifax, TransUnion, Innovis, and Experian. Upon receipt of those reports, check them carefully for incorrect or suspicious information.
- Monitor your credit card and bank statements weekly and check for unfamiliar activity.
- Sign up for email or text alerts offered by your bank or credit card issuer(s), so that you’ll be alerted to anything suspicious.
- Change your primary email password. This will help prevent criminals from posing as you via email to make changes on your accounts.
- On ALL account passwords, avoid the obvious. You want your password to be long and random to make it harder for a would-be thief to guess. And then keep a list of these passwords in a secure place in your home; and of course, keep it up-to-date.
- Consider “freezing” your credit. A security freeze basically blocks any potential creditors from being able to review your credit file, making inquiries on your credit and the approval of credit applications impossible. To accomplish this, and there may be a small fee depending on the credit bureau, contact the credit reporting agencies listed above via their websites. Keep in mind, this freezes your credit both crooks and for you. Be sure you’re aware of the implications, and procedures to unfreeze your credit, before taking this step.
- Similarly, there is also the option of placing something called a Fraud Alert on your credit file. The process is like the security freeze, but there is no cost. The trade-off is that fraud alerts have time limits, typically 90 days. In both the case of freezes and alerts, be sure to educate yourself on how they work.
- Consider paying for additional identity theft protection indefinitely. Considering the headache and cost of trying to clear your name, this is an affordable proactive way to save yourself some time, hassle, and anxiety. Alerts ping you when new inquiries are made, or new accounts are opened under your name and SSN.
If someone contacts you claiming to be from Equifax, hang up the phone or delete the email. And DO NOT OPEN ANY ATTACHMENTS. Unless Equifax is returning your call, they will not contact you by phone. Additionally, if you get a random, unsolicited email or text from “Equifax” – delete it, or you may inadvertently cooperate with a crook.
A final few words to the wise on this subject:
First, when answering the phone, don’t give out personal or financial information to strangers or comply with their requests. When I was a fraud investigator for the bank and had to call identity-theft victims, I verified who I was and confirmed who they were without asking them for their personal information. Not the other way around. So, for example, when the phone rings, don’t answer it by saying your name!
Second, if you’re still writing personal checks to pay bills and individuals, considering going to a more secure payment method, especially if you are writing those checks out of your primary accounts. Think about it: on a personal check is your name, your address, your bank’s routing number, your checking account number, your check number, and your signature! All it takes is a lost check falling into the hands of a crook, or an unscrupulous employee somewhere processing your payment for a fraudster to gain access to your account, and maybe to your identity.
Third, while being vigilant and taking reasonable steps to protect yourself, also try to keep this matter in proper perspective. We live in an increasingly complex and open society, in which we each have information about ourselves publicly available (try entering your name and city in Google and see what comes up). None of us can completely control what’s out there, but we can keep ourselves knowledgeable about what is, and implement a sound defensive strategy.
As always, let us know if you’d like to chat.
– Chad Campbell