When Equifax, one of the largest credit reporting agencies in the nation, announced last week that a company data breach exposed the personal information of 143 million Americans, some called it “the worst leak of personal info ever.” Hackers gained access in May to consumer Social Security numbers, credit card numbers, birth dates, addresses and some driver’s license numbers. The “cybersecurity incident,” as the company labeled it, was discovered July 29.
In the days since the breach, anyone with a credit history has been railing about careless data storage, questioning the stock dump of three executives a few days before the public announcement and/or asking, “What should I do?”
Equifax directs consumers to its website and an FAQ page which the company created to notify people of the breach and offer guidance. It’s problematic for a number of reasons, so we pooled some resources to help you take steps to protect yourself, your finances and your identity.
Check Your Credit
FTC.gov recommends getting a free credit report(s) through annualcreditreport.com. Check the reports for any accounts or charges you don’t recognize and file disputes.
But don’t stop there!
Krebs On Security advises consumers who know or suspect their Social Security numbers have been compromised to freeze their credit files at the major credit bureaus (Equifax, Experian, Innovis and Trans Union).
A security freeze blocks any potential creditors from being able to “pull” your credit history. With a freeze on your credit file, identity thieves can apply for credit in your name all they want, but companies will be locked out, and few, if any, creditors will extend credit without first assessing credit-worthiness. Also, because each credit inquiry has the potential to lower your credit score, the freeze also offers protection against losing points.
How to Freeze Credit
Notify each of the major credit bureaus that you wish to place a freeze on your credit file. This can usually be performed online, but in a few cases you may have to pick up the phone or put it in writing. Once you complete the application process (for a $0 to $15 fee), each bureau will provide you with a unique PIN to unfreeze your credit file in the future. This could cost you up to $60, but Equifax has a decent breakdown of the state laws and freeze fees/requirements.
A fraud alert allows creditors to pull your credit report as long as they verify your identity. For example, if you offered up a telephone number, the business must call you to confirm you are the person making a credit request. Fraud alerts can be effective at preventing someone from opening new credit accounts in your name, but they may not keep a thief from accessing existing accounts. You would still need to monitor all bank, credit card and insurance statements for fraudulent transactions.
- Initial Fraud Alert.If you're concerned about identity theft, but haven't yet become a victim, this fraud alert will protect your credit from unverified access for at least 90 days.
- Extended Fraud Alert.For victims of identity theft, an extended fraud alert will protect credit for seven years.
- Active Duty Military Alert.For those in the military who want to protect their credit while deployed, this fraud alert lasts for one year.
To place a fraud alert on your credit reports, you must contact one of the credit reporting agencies. A fraud alert is free, and after providing proof of your identity to the one company you call, you must tell the other credit reporting companies. They, in turn, will place an alert on their versions of your report.
Equifax is alerting those whose Social Security numbers have been stolen and offering them free credit monitoring. Go ahead and take advantage of this service, but make sure you aren’t waiving your right to participate in lawsuits or other legal actions in the future. You should consider a freeze or alert, as well.
IdentityTheft.gov also recommends filing your taxes early – before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job, so respond right away to any letters from the IRS.
This information breach is a wake-up call to be vigilant and check your bank statements and credit card statements on a regular (ideally weekly!) basis. Just because things are quiet and copacetic now doesn’t mean identity thieves don’t have the patience to wait and use your information down the road.
How AMDG Financial Protects Your Information
Protecting your information is a high priority for all of us at AMDG Financial, and we want you to know exactly how we use it. We share your personal information only with providers required to support our service to you. We use mail-forwarding; our incoming emails are scanned by multiple spam and virus stripping mail filters before they ever arrive in our internal computing environment. In addition, we use enterprise-wide virus protection on our internal servers and workstation connections.
Our website is hosted by a third-party service provider to keep our internal computing environment and your personal data separate from our web presence (an attempt to keep the internet gateway connection to our internal systems anonymous). We also use tools, like Docusign, to securely obtain your electronic signature on applications or other important forms, and we send or request personal information using secure tools like Sharefile.
As technology evolves, we all need to do our part to protect our own information, and the information of those with whom we do business. If you have questions about how we use your data, please feel free to contact us. Your best interests are our highest priority.