One of the largest data breaches in history has left 143 million people (roughly half of the US population) wondering if their highly personal data has been exposed to hackers (i.e. including social security numbers, home addresses, credit card numbers, driver’s license numbers and birth dates etc.). That means that the chances you are affected are pretty high. If you're concerned you're vulnerable to identity theft because of the breach, this information is for you!
Even though Equifax set up a program to help people protect their potentially exposed data, it might not give everyone complete confidence in keeping their identities secure. Here's why:
Equifax's enrollment program doesn't explicitly tell you if your data was a part of the breach, and the site (www.equifaxsecurity2017.com <http://www.equifaxsecurity2017.com> ) that has been setup to provide direction to consumers, is known to provide different responses when the same data is submitted more than once.
The breach could have started as early as mid-May 2017. That means that the data of 143 million people were exposed for more than three months. It's unclear what the hackers did with the data during those months.
Those who would like to be prudent about protecting their identity might have to wait a week before they are officially enrolled in Equifax's protection program. For some, that's just not fast enough.
What does that mean for you?
You don't have to wait to enroll in Equifax's program to start protecting yourself against the hack. Here's what you can do.
Step 1: Enroll in Equifax's program (or just move on to step 2)
Equifax's identity protection program, Trusted ID, is being offered to anyone who wants to enroll. The program is designed to help prevent identity theft and tampering with your credit. If you're willing to give Equifax another chance, you can sign up for the program here. But, be aware: the checker that lets you know if you were hacked might be broken and enrolling in the program prevents you from participating in a class-action lawsuit against Trusted ID, but doesn't prevent you from participating in lawsuits related to the cyber-attack.
Because of these circumstances, we recommend that, for now, anyone with a credit history should assume they were affected by the hack.
Step 2: Check your credit reports
More than three months passed between the time the breach may have started and now. They’re not sure if the data of those affected was used maliciously during that period, so consider looking through your credit reports for any suspicious activity. The US government guarantees everyone a free annual credit report from the three major bureaus -- yes, including Experian. You can get those reports here <https://www.annualcreditreport.com/index.action> .
When looking through your reports, keep an eye out for new accounts you didn't open, late payments on debts you don't recognize and any other activity that looks unfamiliar.
If you suspect someone used your identity to open credit cards, take on loans, or reopen closed accounts, contact the credit card company's fraud department immediately. You are not responsible for charges made on a fraudulent card, but you have to report the issue in a timely manner. Once you've reported the fraudulent credit, follow this guide to recovering from identity theft <https://www.identitytheft.gov/Assistant> .
Step 3: Freeze your credit
It's still early days, so even if your credit report comes back clean, remain vigilant about protecting your credit. One of the most reliable ways to prevent someone from opening credit cards in your name is to place what's called a "credit freeze." When you freeze your credit, you (or anyone masquerading as you) will be required to unfreeze your account by providing the PIN you got when you froze your credit.
To freeze your credit, contact each of the credit bureaus using these phone numbers:
The process is usually automated and can be completed within a few minutes. Just be sure to write down your PINs in a secure place.
Step 4: Set a fraud alert
A fraud alert is another way to make it hard for identity thieves to open accounts in your name. When a fraud alert is set, credit card companies will be required to verify your identity before opening an account. That, combined with the credit freeze, is a great way to keep your credit secure.
To set a fraud alert, contact just one of the credit card bureaus and ask for an initial fraud alert. Once the alert is set, it will last 90 days. After that, you'll have to renew it. Here are the appropriate phone numbers for the bureaus (just call one, but confirm that the company you call will contact the other 2 companies):
Step 5: Repeat the process for your loved ones
Because Equifax is not notifying those affected through direct mail or email, some people will be left without the resources or are tech savvy enough to protect their identities or find out if they were compromised. With that in mind, consider helping your loved ones -- especially the elderly without computer access -- with the above steps. Do not forget about your children either, placing a credit freeze on your child’s account can help to prevent ‘Synthetic’ identity theft. Your child is 51 times more likely to be subject to identity theft than an adult! A recent study has found that one in 10 kids has his or her identity stolen by the age of 18.
Watch out for tax season!
It's still too early to know if and how the data exposed in Equifax's breach will be misused, but one major concern comes around during tax season. Identity thieves can use stolen Social Security numbers to file fraudulent tax returns and receive refunds.
Other items to consider:
Change your passwords
Turn on two-step verification (a.k.a. multi-factor authentication) in your email account
Whatever you decide to do please be safe! Got more question? Drop your comments below.