Posted by William Charles on September 9, 2017
Misc

Published on September 9th, 2017 | by William Charles

82

List Of What You Should Do In Response To The Equifax Data Breach

In case you missed the news, Equifax has indicated that there was a data breach that may have affected 143 million consumers. At this stage it’s not clear who has stolen this data and Equifax’s site is of little use to determine if your data was actually stolen or not. A lot of readers have been asking what they should be doing in light of this. Here’s my suggestions, as always do your own research and implement a plan that works for you.

Pro-active Steps

Set Up A Fraud Alert

Fraud alerts are designed for people that are or could be the victims of identity theft. The aim of a fraud alert is to let those who are accessing your credit report know that there is an increased risk of fraud regarding your account. This allows them to take additional steps to verify your identity. There are multiple types of fraud alerts, at this stage I’d suggest it’s advisable to set up an initial 90 day fraud alert. You only need to set up a fraud alert with one of the three major credit bureaus know and they are required to let the other two know.

This can all be done online or by phone. For more information regarding add a fraud alert please read this post. Keep in mind that setting up a fraud alert will opt you out of pre-approved/screened offers by default as well. You can opt back in.

Set Up A Security Freeze

A security freeze is more significant than a fraud alert as it makes your credit report inaccessible. This means that nobody can open new accounts in your name (assuming the creditor pulls your credit report). When you set up a security freeze you will be provided with a PIN/password and this can be given to a creditor so they can still access your report (you can see what credit card issuers will accept a PIN for a frozen report here). The downside to security freezes is that they aren’t free unless you’re the victim of identity theft. The cost of a security varies by state, you can view the cost of implementing and lifting a security freeze for each state here. You can view how to implement a security freeze with each credit bureau here.

A security freeze isn’t necessary for everybody, but it’s important to know what your options are.

Set Up Credit Monitoring

If somebody has gotten access to the data that Equifax is indicating was breached it would be fairly easy for them to open up fraudulent accounts. By setting up credit monitoring you can be informed whenever a new account is opened. There are lots of free solutions available. For more information on the best & cheapest way to set up credit monitoring please read this post.

Set Up SSN Searches

Discover offers free social security alerts.  This alerts you if your SSN is found on a risky website.

Enable Two Factor Authentication Where Possible

Reader Kashmoney rightfully pointed out that the information breached could also be used by attackers to reset passwords and access other accounts. One of the best ways to prevent this is by setting up two factor authentication (or multiple factor authentication). The idea behind two factor authentication is that accessing your account requires a second set of authentication besides a normal username and password. The most common way this is done is by requiring you to enter an access code sent to your phone.

Be Aware Of Fake Websites

Reader Jeff H has reported receiving spam e-mails for sites pretending to be Equifax. At the moment the only official Equifax site is: https://www.equifaxsecurity2017.com/, we know this is the correct website because www.equifax.com directs us here and it has been confirmed as legitimate multiple times by Equifax. This is a major news story and hackers are using people’s fear to try to get them to disclose their personal information.

Check To See If Your Data Has Been Breached

This would normally be the first thing you should do, but the Equifax site isn’t working properly currently (e.g fake details are showing as affected when they don’t exist). When it is working properly I’ll make sure to create a new post on the site to remind readers that they can now check to see if their information has been breached.

Create Accounts With The Social Security Administration and IRS

Good idea to do this before somebody else does it in your name. The websites you want are:

If you want to do this you’ll need to do it before you set up security freezes/alerts.

What To Do If You’re The Victim Of Identity Theft

If you become the victim of identity theft (e.g somebody opens an account in your name) then there are a number of other things you should do immediately. The government has a great website called IdentityTheft.gov. Rather than giving you the same advice I’d recommend just following the clear steps there instead.

Should You Sign Up For TrustedID?

As part of the data breach Equifax is providing a free one year of credit monitoring with TrustedID. This is a company owned by Equifax. An issue a lot of people have is that in the fine print of TrustedID it states by signing up you’re waiving your rights to abritration and class actions. Equifax has updated the https://www.equifaxsecurity2017.com/ website to state:

  • In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.

WSJ is saying that only the terms are binding so the above statement is meaningless. I’m not a lawyer but my personal feeling is why should I trust Equifax & TrustedID again when they are the cause of the issue in the first place. Especially when there is other free monitoring available.

Final Thoughts

A lot of these things you should have in place regardless of whether your information has been accessed or not. I’m sure there are some things that I’ve missed, please let me and other readers know what they are in the comments below.

 

 



82
Leave a Reply

avatar
 

  Subscribe  
newest oldest most voted
Notify of
RF
RF

One thing you should possibly NOT do…take up Equifax on their offer of free credit monitoring.

I can’t confirm this is true (because the terms and conditions seem to be hidden behind the SSN verification step that I’m not filling out) but I’ve heard it reported that by accepting the offer, you are waiving any right to participate in any class action suit against them over this matter.

Brad
Brad

I think we’ve all heard this by now – and I believe there was a post here about it – and many of us are waiting to hear if this truly is the case from a lawyer.

Information Booth
Information Booth

This is no longer a rumour. Equifax included this in the fine print. There is currently a class action suit in the works. I saw on the news that Equifax is concerned about bankruptcy and they did this to try to lower their amount of liability. Such BS!! Love in Christ.

Seriously
Seriously

Is love in Christ necessary?

Mark
Mark

Don’t you think?

RF
RF

Maybe I should have read up on it a bit more before posting. It appears that yesterday Equifax updated the terms yesterday to clarify that you are not giving up rights related to the incident, but only related to the credit monitoring service:

http://www.snopes.com/equifax-credit-monitoring-class-action/

Though the real irony would be if there later ends up being another breach, this time of the credit monitoring service, and you’ve already given up rights over that.

Kent C
Kent C

The Wall Street Journal reported that only the terms are binding, meaning the statement you are not giving up rights to arbitration are meaningless. Unless they rewrite the terms you are bound to them by Equifax, period.

Mark Ostermann

This came out last night

Update: Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.

https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-know-before-you-check-equifaxs-data-breach-website/?utm_term=.b173a90359a6

Kent C
Kent C

Also according to that article, “If you look back at the TrustedID terms of use, the last paragraph says ‘entire agreement between us,’ which basically reiterates that the terms of service is the entire agreement and anything else you read on the website have no applicability.”

So unless they rewrite the terms, they can enforce them or at least try.

Thomas
Thomas

You can always argue that a thief / criminal used your leaked info to sign up for the TrustID service.

Pijanec Ordiner
Pijanec Ordiner

You don’t get any more targeted credit offers if you freeze, right?

Anthony
Anthony

I don’t believe this is the case. There’s a separate process to opt out of offers, which is approved by the FTC.

Bob
Bob

Correct. Every time I freeze, EX sends me a letter saying I’ve opted out. You have to opt back in again when you unfreeze, that’s not automatic like the freezing opt out is

Jim
Jim

From TU:

“As you requested, an Initial Fraud Alert has been added to your credit report.
As an added precaution, we have removed your name from prescreened offer mailing lists for a minimum of 90 days.
As a convenience to you, we will notify the other national credit reporting agencies, Equifax and Experian, of your request for an Initial Fraud Alert. You should receive confirmation from them directly.”

Pijanec Ordiner
Pijanec Ordiner

This one was for a 90 day alert not even a freeze, right? Does their email say how to opt back into prescreened offers?
This is the most inconvenient time to have to screen yourself out of the offers, I was waiting for that new BofA card.

TanT
TanT

When I put fraud alert in Experian, they also include this. Does it mean I opt-out the targeted offers?

As an additional precaution, we have removed your name and address from prescreened offer mailing lists for two years.

Ender
Ender

Yeah I saw that as well. Wondering if there is anything I can do to opt-in again.

Bob
Bob

Just opt back in again, Google it

TanT
TanT

After a search, I believe that this is the website to opt in again http://www.optoutprescreen.com/?rf=t

Treesha
Treesha

Thank you, Doc, for this helpful information! I appreciate it.

Jake
Jake

It’s also good to create accounts with the Social Security Administration and IRS before someone else creates them in your name. https://www.ssa.gov/myaccount/ and https://www.irs.gov/payments/view-your-tax-account are the places to do this.

Jim
Jim

Terrific advice, thank you for the suggestion

Just registered my family members for IRS. Two of us had existing accounts, but it looks like they need re-certifying every few months. I last logged on during tax season in March-April. I like how stringent their verification process is, albeit had a bit of a laugh when the IRS site noted they do a soft Equifax pull to verify things 😀

Anand
Anand

Been trying to create the IRS account. Successfully did the SSA account, but the IRS site is not taking a liking to me. No matter what I try, it keeps complaining that it couldn’t create a profile for me (despite having verified identity). It doesn’t complain about the username or password. I did select an image. Only thing I can think of is that it doesn’t like any phrase (or word) that I choose. I’m giving up – typical govt. product. No explanation of what is wrong – just doesn’t work.

Danny
Danny

Probably a hacker or identity theft already got to it before you did.

kashmoney
kashmoney

Thanks for the suggestion… had no clue about this!

Dale
Dale

For those in the U.S., what about setting up a “Self Lock” to protect your identity by preventing unauthorized use of your social security number. “This helps prevent anyone else from using your SSN to try to get a job with an E-Verify employer. If your locked SSN is entered in E-Verify to confirm employment authorization, it will result in an E-Verify mismatch, called a tentative nonconfirmation.”

Self Lock is part of myE-Verify, a service from the U.S. Citizenship and Immigration Services.
Link: https://www.uscis.gov/mye-verify/about-mye-verify

This sounds worthwhile to me, since we already trust the U.S. government to manager our SSNs. Your thoughts?

007
007

Interestingly, I can’t create an account with a fraud alert on my 3 bureaus.

Josh
Josh

Does anyone know if the PINs used to set and remove a security freeze on for Equifax credit reports has also been breached? If so, I will need to contact Equifax to change my PIN.

Harry Nguyen
Harry Nguyen

I feel like there’s just no point of suing Equifax, I mean banks sell our info all the time and we aren’t aware of it. I only use Experian but when I do check for Equifax I use credit check total once in a blue moon. I rather get their free monitor protection for the year.

cm

> This would normally be the first thing you should do, but the Equifax site isn’t working properly currently (e.g fake details are showing as affected when they don’t exist). When it is working properly I’ll make sure to create a new post on the site to remind readers that they can now check to see if their information has been breached.

Let’s not spread fake news, shall we? I tried providing fake details, and I receive a message that I am not affected. Proceeding further does still give me an enrolment date, but that’s not an indication that the system isn’t working.

Jeff H
Jeff H

Equifax updates terms of service after arbitration clause causes uproar following massive breach

http://www.washingtontimes.com/news/2017/sep/9/equifax-updates-terms-service-after-arbitration-cl/

It appers someone out there is hearing the public outcry.

M
M

What to do after your horse has bolted:
1. Lock the barn door.
n.b: can be scaled up to 143 million horses.
j/k

Matt
Matt

How does Credit Karma compare to the credit report monitoring that many banks do now? I’ve had CreditWise through a CapitalOne card for a while, and every time I apply for a new card I get an email within a few days about it. I’m also planning to sign up for Chase’s Credit Journey. Also have the credit reports through other credit card issuers, though I don’t think those have email alerts. Is Credit Karma any better? My hesitation to sign up is for security/privacy reasons, just trying to avoid giving my info to yet another company. CapitalOne/Chase already have my info (since I have their credit cards), so I figure signing up for their programs is security/privacy-risk-free.

airgypsy
airgypsy

Hi DoC and William.
– Would it be correct to assume that a 90 day fraud alert would result in no “instant approval?”

– If one already has a freeze on his credit reports, how do you go about an online credit card application? I’m assuming you pretty much have to unfreeze right away, then babysit the application until you know the outcome, then freeze again?

Thanks in advance.

Josh
Josh

“If one already has a freeze on his credit reports, how do you go about an online credit card application? I’m assuming you pretty much have to unfreeze right away, then babysit the application until you know the outcome, then freeze again?”

Visit each bureau’s freeze center and lift the freeze on your report. You can use Google to find all their respective sites.

You’ll need the PIN number they sent you in the snail mail to lift the freeze. You can lift it by date range or by a specific business.

raomonger
raomonger

How am I assured that credit monitoring services like credit karma are not/will not be hacked? Do I give my information to another site?

abey
abey

Thanks william, i succesfuly added a fraud alert.
Experian is very easy if you have an account with them already

Back to Top ↑