The Equifax Hack: What You Can Do

According to the Federal Trade Commission, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax.” The breach, which occurred from mid-May through July and includes names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed. Personal information for some people in the UK and Canada was nabbed as well. Equifax supposedly found no evidence of unauthorized access to their core consumer or commercial credit reporting databases.

Hopefully it goes without saying that this is an incredibly serious hack. Anyone in possession of all that information has all the tools needed to commit identity theft. Here’s what you can do to protect yourself and your identity.

Assume You’re Affected
Equifax has set up a web site where consumers can check whether they are among the 143 million people affected by the breach. Some experts believe that the actual number of people might actually be much larger than Equifax’s estimate, however, so in our opinion it’s best to assume that you’re in the pool of those affected by the breach.

What Not to Do

  • Don’t sign up for Equifax’s credit monitoring program. This might sound counter-intuitive, but hear us out. There are three significant reasons consumers should not sign up for Equifax’s TrustedID service. Reason #1 is that, buried in the fine print of the Terms of Service you must accept when you sign up for TrustedID is a specific arbitration clause that waives your ability to participate in a class action lawsuit against Equifax. The clause says:

    AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

    Reason #2 goes hand in hand with Reason #1, and it is this: Equifax’s TrustedID service is free for only one year. However, the information stolen by the hackers will be valid for a lifetime. Do you really want to sign away your right to participate in any future class action suits against Equifax at any time for one year of monitoring? Finally, Reason #3 is just good old fashioned skepticism. Equifax is one of the three major credit bureaus. It is also the company that just experienced the largest credit bureau data breach in history. How much should consumers trust a company that has already failed once to keep sensitive, vital private information private?

  • Don’t sign up for a credit monitoring service that charges a monthly fee. At least one major blogger is suggesting that consumers sign up for an identity theft protection service such as LifeLock. (She even arranged a deal to get you the first 30 days free and a 10% discount on the LifeLock membership fee after those first 30 days.) Protection plans with LifeLock start at $9.99/month, but the most expensive plan that offers the most extensive coverage will set you back $29.99/month. The high monthly cost alone is enough to cause us not to recommend LifeLock, but the company’s track record is also worth considering: LifeLock paid major settlements in 2010 and again in 2015 due to allegations that the company failed to keep its customers’ personal information safe. Equifax failing to protect our information is the reason we’re all concerned, so we can’t in good conscience recommend another company that already has a track record of alleged similar failures, and especially one that charges a monthly fee.

What to Do Instead
At this point you’re probably asking, “What’s a concerned person to do in the wake of this data breach?” Fortunately, there are things you can do!

  • Check your credit report for accuracy by visiting annualcreditreport.com and requesting a copy of your credit report from each of the three credit bureaus. By law every consumer is entitled to one free copy of his or her credit report from each of the three bureaus once every 12 months. (Remember that annualcreditreport.com is the only web site mandated by the law to use in obtaining your free credit reports!) Keeping track of the accuracy of information on your credit report is something that should be done throughout the year anyway. For example, you could check Equifax in January, Experian four months later in May, and TransUnion another four months later in September. In light of this data breach, extra-cautious consumers might want to request the free report from each bureau right away. If you want to save two reports for use in the next year, you should start with requesting your free report from Equifax. Remember, if you find inaccurate information, you may submit a written dispute and by law the credit bureaus have 30 days to address the dispute and correct the inaccuracies.
  • Check the recent activity on your credit cards. (This is another one of those things that should be done all the time.) If you notice a purchase that you don’t remember making, call the credit card company to dispute it. Most credit card companies offer additional services, such as text message alerts any time a purchase is made. You may want to consider signing up for alerts or notifications like those to keep you apprised of purchases that are made so you can act quickly in the event that someone is using your card or card number without your permission.
  • Put a fraud alert on your credit report with each of the three credit bureaus. A fraud alert is free and lasts for 90 days. During that time, you must be contacted anytime someone (whether it’s actually you or a scammer) attempts to open a new line of credit using your information. For example, say you’re buying clothes for your kids and you decide to open a store charge to get an extra 20% your purchase. With a fraud alert in place, the creditor is able to get a copy of your credit report as long as steps are taken (such as calling you at the number you provided when setting up the alert) to verify your identity. While fraud alerts may be effective at stopping someone from opening new credit accounts in your name, they may not prevent the misuse of your existing accounts so you should still monitor all your existing accounts for fraudulent transactions.
      You can request fraud alerts online or by phone using the contact information below.

    • TransUnion: 1-800-680-7289
    • Experian: 1-888-397-3742
    • Equifax: 1-888-766-0008
  • Consider putting a freeze on your credit reports. Also known as a security freeze, a credit freeze lets you restrict access to your credit report, which in turn makes it more difficult for identity thieves to open new accounts in your name. Because most creditors need to see your credit report before they approve a new account, they may not extend credit if they are unable to see your report. The cost of a credit freeze varies, but is typically a one-time fee of $5-10 per bureau. (You can find more information on the cost of a credit freeze here.) Paying $15-30 one time is a small cost when you consider that a freeze does not “expire” like a fraud alert and will protect your credit report until you ask for the freeze to be lifted. A freeze will not keep you from opening a new account, applying for a job, renting an apartment, or buying insurance, but if you’re planning to do any of those things you’ll need to lift the freeze temporarily. You can lift the freeze temporarily either for a specific time or for a specific party, such as a potential landlord or employer. The cost and lead times to lift a freeze vary, so it’s best to check with the credit reporting company in advance.

Comments are closed.