5 Steps To Take To Protect Yourself Against Massive Equifax Hack.
On Thursday, 7 September, Equifax announced that from mid-May through July 2017, criminals exploited a U.S. website application vulnerability to gain access to certain files. Specifically, this hack may potentially impact 143 million U.S. consumers. The information accessed includes names, Social Security numbers, birth dates, addresses and drivers license numbers. This is a major breach, not just because of the sheer number of people affected, but also the sensitivity of the type of information that was compromised. So what now? Below are five steps anyone who could possibly be affected should take.
1-Find out if you are affected
Equifax set up a dedicated site with details on the incident at www.equifaxsecurity2017.com. To find out if you were one of the millions affected, click on the Potential Impact link in the top navigation. Once there, you’re directed to the Check Potential Impact button, where you are then prompted to enter the last 6 digits of your Social Security number and last name. Seems straightforward enough, right? Not really. This is where it gets a bit vague. I checked multiple family members here, and received several different messages.
- When I entered my information, I received a notice telling me to check back on a specific date, and at that time I could continue enrollment in their TrustedID Premiere service (complimentary monitoring service in response to hack). Does this mean I was hacked or not? Unclear.
- After entering another family member’s info, I received a different message stating “Based on this information we believe that your personal information may have been impacted by this incident. Click the button below to continue your enrollment in TrustedID Premier.” This one is more clear, and obviously not good news.
To get clarification, I called their response line at 866-447-7559, and shockingly got a live person with no wait. She explained that they are still “clearing” names. So if you receive a message telling you to check back on a certain date, this just means they don’t know yet if your name was hacked, and will be able to tell you at that time.
2-Enroll in a credit monitoring service:
One option is to enroll in Equifax’s complimentary monitoring service, TrustedID which provides the following services:
- Equifax credit report
- 3-bureau credit file monitoring
- Equifax credit report lock
- Social Security number monitoring
- Up to $1M identity theft insurance
However, the terms and conditions are unclear, but it appears that signing up for this service means consumers sign away their right to sue Equifax. By waiving away their legal rights, consumers instead agree to arbitration. Other options are available if not comfortable with these terms; NextAdvisor provides reviews on several top credit monitoring services.
3-Monitor all your accounts
If you’re like me, you still probably aren’t feeling 100% secure, even after completing the above steps. We really don’t know what happened with our hacked information from May until now, so I recommend being vigilant in reviewing your account statements, checking for any changes in personal information or strange activity.
4-Visit the FTC for additional recommendations on protecting yourself from identity theft
The FTC Identity Theft site provides advice based on what type of information was stolen, and tells you exactly what to do, such as:
- Consider placing a credit freeze, which makes it harder for someone to open a new account in your name. Consider doing the same for your child if they are at risk.
- File taxes early. Scammers can use your Social Security number to file and get your refund.
- Do not believe anyone who calls and says you must pay taxes or a debt immediately, even if they have your personal information.
- Change passwords and login info
5- Finally if you have experienced identity theft, complete the form on the FTC Identity Theft Recovery site, which will provide a specific identity theft report and “to-do” recovery plan.
Credit: Liz Frazier Peck for Forbes 8 September 2017.