Something complicated happened Thursday, and it sounds bad. Actually, it's worse than that.
Would you deposit your money in a bank that’s just been robbed?
Rent an apartment with no lock on the back door?
Hire an overweight personal trainer?
Those questions all imply some disturbing ironies. None compare to Thursday’s data breach at Equifax, one of the Big Three credit bureaus.
Definitely not funny
To grasp this awful irony, you need to know two things…
- Hackers may have acquired access to the personal information of 143 million Americans. There are only 323 million Americans.
- Equifax advertises on its homepage, “Take control with a one-stop credit monitoring and ID theft protection solution from Equifax.”
That’s right, Equifax wants you to pay $19.95 a month for its Complete Premier Plan that will “Help monitor your credit and Social Security Number.”
Yet as Fox Business reported Thursday…
Criminals “exploited U.S. website application vulnerability” to access files ranging from Social Security numbers, birth dates, addresses and driver’s license numbers. Hackers also accessed the credit card numbers of about 209,000 consumers in the U.S. and other documents with personal identifying information for about 182,000 people in the U.S.
Even worse, Equifax says “the unauthorized entry occurred mid-May through July 2017.” So the bad guys already have a head start. Before we review what you can do to protect yourself, let’s look a little closer at the problem.
Not the first, not the last
Equifax is one of the nation’s three largest consumer credit reporting agencies. Based in Atlanta, it collects in-depth information on how you spend your money. All of that information gets crunched into your credit report. Everything from the exact date you got your first new credit card to how many times you’ve been late paying your car loan.
Once a year, you can check your Equifax credit report for free. You can do the same with the other two credit bureaus, called Experian and TransUnion.
This week marks the first major data breach at one of the Big Three credit bureaus. I’m telling you right now, it won’t be the last.
Back in July, a Debt.com reader asked me about “a couple charges I didn’t make” that showed up in her Bank of America account. The bank took care of the problem and didn’t charge her, but it still concerned her. It should have.
As I wrote then, a poll of nearly 400 financial pros found 64 percent “reported that either their organization or one of their clients was involved in a cybersecurity event in the past year.”
A “cybersecurity event” sounds clinical, but that describes what happened at Equifax. With more than 12 million identity theft victims per year, 7.5 percent of all U.S. households have experienced some form of that awful crime.
What you can and should do
Two drastic steps you can take…
1. Fraud alert – As Debt.com has reported before, “Think of fraud alerts as the yellow light on a traffic signal. They tell credit agencies to pay extra attention to information requests about you and can slow down the process of getting a job, loan, credit card or mortgage. They’re free, easy to apply for, last 90 days, and can be renewed.”
2. Credit freeze – If fraud alerts are yellow lights, these are red ones. A freeze prevents the credit bureaus from giving out your information unless you give written permission. So if hackers have some of your data, they can’t use it to request more.
Credit freezes aren’t always free, and rules vary from state to state. Check this list of credit freeze rules for your state.
So you have to contact Equifax, which got hacked itself, to set up either an alert or a freeze. In a final irony, Equifax has set up this website – https://www.equifaxsecurity2017.com – that allows you “to enroll in complimentary identity theft protection and credit file monitoring.”
If you’re wary of putting your trust in the same company that couldn’t monitor its own records, you may want to consider trusted alternatives that specialize in protecting identity. For example, LifeLock is currently offering a 10% discount in addition to a 30 day trial on their Identity Protection products.