Just a couple of quick notes regarding the Equifax data breach:
There’s been a lot of reporting, and Equifax’s response has changed a bit over the last few days, so I’m trying to be careful.
(ie. At first, their free credit monitoring enrollment deal for folks who’d potentially been compromised required people to agree not to join a class action lawsuit or some such nonsense, but after an outcry, that language was removed from their agreement and they’ve stated publicly several times now that there is no such restriction).
The main thing – as always – is that everyone needs to regularly be monitoring their credit records and make sure that no accounts are open in their names that they don’t expect to be there.
Several credit card companies now provide unlimited free access to your credit reports and scores (Capital One, Chase, etc).
Also, I’m pretty impressed with the free service CreditKarma (supported by ads on their site – i.e. lots of recommendations to apply for credit cards through their affiliate links). Once you’re on there, there’s an “Accounts” tab and it immediately takes you to a list of all open credit accounts as reported by TransUnion and by Equifax. Takes about 10 seconds to check.
The first line of defense is always to keep an eye on the credit records.
This is Equifax’s current Q&A on the situation and the TrustedID Premier that they’re offering folks: https://www.equifaxsecurity2017.com
To see if you personally were amongst those who’s information may have gotten out, go here: https://www.equifaxsecurity2017.com/potential-impact/
However, one reporter (at the NYT) used Equifax’s “did I get hacked” page to see if he was and he was told “your personal information may have been impacted”. But skeptic that he was, he then started putting in random names and random 6-digit numbers where they ask for the last 6 of your SSN — and in every case got the same message. So he speculates that Equifax doesn’t actually know whose data got out there or not and they’re just telling everyone that they may have been affected, which is pretty noncommittal.
Other than monitoring your credit records (as noted above):
You can freeze your credit: If you’re really worried, you can actually freeze your credit information on the three reporting bureaus sites, but it’s not free. Short of actually freezing your credit information (which would make it much harder for someone to open a credit account in your name), most of the rest of the options out there are just variations on monitoring.
The Points Guy – a site which monitors credit card offers and travel deals (and we do recommend keeping an eye – sometimes there are particularly good deals) has written a great article with some more detail about freezing your credit. A few important things to know: (a) it does not stop “informational” pulls at your credit records – you can still use your credit monitoring tools, and you may even still get offers of credit; (b) it has no impact on you checking your Social Security records or getting your Social Security; (c) the freeze may be lifted at your request, with a PIN – temporarily as you need if/when you do actually want to apply for a new extension of credit (i.e., a new credit card, mortgage or other loan); (d) the costs vary by state, usually around $10 per credit agency, per person to freeze, and another $10/agency each time you temporarily lift the freeze (and you don’t always have to lift all three – if you’re applying for credit, you can ask which agency they are going to pull your records from).
Here’s the article from The Points Guy about this: https://thepointsguy.com/2017/09/what-to-know-about-credit-freeze/
Watch your taxes: Anyone who hasn’t already filed their taxes (the 2016 deadline is still another month away) could be in danger of someone filing with their information in order to fraudulently claim a rebate. And, of course, we’ll start a whole new round of worries about this after the new year.
Keep an eye on your insurance (ie. look for EOBs) I’ve seen a note or two about the rise of *medical* identity theft – using someone’s ID info to get medical care and claim insurance benefits in other people’s names — but this seems to be very much less common, at least at this point. (We strongly recommend scrutinizing all EOBs anyway. Medical billing errors happen all the time and are often easily overlooked, particularly when it’s the insurance company which actually pays.)
Bottom line — at this point — there’s just really not much to do other than being wary. Which is really what we needed to do before this was made public anyway.
If you find you have had some account fraudulently opened in your name, immediately report it, document everything, and at that point, definitely consider the freezes if you haven’t already been considering them.
I hope you found this helpful. Please let me know if you have any questions – or if you have anything to add to this. We’re all just figuring out what to do.