IAS Security Hero

What I'm doing about the Equifax Breach

What Breach?

On September 7, 2017, Equifax CEO Rick Smith announced that on July 29, 2017 Equifax suffered a data breach between May and July 2017. The breach may have included the personal credit information of 143 million Americans, including social security numbers, birthdates, addresses, driver's license numbers and credit account information. To compare, there are only about 126 million households in America.

What does this mean?

If a malicious hacker were to get your personal information, they could sell it, or use it to impersonate you. They could open credit accounts in your name, and use them for illegal means. This could lead to lowering your credit score, or having charges pressed against you for non payment. It is serious, but we are all in this together.

What can I do?

Equifax has started a website, www.equifaxsecurity2017.com, where you can check to see if your record is impacted. After you enter your lastname and last 6 digits of your social security number (SSN) it will tell you whether your personal information was impacted or not. Based on the number of records affected, the answer to this is most likely, yes. Afterward, it will give you the opportunity to enroll in TrustedID Premier. Based on the number of enrollments, they will give you an enrollment date. Make sure to put this date into your calendar as they will not remind you of the date.

On your enrollment date, you will have to return to the link they gave you and continue through the enrollment process.

Once enrolled, Equifax will monitor your credit and alert you if there is a problem.

What is Brian doing?

I have set up my enrollment date like above. My wife was not in the list (surprisingly), but I still scheduled an enrollment date for her. My young daughter was not in the list (not surprisingly), but I'll enroll her, too. What a nightmare if she started out life with bad credit!

In addition, you can put a freeze on your credit accounts. This tells the major 4 credit agencies that your credit report should not be shared and a new line of credit should not be opened. If you aren't looking at taking out a loan (personal, home mortgage, car loan, etc), there is no reason that your account should be available for a criminal to try to use. It means that you have to remember to unfreeze the account at a later time should you want to take out a loan. Its that simple!

In order to freeze your credit, you must notify each of the major credit buereaus of your wish. Brian Krebs, a renown information security professional has a great post on the ins and outs of putting your credit on freeze. Depending on your situation, it may cost money to freeze your accounts, but the peace of mind may be worth the cost. For New Jersey residents, it should be free to freeze your credit account whether or not you are a victim.

Equifax Security Freeze
Experian Security Freeze
Innovis Security Freeze
TransUnion Security Freeze

Additionally, I check my credit report annually when I do my taxes. This is another way to audit your account and make sure you know what is there. The first time I did this, one credit reporting agency had my birth year in 1918. No wonder I was getting AARP notices in my 20's. A few years later, I found a credit card account I had opened in college was still open. Luckily, it didn't have a balance, but a line of credit affects your score. For both items, I made sure to call and get the situation cleared up.

New Jersey resident Free Credit Report Information Website

Also, this information could be used to open a Social Security Administration account and conduct Social Security Fraud. You can create an account linked to your social security number now, to ensure a criminal won't do it for you. Of course, if you, or a criminal, tries to create the account after you freeze the account, you won't be able to. Thanks @telemachus for the tip!

My Social Security

Should I panic?

Don't panic, make a plan. Decide what is best for you and your family going forward. Follow your plan and schedule regular checkups on your credit. The sky isn't falling, you are among 143 million other Americans in the same situation. Be wary for phishing attacks based on everything in the news. It is only a matter of time before you start getting emails telling you to sign up for credit monitoring at malicious sites. Stay aware and stay cybersafe!

What do I do if I find fraudulent accounts on my credit report?

Patrick McKenzie (@patio11), a hobbyist ghostwriter, has written an excellent blog post on what to do if you find fraudulent accounts on your credit report. Patrick is not a lawyer, but has spent a significant amount of time in the business of ghostwriting for people to get their credit accounts cleared up and fixed. His post may have some good information in it to help you in case your account gets compromised.

Addendum

Just to clarify, a few folks have mentioned the arbitration clause which basically is a waiver of your rights to sue.

"ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION."

https://trustedidpremier.com/static/terms

Based on the FAQ from Equifax, this waiver is only for trustedidpremier.com, the monitoring company, not against Equifax itself.

"The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident."

https://www.equifaxsecurity2017.com/frequently-asked-questions