The Equifax hack announced last Friday may involve as many as 143 million U.S. consumers whose personal information was accessed by hackers between May and July. Equifax said the data accessed included names, social security numbers, credit card numbers and, in some cases, driver's license numbers. As a Gartner Inc. analyst who tracks identity theft and fraud put it: "On a scale of 1 to 10, this is a 10."
Equifax data breach checker
The first step you should take is to log on to Equifaxsecurity2017.com and follow the links that verify if your personal information was impacted. When you use the service, it will require you to enter your last name, the last six digits of your Social Security number, and to use a tool to verify that you are not a computerized robot. I did this and received this message: "Based on the information provided, we believe that your personal information may have been impacted by this incident."
If you are impacted, Equifax will offer you enrollment in their identity theft protection and credit monitoring service called TrustedID Premier. To begin the enrollment process you'll need to follow the same verification steps above, and then you'll be given an enrollment date – my enrollment date is a day this week when I'll complete the enrollment in Trusted ID Premier, and hopefully this will provide some measure of protection and early detection of ID theft. This being provided by Equifax – the victim of one of the largest data breeches in history – doesn't give me much confidence in the service.
Keeping the personal information safe from cyber thieves is supposed to be a core competency of Equifax, one of the three main consumer credit bureaus that gather, store and provide information to consumers and lenders. If Equifax can't keep their confidential data (and yours) safe from hackers, how can you expect to protect yourself?
Identity theft prevention vs. detection
Sadly, it should be clear by now to anyone reading this that if your personal and confidential information hasn't been compromised, it will be. The rational way to think about the theft of your personal information is that it is inevitable. When you come to this realization, there are two approaches you can take: prevention or detection.
It's not clear to me what, if anything anyone can do to prevent the theft of their data. Sure, you can enroll in TrustedID Premier, place a temporary Fraud Alert on your credit file, or take an even more drastic measure by placing a security freeze on your credit files. You can also activate credit monitoring and protection services such as LifeLock. You can also change your passwords frequently, use only sophisticated passwords (at least 8 characters, numbers letters and symbols), use a cross cut shredder to destroy all unneeded paper financial records and unused credit cards. These measures can help to keep the amateur ID thieves at bay.
But here's the thing; no matter how careful you are as an individual, you are not the target of professional identity thieves. The target of professional data thieves are the big data warehouses at retailers, large employers, the U.S. Government agencies and now the major consumer credit reporting bureaus.
Follow these steps on a regular basis
Early detection and immediate action is the only way to limit the damage that's done when your personal information is fraudulently accessed and used. Here are a few steps you can do to help detect and reduce the possibility that your personal account information is used fraudulently:
· NEVER use a debit card when making purchases online. Only credit cards come with the strongest protections, including not being directly connected to your cash in a bank account and the legal right to dispute illegitimate charges immediately.
· Regularly review all activity on your credit card, bank and financial accounts, and dispute or report unauthorized activity as soon as it's detected.
· Review your credit reports regularly, looking for changes and any incorrect account information.
· If your credit information has been compromised, ask the three credit bureaus to place a free fraud alert on your credit report file. Unless you qualify for an extended fraud alert, you'll need to renew this every 90 days. A fraud alert notifies lenders that they should take extra steps to confirm your ID, such as calling you at a preset phone number, before issuing new credit.
· You can also put a lock or security freeze on your credit report file. A freeze (which can be free or can cost about $10 per file depending on the state where you live) prevents new lenders from accessing your credit report. But be aware that when you use a security freeze, it may delay, interfere with or prohibit the timely approval of any request or application for a new loan, additional credit or applications for insurance, employment background checks, cell phones, etc.
Never do these things
Remember: never log into your financial accounts or enter your personal or credit card information on websites while connected to a wireless hot spot that's not secure. Using a hot spot in a public area that does not require any authentication exposes your computer to the risk of being hacked into by thieves who can look on the hot spot and then hack into your email accounts.
Never give discretion to your financial firms and advisers over your financial accounts without requiring additional security procedures in return. Require your financial firm to speak with you and request a verbal password (which is unique to your online password) when transfers are requested from your accounts. Of course, written instructions should also be required in addition to the verbal confirmations.
Finally, never use your email address as your login ID for any financial accounts. In some of the fraudulent transfers reported recently, the thief could use the victim's email address as the ID and then request a new password to be sent to their compromised email account.
Making these changes may be more of an inconvenience to you and your financial adviser, but if it increases the security of your accounts and prevents even one fraudulent transfer, it will be worth it.
Early detection and immediate action is the only way to limit and stop the damage that can be done when your personal information is fraudulently accessed and used.