Just when we thought it was safe again, Equifax, one of the three national credit reporting agencies, announced a major cybersecurity breach.
The Equifax security team noticed suspicious activity on July 29, according to a company news release. However, it was not until Sept. 7 that they publicly announced the breach.
And this was not your typical hacking. It is estimated that the personal information of 143 million U.S. consumers was compromised. (Note: The U.S. population is approximately 325 million.) The information obtained includes Social Security numbers, addresses, birth dates and, in some cases, driver’s license information. Equifax encouraged us to go to www.equifaxsecurity2017.com to find out whether we were one of the millions whose personal information was stolen in the attack.
If you were caught up in this latest cybersecurity incident, the Consumer Financial Protection Bureau (CFPB) offers 10 ways for you to protect yourself. Here are a few of the tips.
1. Review your credit report. Everyone is eligible to request a free copy of their credit report from www.annualcreditreport.com. This entitles you to a report from the three major credit reporting agencies — Equifax, Experian and TransUnion — every 12 months. You may also have access to other services that provide your credit report.
2. Consider a security freeze. A security freeze or credit freeze on your credit report restricts access to your credit file. Creditors typically won’t offer you credit if they can’t access your credit reporting file, so a freeze prevents you and others from opening new accounts in your name. In almost all states, a freeze lasts until you remove it. In some states, it expires after seven years.
3. Set up a fraud alert. Fraud alerts require that a financial institution verify your identity before opening a new account, issuing an additional card or increasing the credit limit on an existing account. A fraud alert won’t prevent lenders from opening new accounts in your name, but it will require that the lenders take additional identification verification steps to make sure that it’s you making the request. An initial fraud alert lasts for only 90 days, so you may want to watch for when to renew it. You can also set up an extended alert for identity theft victims, which is good for seven years. The CFPB’s website provides steps on how to place a fraud alert on your credit report.
4. Read your credit card and bank statements carefully. This will require opening your paper statements and reviewing the activity regularly. If you no longer receive paper copies, it is important that you log in to your accounts via your smartphone or computer to monitor the transactions. Look for purchases that you do not recognize — even small ones. Fraudulent purchases may start out with small-dollar amounts to see whether they are detected before the criminal goes in for the big one.
5. Change your passwords. It is recommended that we change the passwords on our accounts regularly. We also are advised not to use the same password for all accounts. Do not use obvious passwords that can be easily guessed, like your child’s name or date of birth. Keeping track of all of these passwords can be a hassle. There are now a number of services that will not only create strong passwords but store them as well. Do some research to determine which one you prefer. Otherwise, the Federal Trade Commission (FTC) offers tips on how to create strong passwords.
For the complete list of the “Top Ten Ways to Protect Yourself in the Wake of the Equifax Data Breach,” go to www.consumerfinance.gov.
Equifax offered one year of complimentary credit monitoring service to everyone impacted by the breach. However, once the year is up, we are on our own to pay for continued protection. Keep in mind we are not required to continue service with them after the 12 months. Check with your current credit card companies to see what monitoring service is available.
It is especially important that we pay careful attention to seniors and minors who are particularly vulnerable. The FTC’s website offers information on how to deal with child identity theft.
Given the size of this breach, we must be even more diligent and follow the steps outlined by the CFPB. Cybersecurity attacks are becoming more common. Therefore, unless we plan to go completely off the grid as consumers, we must adapt to this new normal in protecting ourselves from future threats. It may be Equifax today, but tomorrow it will be Company X.
Jocelyn Wright is the chair of the State Farm Center for Women and Financial Services at The American College. Jocelyn may be contacted at [email protected]