Yesterday, Equifax announced a data breach that potentially impacts 143 million people. While we’ve all become somewhat desensitized to these types of breaches due to the sheer number of them over the last few years, this is probably the worst one I’ve seen. It sounds like the usual data from virtually everyone was obtained (name, address, SSN, DOB, etc.), but for a smaller group, also credit card numbers, driver’s license numbers, and other personally identifiable information from dispute documents that were accessed. The breach was discovered on July 29th, but the unauthorized data access occurred as far back as mid-May. My sense is that if bad things were going to happen to you as a result of this breach, they probably would have already happened, though it’s possible there will be a surge now that the public is aware in an attempt to get fraudulent activity in prior to credit card account numbers being changed and other preventative action taken.
The good news is that credit fraud almost never results in financial loss to the victim. It creates a nightmare of forms to fill out, phonecalls to make, and customer service reps to deal with, but generally, you’re not responsible for anything that’s fraudulent. The person claiming fraud is virtually always given the benefit of the doubt as well. The thieves are stealing from the credit card companies, the banks, and the retailers (or the IRS / states if it’s fraudulent tax returns that get filed), not from you. Where it could impact you is if you’re applying for credit like a mortgage in the middle of fraudulent activity that has lowered your credit score and put derogatory marks on your credit report.
Equifax is supposedly contacting affected consumers (those whose credit card numbers or certain other information was accessed) by mail in the next few days. If your credit card info was taken, you should get those cards replaced. If your driver’s license number was taken, you should contact your DMV. If other data was taken, my guess is that it’s no worse than the other hundreds of recent hacks. Your name, address, DOB, SSN, and even medical information has likely already been accessed from the health insurance hacks and various other financial and retail hacks. If you’re concerned, the best advice I can give is to freeze your credit with the credit agencies (https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs) which will prevent new accounts from being opened, and to monitor your credit score / credit report / account statements regularly to detect any unauthorized use of existing accounts. You could go so far as to hire a service like https://www.lifelock.com/ (I have no personal experience with them and can’t recommend them on that basis) if you’re really concerned. Equifax is also offering a free year of credit monitoring as a result of the breach (see below for more info).
In general, I think freezing your credit is a good idea if you’re not planning to need a credit check in the near future, but it can be a real nuisance if you forget that you did it and you’re urgently trying to get something done (like getting a new cell phone, establishing utilities, applying for financial aid, or a host of other things that will be disrupted if your credit is frozen when you do it). I think it’s just a matter of whether you consider freezing / unfreezing to be more inconvenient than dealing with ID theft / credit fraud if it happens (adjusted for the probability of it happening). There are some easy things that I think we should all do to mitigate the risk of credit fraud / id theft. Those are:
· checking your credit report regularly (almost all credit cards provide access now and there are also free services like www.creditkarma.com (though be aware that they are collecting, storing, and potentially selling your data as well) and annualcreditreport.com).
· setting alerts on your existing accounts so you’re notified by text or email when charges are incurred or money transfers are attempted.
· using a different password for each website that you use.
· not keeping a lot of money in checking accounts or other accounts which can be accessed via fraudulent checks or debit cards.
More information on this data breach is available directly from Equifax at: https://www.equifaxsecurity2017.com/. At that site, you can also register for the one year of free credit monitoring that they are providing. I can’t think of any downside to registering for that service other than potentially having to field a request to join a paid service at the end of the year. Whether or not you feel it’s worth your time/energy is obviously up to you.
If you believe you have been the victim of identity theft, go to www.identitytheft.gov and follow their instructions. This will involve reporting the fraud to the credit agencies, filing a police report, and contacting the companies that have opened fraudulent accounts. The website does a fantastic job of walking you through the process.