In the past few weeks I’ve fielded numerous questions from clients about the Equifax hack asking what to do about it. The best advice I can give you is to regularly monitor your bank and credit card accounts or pay for a service to do this for you. Best is to do it yourself! Your awareness of your own account activity and prompt action if/when anything is amiss is the best protection. Finding an old error or fraudulent transaction can be difficult to prove and fix. Quickly bringing an issue to the attention of your bank or credit card company will usually result in a speedy resolution in your favor.
What happened? From about mid-May to July 30, hackers ransacked vast troves of information at Equifax, one of the three big credit reporting companies. The breach, as you probably have read, potentially exposed about 143 million Americans’ personal information, including names, addresses, dates of birth and Social Security numbers. The hack stunned many people who became increasingly aware of their own vulnerability to the largely invisible financial system that we have come to depend on.
Since Equifax disclosed the breach, the company has lost over $4billion in market value. Subsequent investigations have begun to expose the company’s negligence. The bug exploited by hackers was “known and could have been fixed and patched, says Ted Schlein, a general partner at venture-capital firm Kleiner, Perkins. Meanwhile, three Equifax officials, including the company’s finance chief, sold a total of about $1.8 million in stock August 1 and 2, according to securities filings, selling their stock before the public announcement and drop in price. Equifax has said they didn’t know the about the breach at the time of the stock sales. This is unlikely, as the well-known cyber-investigations firm Mandiant was brought in officially on August 2.
Regardless of the company’s negligence, people want to know how to protect themselves from this and other potential cyber-vulnerabilities.
Awareness and monitoring of your bank and credit card accounts is key.
- Check your Credit Report – Here is a link to a free credit report. You can run this report annually and review (for free!) it to see if there is any activity you do not recognize. This could include opening a new account, applying for any type of credit, late payments or any other activity that does not look familiar. There are other services such as LifeLock.com, but they do charge a monthly fee. https://www.annualcreditreport.com/index.action
- Report any Suspicious Activity – If you see anything suspicious, contact the credit card or bank’s fraud department immediately. You are not responsible for charges made on a fraudulent card, or fraudulent activity on your card, but you must report the issue in a timely manner.
- Recovering – If you have been the victim of any type of fraudulent activity or identity theft, you can follow the steps outlined by the Federal Trade Commission in this useful Guide. https://www.identitytheft.gov/Assistant#
- Tax Season – It’s still too early to know if and how the data are exposed in the breach could be misused, but one concern is that identity thieves can use stolen Social Security numbers to file fraudulent tax returns and receive refunds. When people file their taxes, the IRS tells them their return has already been filed. One way to prevent this from happening is to file early. For more information, the IRS has published a Guide on tax fraud.https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft
- Freezing Your Credit – If you want to be more proactive, you can Freeze Your Credit temporarily and Set Up a Fraud Alert. When you freeze your credit, you set up a PIN on your credit accounts. Any use of your credit will require providing the PIN – information that the hackers will not have access to. A fraud alert can also be set so that credit card companies are required to verify your identity before opening any account. To set up the Freeze and the Alert, contact each of the credit bureaus using these phone numbers:
Equifax – 1-800-349-9960
Experian – 1-888-397-3742
TransUnion – 1-888-909-8872
- Equifax’s Identity Protection Program – I don’t recommend using Equifax’s Trusted ID program since this is the database that just got hacked. Providing them with additional information just isn’t a good idea. Furthermore, enrolling in this program may prevent you from participating in a class-action lawsuit.
- Monitor Your Accounts – While it is a convenience to have automated bill payment and other bank account management services, you must look at your bank and credit card accounts on a regular basis, review your transactions, and immediately report anything that is not familiar to you.
- Help Others – These processes are fairly simple and many require just a few short phone calls or online activities. But many people are just not good at doing these things. You may want to help some of your friends or family members to set up a couple of routine monitoring activities.
If you would like to know more about credit card fraud, you can download this Consumer Action Question and Answer Guide. [Create link to website, post document under Resources]
These days, it is important to be vigilant about your financial accounts. Taking some routine actions a few minutes a month is the best way to protect your ongoing financial security.