Thursday, September 14, 2017

EQUIFAX DATA BREACH 2017
INFO AND GUIDANCE

Disclaimer:  this article is written and provided for your information only, you assume any risks associated with taking any of the recommendations provided, and I am not responsible for any issues or problems based off your use of this information.


WHAT HAPPENED

The company Equifax is one of the three major credit reporting agencies in the United States. A security breach happened, which lasted between May and July of 2017. During that time attackers were able to gain access to private data such as social security numbers, birth dates, addresses, and driver's license numbers. All of this information is very sensitive as it can be used in identity theft.

This attack affected over 143 MILLION Americans (most of the U.S. adult population). Data from people in the U.K. and Canada was also stolen in this attack.


WHAT DOES THIS MEAN FOR ME

Equifax discovered this hack on July 29, 2017, but did not publicly disclose it for more than a month, giving attackers plenty of time to start using our information before we could begin to protect ourselves. Additionally, it was found that company executives at Equifax sold shares totalling more than $1.8 million dollars just days after the breach was discovered. It is very clear that Equifax does not care about us, and we must take steps on our own to protect ourselves.


WHAT SHOULD I DO

1.  Check to see if you were affected by this incident.  You can either call them (866-447-7559) or check online at www.equifaxsecurity2017.com to see if your data was stolen.

2.  Place an initial 90 day fraud alert on your file.  This is free and will require lenders to contact you if someone (including yourself) tries to apply for credit. You only have to do this with one of the following bureaus in order for the alert to be placed on all three:


Equifax - 1-888-766-0008 
Experian - 1-888-397-3742 
Transunion - 1-800-680-7289

3.  Consider freezing your credit reports.  Doing this stops thieves from opening new credit lines under your name. This also affects you, because if you need to apply for new lines of credit, you will need to release the freeze a few days before. Keep in mind that Equifax allows you to unfreeze the credit report by calling in and providing personally identifiable information (such as the very info that was stolen in this attack!) so even if you do this it is important to keep monitoring it.

A security freeze makes it harder to open new accounts in your name. It does not affect accounts that you already have open. If you were not intending to apply for new credit anytime soon (auto loan, credit cards, etc), then placing the security freeze is worth considering.

4.  Closely monitor your credit using the free credit reports available (one each annually from the 3 major companies).  The best advice is to check one of these reports every 4 months (which gives you visibility throughout the year). In particular, you want to look for OPEN lines of credit and make sure that they are legitimate. You can do this at www.annualcreditreport.com.

5.  Stay vigilant and look out for scam email, phone calls, and text messages. Attackers will probably use this event to try and trick you using fake messages, maybe appearing to come from Equifax or your bank or credit card companies. Always verify any suspicious or unexpected message by calling the company directly (use the number on the back of your card, or verify the number is correct - don't call back numbers on messages you receive in case they are fake).

6.  Check to see if your credit card company offers some form of identity theft protection and credit monitoring.  For example, Capital
One offers a free service called Credit Wise which will send you monthly reports and various alerts regarding changes to your credit profile. You may be eligible for this (or something similar) and should definitely take advantage of it.

7.  Check and update all of your online accounts.  Use a password manager program to securely store all of your passwords. Use different passwords for all of your accounts. Where possible, use multi-factor authentication (such as 2-step authentication available on Google mail accounts). Make sure all of the information contained in any accounts you own is current and up to date, and consider using this opportunity as a time to change all of your passwords. Close any accounts that you no longer use.


LEGAL CONSIDERATIONS

Due to the size of this incident, there will likely be a class action suit against Equifax. You may have the option of participating in this, or suing Equifax yourself in small claims court. If you choose to do either of these, you should consult with an attorney to review your options. Be aware that if you accept the free credit monitoring service that Equifax is offering people affected by this, you may waive your rights to sue them. (Equifax is claiming this is not true, but how much can we trust them?) You may want to consider purchasing your own credit monitoring service (such as LifeLock).


IF YOU BECOME A VICTIM OF IDENTITY THEFT

If it is found that you have become a victim of identity theft, you should take
the following actions:

1.  File a Police report.  Go to your local Police station and file an official
report with them.

2.  Freeze your credit files with all three bureaus.  (Freezing is free with a valid Police report).


3.  Fill out a Form 14039 and send to the IRS.  https://www.irs.gov/pub/irs-pdf/f14039.pdf


REFERENCES

More information is available at the following web sites.

FTC -
https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do


ABC - http://abcnews.go.com/Technology/wireStory/speed-equifax-data-breach-sc andal-49771561


USA TODAY - https://www.usatoday.com/story/money/2017/09/11/how-defend-yourseaft er-equifax-data-breach-credit-report-freeze-strong-defense-against-identity- thef/654065001/


CREDIT KARMA - https://www.creditkarma.com/article/what-is-a-fraud-alert