By now you have probably heard that personal information for 143 million people was compromised at Equifax, one of the largest credit reporting agencies in the United States. The compromised information included individual names, addresses, birth dates and Social Security numbers.
Rick Smith, Chairman and CEO of Equifax Inc., explains in details on the worst cybersecurity incident that exposes consumer information below.
Here are 10 ways you should be taking to protect yourself after the worst leak of personal info ever by Equifax.
1. Check if your information may have been compromised. You can visit www.equifaxsecurity2017.com to determine if your information may have been compromised.
2. Sign up for account alerts with your banks and review your bank statements and credit card activities. Be vigilant to monitor your financial health. Watch for unexpected medical bills or other purchases you didn’t make.
3. Review your credit bureau records. By law, you can access your credit reports once every 12 months at annualcreditreport.com. Based on the Equifax breach, it is a good idea to check your credit report soon to verify there is no suspicious activity. Be careful for scam sites offering free credit reports by signing up for a service. Check your postal mail and email for signs of suspicious credit activity and fraudulent charges on existing accounts. Fraud is your near-term risk as criminals may try create credit in your name or use stolen credit card information.
4. Be aware of scammers. After cybersecurity incidents, fraudsters often use phishing and other scams to impersonate legitimate companies or organizations in an attempt to lure consumers into revealing confidential information. Guard against phishing and other types of social engineering attempts – If the information about you has been stolen from Equifax files, it may be enough to craft fake emails, texts or phone calls against you. Criminals may impersonate your bank, PayPal or even Equifax itself to convince you to click on a link, open an attachment or give sensitive information over the phone. While very convincing, these attempts may download malware or steal login credentials. Never login to a website through a link or open attachments you weren’t expecting — and never give out your login (e.g., passwords, passcodes, PIN) over the phone. Instead, go to the website of your financial institution and login. Also, find more information about recent scam alerts directly from the US Federal Trade Commission.
5. Change your login credentials for credit-related accounts that could be compromised – The Equifax breach is serious enough that it may put other accounts at risk. At a minimum, reset the passwords, passcodes, PINs and security questions for Equifax and other credit agency accounts (Experian, Transunion) that you have. Consider whether credit card information on file with Equifax may be at risk. It is critical to ensure every login is unique for each account, create answers to security (challenge) questions that are not easy to guess and that your account PIN is not based on a known number sequence (e.g., child birthday, your birthday, house number, postal code). Guessed PIN codes often allow criminals to change your account security information.
6. Use 2-factor authentication (2FA) for every account where it is available – While not perfect, 2FA provides an extra layer of security by requiring that you enter a separate security code sent to your phone or email when you login. There are other methods for 2FA that institutions may employ. 2FA is becoming more widely available, so check with your bank and other institutions to enable it. You should always use 2FA for personal email, changes to login credentials and high-value/sensitive accounts.
7. Consider credit monitoring. Do your research and consider which credit monitoring service might be right for you. As a result of the Equifax breach, Equifax is offering a full year of credit monitoring to every US consumer at-no-cost. There may be risks to your consumer rights with this offer, so do your research here as there may be a legal catch to this “FREE” offer.
8. Request a Credit Freeze to your credit profile – Each of the main credit bureaus (Equifax, Experian, Transunion) offer the ability to “freeze” your credit for a fee. Once frozen, no one can add credit in your name or pull your credit information until you stop the freeze. If you don’t have plans to take out new credit (buy a home, a car or open a new credit account) consider the freeze option.
9. Monitor the credit profile of your children – Regardless of their age, if you have children, their credit profile is at risk. With a Social Security Number (SSN), a date of birth and simple personal information, a criminal can open credit in the name of your kids. It is increasingly common for young adults to check their credit, only to find they have been the victims of financial fraud and identity theft for years. As a parent, you can protect your children by checking their credit report, establish credit monitoring or put a credit freeze on their credit profile. In the wake of the Equifax breach, their risk has increased.
10. Stay informed and think big picture. The Equifax breach feels urgent today and is grabbing big headlines, but as the news and attention fades, cybercriminals will continue to sell our information and exploit our credit profiles. They will be leveraging stolen information for years to come and we can’t let our guard down. The best defense against becoming a victim is to stay informed about these cyber events, employ best practices and security technologies as they become available. In the big picture, everything is becoming ever more digitally interconnected, from your email and social media to the personal and financial information of you and your family.