On September 7, 2017, credit reporting agency Equifax announced what it described as a “cybersecurity incident” potentially involving 143 million customers. According to an Equifax statement, the incident of unauthorized access occurred from mid-May through July 2017.
USA Today calls the incident “the gravest commercial data breach in U.S. history,” as it left roughly half of the American population’s personal information vulnerable to access by cyber thieves. The leaked information included names, Social Security numbers, birthdates, and addresses.
The situation is frustrating, and it is an unfortunate reality of life in the digital age. Armed with these data, thieves could open credit cards or bank accounts in someone else’s name or even try to file a false tax return to claim a refund.
Moreover, many people believe Equifax did not respond with adequate speed and transparency. “Equifax was inept at protecting the data it compiles about you and just as clumsy at trying to help customers,” according to USA Today’s Editorial Board.
In light of all this, what are some steps we can take?
- Check EquifaxSecurity2017.com to see if you are affected. Equifax is allowing potential victims to enroll in one free year of TrustedID Premier, the company’s credit monitoring service. Enrolling in TrustedID Premier on September 7, 2017 may have included fine print about waiving certain consumer rights like the ability to participate in a class-action lawsuit. However, on September 8, Equifax clarified that enrolling in TrustedID Premier as a result of the security breach will not limit consumers’ legal rights.
- If you have one, change your Equifax.com user name and password. Also consider changing all your online passwords. You can make passwords stronger by using a combination of uppercase letters, lowercase letters, numerals, and special characters. As a best practice, do not use the same password across multiple websites, and consider using two-step password verification.
Pull credit reports from AnnualCreditReport.com to check for new accounts in your name. AnnualCreditReport.com is the only official site to request your credit reports. Federal law allows you to request one copy of your credit report from each of the three agencies (Equifax, Experian, and TransUnion) once every 12 months. You could request all three reports at once, or you could split them up over the course of a year, in such a way that you do not have to wait a whole year to get a more recent one.
- Consider paying for a third-party credit monitoring service. Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security tells CNBC that IDShield and LifeLock are two services that may monitor more sources to spot suspicious activity than the credit reporting agencies’ services.
- Consider freezing your credit files at Equifax, Experian, and TransUnion. Freezing your credit files is an extreme measure – although effective. It prevents anyone, including you, from obtaining new credit. Doing so has no impact on your existing credit lines like credit cards. You can continue to use them as you normally would. More information about freezing your credit is available here.
If you suspect your identity has been used fraudulently, IdentityTheft.gov has information and recovery plans for more than 30 types of identity theft.
Looking at the bright side, the security breach in question only affected Equifax. It is not related to the websites and providers that BCS Wealth Management use. The Equifax incident is disheartening, but we hope the resources above are helpful.