The Equifax Breach: What You Should Do
The Equifax data breach affects some 143 million people, or, once you [hopefully] factor out children and people with supposedly no credit history to track, roughly 44% of the total population of the United States.
Should you be alarmed? Yes. Absolutely.
But what practical steps can you take now to protect yourself, or minimize the damage?
The first step should be to find out whether or not you are personally affected. Equifax has set up a special “Cybersecurity Incident & Important Consumer Information” website where you can check the last six digits of your Social Security Number against their list of exposed records. Note that, earlier today, Ars Technica reported there was some alarming language on that site that made it appear as if the simple act of checking to see if you were affected would strip you of the right to sue Equifax for any actual damage incurred from the breach. After an immediate public outcry, and a stunningly harsh public rebuke by NY Attorney General Eric Schneiderman, Equifax has already walked back that language to reassure customers that the codicil would not apply to this event. [It may, however, still apply to any future breaches.]
Next, you should take Equifax up on its offer to provide free credit monitoring via their TrustedID Premier product for one year. This service will monitor your credit report across all the reporting agencies (Equifax, Experian, and TransUnion) and alert you immediately of any suspicious activity. This product also includes identity theft insurance, and features periodic scans of the Internet to check for the presence of your Social Security number, particularly on identity trading sites lurking on the “dark web”. Again, though, take note of the terms and conditions of this service, and take steps to ensure it is not automatically renewed without your consent, and with a substantial fee.
If you suspect you have been exposed, the next step is to put a freeze on your consumer credit report data to halt any further loss of personal information. Each credit agency has their own process for this, and, depending on the state you live in, may charge up to a $30 fee. Equifax is currently including the ability to lock and unlock your report for free for the next year, but the other agencies are under no such obligation. The links below outline the policies and fees for each:
You should also contact the Federal Trade Commission, and your local law enforcement agency. Note that the latter may be somewhat limited in the amount of assistance they might offer, but file a report nonetheless. Having on official record on file could come in handy later. You can also contact your state’s Attorney General’s Office, and ask to file a report there as well. (Click this link to find contact information for your state’s AG)
And, finally, regardless of whether this breach directly affects you or not, you should get in the habit of regularly checking your credit reports for suspicious activity. Under the Fair Credit Reporting Act, each of the three agencies is required by law to make these reports available to consumers for free once every year. You can either contact each agency directly to request, or you can visit AnnualCreditReport.com to file a simultaneous request for reports from all three. As the frequency of similar data breaches is increasing, I would suggest spreading your report requests out – say, one from a different source every four months – so that you will have a better picture of your financial security throughout the course of a year, rather than just the short time after the next major announcement.