It’s been over two weeks since news broke about the computer security hack at Equifax, a credit-reporting firm. The company announced on September 7 that hackers gained access to servers storing sensitive information on over 143 million consumers. The data breach included names, addresses, Social Security numbers, driver’s license numbers and more—everything an identity thief would need to ply their nefarious trade.
Equifax, for its part, has not managed the situation well. First, the public announcement came more than one month after the hack was discovered. Second, the company fumbled their initial response, charging consumers to freeze their credit reports and including “no lawsuit” arbitration clauses in their Terms of Service agreements. (Both have been reversed by Equifax.)
Still, problems for the company and consumers linger. On September 19, Equifax confirmed earlier security breaches than previously reported. And while consumers are notably worried—66% said they are very or somewhat concerned about the Equifax data hack—only around 20% have done anything to find out if their personal information was compromised.
The low response rate from consumers is worrying in itself. It is becoming more imperative for individuals to take precautions and preventative steps to help safeguard their personal and financial data. The Equifax debacle presents a good case in point.
Who is Equifax?
The company is one of the three major credit monitoring and reporting agencies, along with TransUnion and Experian. While these firms all provide services to consumers including access to credit reports, their most important customers are the banks, lenders and other businesses who pay Equifax and the other agencies for information on the credit-worthiness of potential borrowers and other customers.
Does Equifax have data about you? Most likely yes if you have a credit card or any type of bank loan such as a mortgage or an auto loan. As a consumer, you can’t really opt-in or opt-out of these services—your personal data is automatically collected and stored whenever you borrow money from a bank or maintain credit with a lender.
And credit reporting has become more visible and more integral in the lives of everyday Americans. Many people now keep tabs on their credit score and concern themselves with managing and improving it. Plus, banks and other lenders aren’t the only ones using credit reports—cell phone providers also use them to check the credit-worthiness of new customers, and many employers do as well when hiring new workers.
Your identity may be at risk
The biggest danger you may face as a result of the Equifax hack is from someone using your personal information to steal your identity and apply for credit in your name.
For example, a criminal may try to open a credit card with your hacked data. This activity may show up on your credit report when the credit card provider runs a credit check on the illicit application. This is why credit-monitoring is vital in response to the Equifax hack.
How to respond to the Equifax hack
The company created a web site (www.equifaxsecurity2017.com) where consumers can quickly check to see if their personal data was exposed as part of the security breach. With the scope of the breach affecting nearly half of the U.S. population, it’s likely your information was included.
Equifax is also currently offering free enrollment in their credit and identity theft monitoring service, called TrustedID. Do both of these at the very minimum—the credit monitoring covers all three major credit-reporting agencies, so it should pick up any unauthorized credit applications using your hacked personal data.
You should also look into freezing your credit report through Equifax or the other credit-reporting agencies. By freezing your credit report, you prevent anyone from accessing your credit information unless you authorize it. This can help block criminals from using your identity to get credit, but you would have to unfreeze your report at least temporarily whenever a company wants to run a credit check on you—and as discussed above, this could be more than just credit or loan applications.
Best practices to protect your data
Sadly, hacking sensitive computer systems and stealing personal information is becoming a fact of life in our modern and inter-connected world. We can’t always keep our personal and financial data private or prevent it from being collected on the internet or stored on web servers.
That means we all must become more vigilant when it comes safeguarding our sensitive data and personal information. Security may improve, but criminals will get smarter too and find ways around any firewall.
Here are some suggestions to follow to help protect your data when you’re online:
- Make strong passwords—a minimum of 8 characters with upper- and lower-case letters and special characters (e.g., #, $, %, &)—and change them at least every 90 days.
- Never send personal information over the internet unless you are connected to a secure password-protected network (e.g., your home wi-fi) and using an encrypted site (which you can recognize from the “https” at the beginning of the web address.)
- Get the most current anti-virus and malware software and keep it up to date.
- Set up your computers to time-out or disconnect from any networks when you’re not after a specified period of inactivity (e.g., one hour).
- On routers used for business, block internet addresses from Russia, China and the Middle East (unless you have clients in these countries); many computer viruses and malware attacks originate from these areas.
There’s also more you can do when you’re offline to safeguard your personal information, including:
- Shred documents that contain account numbers, addresses, Social Security numbers, etc. whether you’re at home or at work.
- Sign-up for a credit-monitoring service—the complementary services from Equifax would be adequate, but you can also look at the other credit bureaus too.
- Alert your banks and credit card lenders if your data was exposed in the Equifax breach.
- Use Apple Pay or Paypal for online purchases when available—both provide an extra layer of protection when shopping on e-commerce sites.