The chaos surrounding the data breach at Equifax has left people panicked and in search of answers. Most articles I’ve read focus on the same superficial steps that aren’t holistic and still leave you with vulnerabilities.
So, I thought I’d talk to an expert to discuss how people should be dealing with the Equifax breach. Liz Loewy is the co-founder of EverSafe, a technology service that monitors financial accounts and credit report data for erratic activity, fraud, and identity theft. She’s also a former prosecutor with the Manhattan District Attorney’s Elder Abuse Unit.
Matt Carey: Equifax’s recent announcement regarding a massive breach of consumers’ personal and financial information has many consumers panicked. The fact that as many as 143 million customers may have had their personal data compromised is mind boggling. It feels like these breaches are happening more often. Do you see a trend?
Liz Loewy: Agreed. The fact that millions of consumers’ personal information including birth date, Social Security number, driver’s license, address and/or credit or debit card information may have fallen prey to hackers demonstrates the enormity of the problem. Surprisingly, even though this is the largest known hack this year, there have been over 1,000 additional breaches thus far in 2017, according to the Identity Theft Resource Center — an increase of 23 percent over 2016.
Carey: We’ve been hearing a lot about the option of freezing your credit – as a response to the breach. Is this something that should be considered by those who may have been victimized?
Loewy: Upon learning of the breach, many consumers immediately contacted one or more of the credit bureaus in an attempt to “freeze” their credit. And if they’re not planning on using their credit again — to apply for a credit card, home mortgage, home equity line of credit, car loan or any other type of loan, this is a reasonable precaution. In seeking a credit freeze, the consumer should contact each of the three credit bureaus individually. There may be a fee to file the credit freeze, which varies by state, although Equifax has announced that they will waive their fee until November 21, 2017.
Other consumers have taken the step of filing what’s called a fraud alert with the credit bureaus. This is a less restrictive option. It shows up on their credit report, and businesses issuing credit are required to obtain proof of identity any time the alert is encountered. It lasts for 90 days, must be renewed to remain active, and is free of charge. Any credit bureau that is notified about the alert is required to contact the other two agencies regarding its existence.
I think freezes and alerts may give consumers a false sense of security. Keep in mind that Equifax discovered the hack in late July, and the problem is said to have started in mid-May. Consumers were not informed about the issue until September — weeks after the magnitude of the hack was discovered. If a consumer’s data was exposed in May and remained accessible to hackers until the breach was discovered in late July, it’s possible that there may already be damage that won’t be resolved by a credit freeze or a credit alert.
Carey: So what can consumers do to address the fact that a huge percentage have had their personal information exposed to criminals? Any other ways to protect themselves?
Loewy: Initiating a credit freeze or credit alert will not notify a consumer if there is previous evidence of suspicious activity in their credit report. The three major U.S. credit reporting agencies, Equifax, Experian and TransUnion, must provide a free copy of your credit report once a year. Consumers can obtain and review this report to determine whether there are any credit-based accounts that have been opened in their name. They can request their free credit report at www.annualcreditreport.com.
Carey: Is monitoring the credit report sufficient to protect consumers?
Loewy: I don’t think so. Since fraudulent activity occurring in your existing financial accounts (e.g. bank, investment, credit cards) may never be picked up in your credit reports, it’s critical to monitor all of this data as well — on an ongoing basis. Credit monitoring services do not typically inform consumers about the opening of unauthorized deposit accounts that do not involve a loan or credit line (e.g. auto loan, credit card, mortgage, home equity line of credit), nor do they analyze data across accounts and institutions. You can attempt to monitor on your own when financial and credit card account statements arrive at various times during the month. Ideally, you should review all transactions daily, utilizing technology to see what the human eye may miss. My company, EverSafe, is one service that monitors financial accounts, credit cards and credit report data. One important point: if a consumer plans to enroll in a fraud and identity monitoring service and also wishes to file a credit freeze, it’s important to file the credit freeze after enrolling in the monitoring service, or the service may be blocked by the bureau from enrolling the customer.
Carey: A breach of this magnitude should be a wake-up call for consumers that fraud-monitoring is an absolute necessity. What are other steps they can take to protect themselves?
Loewy: It’s a good idea to use a service that alerts for the appearance of your personal information on illicit web sites and other data sources, such as the National Change of Address database and court records. Experian offers a free service that will search to see if your email address is on the dark web. In addition to illicit databases which may be selling your personal information, there are companies that are “legitimate” (but aggressive), that sell your information for marketing purposes. Consumers should consider opting out of those marketing offers, such as one with Axciom. There are also services that will stop automated robocalls from telemarketers, including one called Nomorobo.
Carey: Sounds like consumers would have been in a better position now if they had done some advance planning before the breach.