The Equifax data breach is a big deal. Because Equifax is a credit bureau, for a hacker this would be like hitting the Mother Lode. Where better to get credit info on people than at one of the three national credit bureaus? My Dad used to say, “prepare for the worst and hope for the best.” We must assume that they got it all, Social Security numbers, dates of birth, account numbers and addresses, everything.
What we know is this, the hack occurred on July 29 but was not disclosed to the public for six long weeks! This time lapse gave the hackers plenty of time to comb through the 143 million records that were apparently stolen.
What to do? Here is are the six key items that I would encourage EVERYONE consider.
1. Assume the worst, you are one of the ‘lucky’ 143 million! You got hacked.
Yes, we are aware that Equifax setup a special website with a tool to check to see if you’d been affected. Our best sources tell us that the information from that site cannot be trusted. In our opinion don’t waste your time.
2. Immediately ‘Freeze’ your credit at all three credit bureaus.
Here’s why this is such an important action. Whether it’s a new credit card, a line of credit from a bank, a car loan or whatever the banking community almost without fail will check your credit score and credit history prior to making a loan. If you have ‘Frozen’ your credit that information cannot be accessed without the special Pin Number that is issued to you when you request the freeze. Without the information from the credit bureau the hacker will be denied whatever transaction they are trying to do.
Be aware that if you apply for anything requiring a credit check, you will need to ask the financial institution you’re dealing with what credit bureau they will access. Then you can ‘un-freeze’ that account so they can access it and check your credit. Remember to re-freeze the account once the lender has completed their check.
You must freeze your accounts with all three credit bureaus. Here are links to the three sites.
Equifax: (866) 349-5191 Experian: (888) 397-3742 Transunion: (888) 909-8872
Freeze your credit Freeze your credit Freeze your credit
Be sure you keep the pin number from each freeze in a place that you can access. You can also call the credit bureaus if you’re having trouble with their web site.
3. Equifax security pins may not be secure.
The cyber security folks at Equifax are apparently not too sharp! I froze my credit on Saturday morning. Yesterday I learned that Equifax was not randomly assigning pin numbers, rather they were generating pin numbers that reflected the date and time that the ‘freeze’ was requested. I checked my records and sure enough my pin number was a combination of the date and time I had made my request.
Since hackers know the template that generated the pin number they could potentially unlock credit files by guessing a series of possible pins.
Equifax has recognized the problem and is now randomly generating pin numbers. If you have received a pin number from Equifax you have the option to change it. We are strongly encouraging people who already have an Equifax pin number to take this action.
4. This breach opens the door to more tax related identity theft.
Tax Identity Theft has been a problem for years. We have all heard the stories about someone filing their taxes, expecting a nice refund only to find out that their taxes had already been filed and the refund had been paid to the hacker!
Expect more of this. To date the IRS has not come up with a good method of addressing this problem.
Our best advice, file sooner rather than later. In other words, get your refund before the bad guys does. Be aware that the credit freeze isn’t going to help here.
We’ll continue to monitor this situation and if we discover any reliable actions that will help in this area we will share them on our Facebook and the web pages.
5. Social Security benefits are also potentially at risk.
Whoa! Nobody saw that one coming! The media has pretty much focused on consumer credit, credit cards and bank loans and there is no doubt great risk there. But for millions of Americans their Social Security benefits could also be at risk.
Here’s what we’re talking about. Let’s suppose that you are 62 or older, have retired but have decided that you wouldn’t file for Social Security until age 70 to earn the maximum deferred credits. The hacker has all your information, SS number, date of birth, address etc. With that info, they could file for your SS benefit and request that the money be deposited in a new bank account opened in your name by the hacker. At age 70 you contact Social Security to request your benefits be started, only to find out that ‘you’ have been receiving benefits for years!
It is not clear at least at this point what needs to be done to prevent this kind of theft. Social Security does use Equifax and ‘other public-sector data’ to gain a complete picture of an applicant’s situation. So, the credit freeze might help. Keeping good records is always a good idea. Get a current Social Security statement complete with your earnings record now, and continue to check your statement at regular intervals. This will allow you to see if benefits have been claimed or if your earnings history has changed. If there is a fraudulent claim against your Social Security, catching it sooner rather than later should make it easier to correct.
We’ll continue to monitor this too and bring you updates as we learn more.
6. Pay close attention to all your other accounts.
Assume that the bad guys have ALL your data. They might try to make a withdrawal from a savings or brokerage account. With many bank accounts, you can now be notified if there is activity in the account by requesting an alert be texted to your cell phone. At least take a few minutes and regularly look over your monthly statements to make sure that nothing is amiss.
Be pro-active. Fixing the problem after the fact will be a much bigger deal than taking a few minutes now, putting some defenses in place.