What we know is this, the hack occurred on July 29 but was not disclosed to the public for six long weeks! This time lapse gave the hackers plenty of time to comb through the 143 million records that were apparently stolen.
What to do? Here is are the six key items that I would encourage everyone consider.
1. Assume You Got Hacked
Yes, we are aware that Equifax set up a special website with a tool to check to see if you’d been affected. Our best sources tell us that the information from that site cannot be trusted. Don’t waste your time. (For related reading, see: Was I Hacked? Find out If the Equifax Breach Affects You.)
2. Freeze Your Credit at All Three Credit Bureaus
Here’s why this is such an important action. Whether it’s a new credit card, a line of credit from a bank, a car loan or whatever, the banking community almost without fail will check your credit score and credit history prior to making a loan. If you have frozen your credit, that information cannot be accessed without the special pin number that is issued to you when you request the freeze. Without the information from the credit bureau, the hacker will be denied whatever transaction they are trying to do.
Be aware that if you apply for anything requiring a credit check, you will need to ask the financial institution you’re dealing with what credit bureau they will access. Then you can un-freeze that account so they can access it and check your credit. Remember to re-freeze the account once the lender has completed their check.
You must freeze your accounts with all three credit bureaus. Here are links to the three sites.
Be sure you keep the pin number from each freeze in a place that you can access. You can also call the credit bureaus if you’re having trouble with their websites. (For related reading, see: How to Recover From Identity Theft.)
3. Equifax Security Pins May Not Be Secure
The cyber security folks at Equifax are apparently not too sharp! I froze my credit on Saturday morning. Yesterday I learned that Equifax was not randomly assigning pin numbers, rather they were generating pin numbers that reflected the date and time that the freeze was requested. I checked my records and sure enough my pin number was a combination of the date and time I had made my request.
Since hackers know the template that generated the pin number they could potentially unlock credit files by guessing a series of possible pins.
Equifax has recognized the problem and is now randomly generating pin numbers. If you have received a pin number from Equifax you have the option to change it. We are strongly encouraging people who already have an Equifax pin number to take this action.
4. More Tax-Related Identity Theft
Tax identity theft has been a problem for years. We have all heard the stories about someone filing their taxes, expecting a nice refund only to find out their taxes had already been filed and the refund had been paid to the hacker!
Expect more of this. To date the IRS has not come up with a good method of addressing this problem.
Our best advice, file sooner rather than later. In other words, get your refund before the bad guys does. Be aware that the credit freeze isn’t going to help here.
5. Social Security Benefits Potentially at Risk
Whoa, nobody saw that one coming! The media has pretty much focused on consumer credit, credit cards and bank loans, and there is great risk there without a doubt. But for millions of Americans their Social Security benefits could also be at risk.
Here’s what we’re talking about. Let’s suppose that you are 62 or older, have retired but have decided not to file for Social Security until age 70 to earn the maximum deferred credits. The hacker has all your information, SS number, date of birth, address etc. With that info, they could file for your Social Security benefit and request that the money be deposited in a new bank account opened in your name by the hacker. At age 70 you contact Social Security to request your benefits be started only to find out that ‘you’ have been receiving benefits for years!
It is not clear at least at this point what needs to be done to prevent this kind of theft. Social Security does use Equifax and other public sector data to gain a complete picture of an applicant’s situation. So the credit freeze might help. Keeping good records is always a good idea. Get a current Social Security statement complete with your earnings record now, and continue to check your statement at regular intervals. This will allow you to see if benefits have been claimed or if your earnings history has changed. If there is a fraudulent claim against your Social Security, catching it sooner rather than later should make it easier to correct.
6. Pay Close Attention to All Your Other Accounts
Assume that the bad guys have all your data. They might try to make a withdrawal from a savings or brokerage account. With many bank accounts, you can now be notified if there is activity in the account by requesting an alert be texted to your cell phone. At least take a few minutes and regularly look over your monthly statements to make sure nothing is amiss.
Be pro-active. Fixing the problem after the fact will be a much bigger deal than taking a few minutes now to put some defenses in place. (For related reading, see: Equifax Hack: 5 Biggest Credit Card Data Breaches.)