The Equifax Breach and how to protect yourself
September 15, 2017
At a time when everyone’s struggling to remember their 300 passwords, the news from Equifax about the breach of 143 million personal records doesn’t do much to quiet anyone’s nerves. However, the following should provide some perspective on the Equifax incident, what you can do about it and, better yet, some information on how you may best protect yourself from identity theft.
So, how bad is this ‘Equifax thing’ and what data was stolen?
Anytime personal data is hacked, it’s a serious issue. Equifax is one of three major credit bureaus used by just about every financial institution to get credit report information as part of the lending process and the breach was not at the local level. Yes, it was big, serious and, if you listen to the news media, it may sound like the ‘end of days’ and that anyone can begin using your current credit card to begin racking up charges. Again, while serious, it is important to understand what data was breached and how it may be used.
The key data items stolen included:
- Social Security numbers
- And, in some cases, driver’s license numbers
The above represent personal information – different from account information. While it’s important not to downplay the severity of this data breach, it’s also important to know a limited amount of current account information data was stolen. Recent information disclosed by Equifax indicates of the 143 million data records breached, the vast majority was the type of personal information noted above, not actual account information.
So what effect does this type of data breach that have on me?
Again, while any data breach is serious, the amount and type of data stolen indicates the best actions you should take to protect yourself. In this case, it’s what the thieves can do going forward with your personal data that represents the greatest threat: they may be able to open accounts in your name. In other words, ID theft.
What can I do to protect myself?
1 - Believe it or not – lucky you if you have a Greater Iowa Credit Union MasterCard®.
Your GICU MasterCard comes with a very handy, FREE feature called MasterCard ID Theft Protection™. MasterCard is the ONLY payment brand that provides U.S. cardholders with services - at no extra cost - to help detect and resolve identity theft. With MasterCard ID Theft Protection, you can register all of your accounts – from checking to your credit cards – to watch for traditional and ‘dark web’ suspicious activity. What you’ll receive with this free service:
- A one-time report that highlights any detection of your information on the dark web in the past 7 years.
- Immediate alerts on any new activity detected for your information on the dark web while monitoring your personal information.
- Each month, you'll receive an email that summarizes your ID Theft Alerts™ activity.
With no annual fee, a GICU MasterCard® with MasterCard ID Theft Protection™ puts an extra sense of security in your pocket at no cost to you. Click here to get started with MasterCard ID Theft Protection.
There are a host of other credit monitoring services available – just Google ‘credit monitoring services’ and you’ll find a ton of them. But most cost. Equifax is offering a free service but only for a limited time. What a monitoring service will do is let you know if there’s suspicious activity which is good if you’re concerned about monitoring your current accounts.
2 - Check to see if your information was part of the Equifax data breach.
Equifax has created a dedicated website where you can go to see if your information has been compromised. However, you must first enroll at the site and, initially, this may have meant waiving your right to take part in any class action lawsuit against Equifax. They have since modified this statement.
3 - Get a free copy of your credit report.
You can also monitor your credit report by yourself. While this sounds like a lot of work, it’s really not much more effort than it would take to visit your Facebook page. You're entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Order online from annualcreditreport.com, the only authorized website for free credit reports, or call 1-877-322-8228. You will need to provide your name, address, social security number, and date of birth to verify your identity.
The challenge of just monitoring your credit report.
Credit reporting is good and monitoring your credit is something you should do on a continual basis by reviewing your credit card and financial statements as well. But if you get an alert that there’s a new credit application in your file that you didn’t initiate, it could signal fraud. Monitoring is reactive and some people may opt for an extra step such as ID theft protection or insurance.
4 - Enroll in ID Theft Protection/Insurance.
If you visit the Equifax site, you’ll have the option of enrolling in Equifax TrustedID Premier credit file monitoring and protection service – which insures you for any loss – but this service is being offered free of charge for the first year only in light of the data breach incident Equifax has suffered.
Another option is to enroll in LifeLock™ credit protection services which, like TrustedID Premier, monitors and protects with insurance against fraud. Currently, LifeLock™ is offering a 10% discount and 30-day trial to new enrollees.
5 - Put an alert on your credit report.
You can request a 90 day fraud alert be placed on your credit file where you’ll be notified of any activity such as a new credit inquiry. This is a free service and by accessing it here, Equifax will notify TransUnion and Experian, the other two bureaus, as well. You will be required to reactivate the alert before the end of the initial 90-day period.
6 - Don’t go on a ‘phishing trip’.
‘Phishing’ is the practice used by fraudsters to get you to reveal personal information via communications by email, phone, mail and the web. Many times, these communications will look like they come from reputable companies. Given Equifax’s recent data breach, the chance exists that phishers will attempt to gather this information to ‘fill in the data blanks’ they don’t have yet. They may even use the personal data they do have so you’ll further believe you are in contact with a real person or organization.
Some ways to protect yourself from phishing attempts include:
- Don’t respond to mail or emails asking you to call or reveal any of your personal or account data – this includes phone calls you receive. As a rule, GICU will never call you to request or confirm your personal information.
- If you receive online messages or emails with links, always check the link before clicking. Hover your mouse cursor over it to preview the URL, and look carefully for misspelling or other irregularities. These folks aren’t always the best ‘spellers.’
- Enter your username and password only over a secure connection. Look for the “https” prefix before the site URL, indicating the site it secure. If there is no “s,” beware.
- Even if a message or a letter came from one of your best friends, remember that they could also have been fooled or hacked. That’s why you should remain cautious in any situation. Even if a message seems friendly, treat links and attachments with suspicion.
- Sometimes e-mails and websites look just like real ones. It depends on how well the criminals did their homework. But the hyperlinks, most likely, will be incorrect with spelling mistakes, or they can redirect you to a different place. It’s better not to follow links from e-mails at all. Instead you can open a new tab or window and enter the URL of your bank or other destination manually.
- Avoid logging in to online banks and similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a mobile connection or wait to get to a secure network than to lose all of the money on your credit card or in your bank account. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and thereby redirect you to a fake page.
- Do not open unexpected files sent to you. They may be malicious ransomware or even spyware, just like attachments from official-looking e-mails.
- If you currently are not using any security or spyware software on your computer, consider getting some. It’s a small cost to pay compared to the bigger price you could pay.
Don’t hesitate to reach-out to us if you have a question or see something suspicious.
As your trusted financial services provider, GICU is here to help answer any questions you may have and help protect you from those who have malicious intent. The world of ID theft and fraud is real and threatening – but not so much so if you’re prepared. We take your security very seriously and please know we’re here to help!