If you are one of the 143 million Americans, like myself, who’s data was likely leaked as a part of the recent Equifax Data Breach, then you’re probably asking yourself: What do I do now?
What happened with the Equifax Data Breach?
On July 29, Equifax discovered a breach that it later said allowed criminals to exploit a U.S. website application vulnerability to gain access to files. The company announced that information on September 7, and despite the fact that they received criticism for the delay, it’s actually not uncommon for an assessment of a breach to take time. However, Equifax has made some significant mistakes.
Executives Selling Equifax Shares
Three of their executives sold their shares totaling nearly $2 million just days after the breach was discovered. Equifax claimed that the executives “had no knowledge that an intrusion had occurred at the time.” So either they sold their shares because they knew the impact it would have on their company’s value, or they would not normally be informed of the largest breach in their company’s history (and possibly, history) occurred. It looks bad in every light.
Equifax Security Website
On August 22, Equifax purchased a domain, which is real, called equifaxsecurity2017.com. Yes, that’s the site. This multibillion-dollar company installed a WordPress site and used a free SSL certificate, but that’s a whole other unbelievable story.
Anyway, they said the usual, “Sorry, we regret this happened,” offered FAQs and directed consumers to check if they were impacted on the site. Good luck getting through to customer service – even if you got a human, you got no answers or were directed to the site.
When you go to the impact link, the site forwards to Equifax’s TrustedID Premier service domain. TrustedID is an existing service, but the domain adding “premier” was registered on August 29. It asks you to enter your last name and the last six digits of your social security number to check if you were impacted. Funny, right? They just lost your data and are asking you to enter more personal information into their system.
There was one problem with the impact status check – it did not work. You would get varying messages whether input was real or fake, and it was unclear if you were impacted. They offered to enroll you into their TrustedID program for free, for a year. However, the terms of that program waived your right to a class action lawsuit. On top of all of that, if you did get the TrustedID option, it told you that you must return to sign up on a specific date – days later.
After receiving criticism, the company claimed you could determine your status immediately, would not waive your rights for the security incident (yay!) and that they expanded their call center. However, their “fixed” status site is not fixed – it does not seem it’s actually cross referencing data of those impacted, and you get the option to visit TrustedID. Maybe I’m wrong, but either their site simply does not work to query 143 million names or Equifax does not actually know the number of people impacted. Perhaps we will find out eventually.
When you click enroll on the reponse, it gives you a date to come back to the website. Even more frustrating is that if you go to the main TrustedID website, they’ve removed the sign up option, but there’s another way.
You can get TrustedID right now and lock your credit, and there are other ways to protect your credit, too.
You can get TrustedID right now and lock your credit, and there are other ways to protect your credit, too. If you choose to utilize it, here’s the TrustedID registration form. It includes credit monitoring and alerts, social security number monitoring, and ID theft insurance. You can also lock your credit report with Equifax which is something I have chosen to do. And, you may want to do more.
What you can do now in light of the Equifax Data Breach
Just because your data was leaked, does not mean your data will be used. So you do not have to do anything, but it is important that you remain vigilant and watch. You can pay for credit monitoring if you want; however, I am choosing not to and you may actually have free services available through your bank. Here’s what you can do now:
- You can choose to use Equifax’s offer of a free year of TrustedID via this registration form. This is currently the only way to access it; otherwise, you will have to wait for Equifax to allow you to register in several days. I assume they are spreading the days out they give to consumers to avoid too much traffic to the site at once.
- You can check with your bank or credit card for free credit monitoring, credit reports or credit score checks to keep an eye on your credit. There are also free services online, but do your research first. UPDATE: TransUnion is now offering free credit monitoring with a credit freeze option via TrueIdentity. You can now use Experian’s identity theft protection service for 30 days for free which includes a lock option.
- You should review your bank and credit cards accounts at least monthly to check for questionable transactions.
- You should have unique passwords and two-factor authentication on all of your financial accounts, and every account you possibly can for online security.
- You can check your credit report for free once per year from each of the credit bureaus at AnnualCreditReport.com. Although each credit bureau sometimes has different information, you can pull them at different times to spread out your free review. You can also use this site to check the credit of minors over the age of 14 – because, in most cases, they should not have one yet.
- You can request a credit freeze which restricts anyone from accessing your credit report, and thus opening a new account in your name. Credit monitoring services do provide this option and the FTC has a lot of information on how to complete a credit freeze. Here’s the credit freeze link for TransUnion Credit Freeze Online or you can use their free TrueIdentity service, Experian Credit Freeze, Innovis Credit Freeze (a lesser known bureau) and Equifax via TrustedID Premier or via their Equifax Security Freeze page.
Even if you follow all of these steps, you may still experience fraudulent charges on your existing accounts because there are several ways thieves access accounts in the digital age such as skimming. Here’s some advice on how to avoid skimmers at the pumps. Thieves also access information through unencrypted credit card transactions. Here’s an article I wrote about why chip card transactions are worth the wait.
Unauthorized Credit Card Charges and Accounts I Did Not Open
At some point, if you have not already, you will find yourself in a situation where you’ll have to remedy new accounts that you did not open or charges to your accounts. In the case of credit card fraud or bank account fraud relating to lost or stolen credit cards, ATM cards, or debit card transactions, the FTC provides a step-by-step guide to help you. If you have new accounts opened in your name that you did not authorize, it may be a case of identity theft and IdentityTheft.gov provides you a complete plan of action.
I know it’s a headache, but it’s also in your best interest to keep detailed records. I recently had to dispute a transaction that required several emails and phone calls – I used the Trello app and it was very helpful for me to keep it organize the process to report back on every action I had taken. I am happy to report that my funds were returned.
No matter if you are a part of the Equifax Data Breach, or not, you should keep records and be vigilant about transactions and changes to your credit.
What’s your experience with the Equifax Data Breach response? Share it with me in the comments below or on Twitter via @nerdsquawk.