Equifax Data Breach: What You Should Know

By now you’ve probably seen the news regarding the data breach of Equifax (one of the three major credit bureaus), so I won’t belabor the details. Suffice it to say that since 143 million Americans are potentially affected, there’s a good chance this impacts you.

So, what should you do? There are several things you should know and steps you can take to help protect yourself.

First, what you should know:

  • What information was stolen? Equifax reports that primarily Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers were taken. In addition, in a “small” number of cases (relative to the total breach) credit card numbers were stolen as well. This affects less than 1% of the total number of people affected (but is still around 200,000 people), and those that are affected will receive notice directly from Equifax.
  • Equifax has a website where you can check if you are part of the data breach. When I checked it today, it takes your last name and the last 6 digits of your SSN, and then notifies you whether or not you “might” be impacted. If so, it will give you a date that you can return to sign up for free credit monitoring, which will be available for free if you sign up before November 21.
  • If you aren’t comfortable with Equifax’s monitoring service, you can also get monitoring for free by opening a CreditKarma.com account. CreditKarma.com makes money by advertising to you through the site, which you may or may not be comfortable with, but they do give you an ongoing view of your credit profile as well as offer some monitoring features, as well. Joshua Swartz, CFP, in our office and I use it personally, and we have enjoyed having it so far.
  • You can also get a free copy of your credit report once per year at AnnualCreditReport.com. This is the government-authorized place for this and 100% free. The downside to this is that it’s only once per year, so it will not reveal any new credit taken out in your name after you check. But, it’s better than nothing.

Second, what you should do:

  • Freeze your credit. If you haven’t already, we recommend that you freeze your credit if practically possible. We wrote in more detail about this on our blog a few years back, but the essential information is that freezing your credit locks down your credit file so that no one can open up new lines of credit in your name. For example, if a fraudster, armed with the Equifax data, tries to open a new credit card in your name, they will not be able to do so because your credit file would be closed. However, it’s important to remember that neither will you! To reopen access to your credit, you’ll need to “thaw” access by notifying the bureaus that you wish to do so temporarily. There are more details to this, so if you’re interested, Clark Howard has a complete guide on how to do it on his website.
  • Sign up for credit monitoring. Only do this if you opt not to freeze your credit. As mentioned above, CreditKarma will do some monitoring for free, but probably without all of the “extra bells and whistles” of some of the more expensive options. Lifelock and Identity Guard are other options in this space.
  • Change your passwords. It’s recommended to periodically change your passwords to financial institutions, email accounts, and other important locations online. Don’t use the same password on multiple accounts, and don’t store passwords in a file on your computer. I personally recommend using a password manager that securely keeps track of your passwords. This allows you to have super-secure 16-digit randomized passwords without having to remember them, which is obviously impossible. There are several good password managers on the market, such as Lastpass, Roboform, and several others. Make sure to enable multi-factor authentication, and set a strong master password.

For more information, check out the FTC’s post on this for more tips on protecting yourself and your data.