AwardWallet receives compensation from advertising partners for links on the blog. The opinions expressed here are our own and have not been reviewed, provided, or approved by any bank advertiser. Here's our complete list of Advertisers.
As more of our personal and financial information is stored and exchanged online, data hacks have become a relatively common phenomenon. In the last two years, we’ve seen data breaches reported at prominent commercial and financial institutions in the world like Dun & Bradstreet, IHG, Kmart, Verizon, Deloitte, and the latest big one to hit the news, Equifax.
Equifax, one of three major U.S. credit reporting agencies, was hacked between May and July this year. The breach potentially exposed credit card details, Social Security numbers, and other personal information of up to 143 million people, along with the drivers license details of roughly 200K of those affected. Putting aside Equifax’s weak response to the breach, the Equifax hack has drawn a ton of press due to the scale of the breach (which may affect almost half of the U.S. population), and due to the nature of information stolen; sensitive personal and financial details.
What are the Potential Impacts for those affected?
The breach is one of the largest in U.S. history and potentially leaves those affected vulnerable to identity theft and fraud. If your data was amongst the treasure trove stolen by the hackers, they have enough details for identity thieves to impersonate you and could potentially:
- Open credit cards in your name
- Apply for loans or fake bank accounts
- Rent an apartment or business premises
- Lease a vehicle
- Receive medical care
- Put utilities into your name
- Apply for government benefits
And that is not the worst of it. That data will most likely end up on one of the many databases found deep online in the shady corners of the internet like the darknet, available to future thieves for a price.
What Can You Do to Safeguard Your Financials?
If you Google ‘protect yourself Equifax breach,’ you’ll turn up all sorts of advice ranging from credit freezes and fraud alerts to trying to negotiate a new social security number out of the government. But here’s the thing. You can freeze your credit files with each agency and put fraud alerts on all your cards and accounts, but if your data was stolen, then your details are out there, and most likely on sale for the highest bidder. Your identity can still be stolen even if you freeze your credit reports. The hackers aren’t required to use your details in the first month or the first three months. They could sit on that data for the next year (or longer) before they do anything with it.
So. What can you do to protect yourself from the Equifax breach? It turns out, quite a lot.
Assume Your Data Was Stolen
Equifax has set up a website to determine if your account was affected by the breach. Enter your credentials including the last 6 digits of your SSN, and you’ll find out if your details were stolen.
Or you won’t … Equifax’s record on this breach is deplorable. From the initial announcement made 6 weeks after the breach was discovered, to the second announcement on October 2 letting people know that even if the website said no the first time, it may say yes if you come back and repeat the process now. If you have a Social Security number, assume your data was taken and plan accordingly.
Additionally, check out the site ;–have i been pwned?. It allows you to check if you have an account that has been compromised in a data breach. You can also sign up for alerts — and it is totally free.
Monitor Your Credit Scores and Credit Reports
There are plenty of free services to monitor your credit score and credit report.
CreditKarma.com provides data from Equifax and TransUnion, while FreeCreditScore.com provides data from Experian. If that’s not enough for you to digest, you can receive an additional full copy of your credit reports from Equifax, Experian, and Transunion through AnnualCreditReport.com at least once a year.
Also, don't forget, your credit card issuer likely provides you a credit score and some alerting on a monthly basis. However, don't solely rely on this; you also need your credit reporting data! Bonus: If you've got a Discover Card, they'll do monitoring/alerting for your SSN on known risky websites and the dark web.
Perform a Background Check on Yourself With LexisNexis
While the majority of identity theft or impersonation in the U.S. involves credit cards, with the information, Equifax let slip through its fingers identity thieves could be giving your name and details to rental companies or collections agencies, banks, or government departments.
If you want to get a complete picture of where you stand, order a Full File Disclosure Report from LexisNexis.com. The report performs a comprehensive background check and will let you know every detail on file from banks and government databases to auto-insurance and traffic violations. It’s a thorough background check you can access for free, comprehensive enough that the one we received here at AwardWallet following the breach measured 124 pages of details. We couldn't find any info restricting how often you can apply for the report, so we're assuming you can do so more than once per year.
Also, when you get your report, keep it safe. If you haven't been a victim of identity theft and someone nefarious gets ahold of the report, you might not like the outcome.
Some things you'll see in your LexiNexis Report (all taken from LexisNexis):
- C.L.U.E.® Auto Claims Report – The C.L.U.E.® Auto report provides a seven-year history of automobile insurance losses associated with an individual. The following data will be identified for each loss: date of loss, loss type, and amount paid along with general information such as policy number, claim number and insurance company name.
- C.L.U.E.® Property Claims Report – The C.L.U.E.® Personal Property report provides a seven-year history of losses associated with an individual and his/her personal property. The following data will be identified for each loss: date of loss, loss type, and amount paid along with general information such as policy number, claim number and insurance company name.
- Current Carrier® Reports – Summarizes historical home and auto coverage information provided by participating insurance companies. Used to assess current insurance coverage as well as identify gaps in prior underwriting. (More Details)
- InsurView™ – Provides attributes using public data. Used for insurance underwriting and insurance prescreen. (More Details)
- Traffic Violation Search – Provides search results from public records. used to assess applications and renewals of insurance underwriting.
- Banko® Report – Provides search results from national court records regarding bankruptcies, tax liens, judgments. Used to monitor developments that could affect a current account relationship. (More Details)
- Benefits Assessment Report – Provides search results from public records, including property and personal information. Used my public assistance agencies to evaluate applications for government benefits.
- Collections Decisioning Report – Provides search results from public records. used to determine a consumer's ability to pay an outstanding debt. (More Details)
- Life Public Records Disclosure Report® – Provides search results from public records. Used for underwriting life insurance.
- RiskView Report – Provides search results from public records. Used by lenders to evaluate an applicant's ability and willingness to repay a debt.
Add a Second Layer of Security to Your Accounts
Using a password manager such as LastPass, and activating two-factor authentication on every account is now the new normal if you want your data protected. Most websites and apps holding sensitive data now offer some form of two-factor authentication, and using a password manager allows you to store hundreds of complex passwords, so even if one company is hacked, your passwords are all different, and the incident is isolated.
Also keep in mind that the data that such password managers store will use one-way encryption so even if that data was stolen, it'd be impractical for a thief to try to do anything with it given how difficult it'd be to access the data.
Two-factor authentication should be an absolute must for your primary email program — if someone has access to your email, think about the damage they could otherwise do with password resets!
The best defense against data theft from Equifax, or any of the dozens of companies hacked each year, is to proactively monitor your credit scores and financial info as part of a routine set of checks. Just like you monitor credit card accounts to ensure you don’t carry a balance (rule #1 of the award travelers code), you need to keep an eye on your financial and credit information on a weekly/monthly basis. And you should be monitoring your data whether it was taken during the Equifax debacle or not.
Some of our advice may run counter to information provided by mainstream media, but it’s the same advice we promote for those that haven’t been subject to identity fraud or stolen data. Our personal and financial information is increasingly held online, and not every company takes data security seriously. Even if you freeze your accounts, signup to the Equifax free credit monitoring service (need to register by January 31, 2018), and put fraud alerts on all your accounts, you’re still at risk of identity theft now and into the future.
As the adage goes, “the best defense is a good offense,” which in credit terms means the best defense against identity theft is; to proactively monitor your credit file and financial information. Take it into your own hands. Because if the hacks such as the Equifax breach teach us anything, it’s that our information is not always in our control. Our only viable play is taking steps to protect our credit scores by monitoring our files, and keeping good records in the event something runs afoul.
Been caught up in the Equifax saga? Let us know your experience in the comments and the steps you’ve taken to protect your financials.
The comments on this page are not provided, reviewed, or otherwise approved by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.