Friday, September 22, 2017

Equifax Data Breach - What Should You Do?

There was a national webinar held yesterday on 09/21/2017 where over 1,300 credit union security members from across the country received information and suggestions related to the recent Equifax data breach. The webinar was frankly a sobering several hours. This data breach is far worse than any so far since it impacts 143 Million consumers. Basically anyone who has a credit report on file with Equifax is included in the data breach. What is most concerning about this data breach is that the data stolen is a treasure trove of all the most critical, personal information. Names, addresses, birth dates, social security numbers, employment information, and in some cases, driver's license information. 

With this information, a data thief could create account relationships of all types. Deposit accounts, loan accounts, rental agreements, medical insurance, and others could all be fraudulently created. 

Scary stuff for sure and a helpless feeling for many consumers. What should consumers do?

Access to the credit file must be restricted to avoid use by a criminal. Restricting that access can either be done by a credit freeze or a fraud alert. 

A credit freeze is when the consumer establishes a block on their credit report where nobody can access their file. The consumer establishes a PIN that only they know. To unlock that credit file the consumer must log into the credit bureau site and provide that PIN. There normally is a cost for a credit freeze but given the scope of this massive potential for identity theft, hopefully any costs will be waived for a period of time. It is VERY IMPORTANT for anyone using the credit freeze to secure their PIN in two separate secure locations. Consumers who lose their PIN will have a difficult time getting their credit file unlocked. A credit freeze must be placed by the consumer on each of the credit bureau agencies.

A fraud alert may be preferable since the credit file could be obtained but no action would be available/legal unless the consumer was notified by the established contact number listed in the fraud alert. The fraud alert is intended for identity theft victims. The fraud alerts typically expire ever 90 days, unless the consumer is a direct identity theft victim and then the fraud alert is good for 7 years. In my opinion, Equifax has just created 143 Million identity theft victims so hopefully the 90 day period will be extended for all new fraud alerts added because of this data breach. Another good aspect of the fraud alert is that it only requires the consumer to notify one credit bureau which then contacts the other credit bureaus to file on their reports also. 

Credit monitoring services are also recommended to alert consumers to activity involving their credit report or personal identification. Utilizing the various account alerts on deposit and credit accounts is also recommended to keep a close eye on any unusual activity that might take place. 

Consumers and financial institutions are going to be dealing with an elevated risk of identity theft concerns for many years as a result of this Equifax data breach. Consumers are encouraged to visit the various credit bureau sites below for specific information and steps to better secure your personal credit file(s). 

https://www.equifax.com/ 
https://www.transunion.com/ 
http://www.experian.com/ 
https://www.innovis.com 


For those without Internet access, Equifax has a dedicated incident response number of 1-866-447-7559 with hours of 7:00 AM to 1:00 AM, everyday including weekends.