When I read the news about the Equifax data breach, I did some back-of-the-napkin math: 143 million people affected divided by 323 million Americans (the total population according to the 2016 U.S. Census data) equals around 44% of U.S. citizens. Wow.
Next, I wondered: Was I personally affected? I checked the EquifaxSecurity2017.com website set up by Equifax to alert consumers about what to do.
I entered my last name and the last six digits of my social security number. The message that I received meant that I was potentially one of one of the 143 million people affected:
Based on the information provided, we believe that your personal information may have been impacted by this incident. Click the button below to continue your enrollment in TrustedID Premier. [TrustedID Premier is Equifax’s product that offers monitoring of the three credit bureaus (Equifax, Experian, and TransUnion), your Equifax credit report, an Equifax Credit Report Lock, Social Security Number Scanning Searches and $1MM in Identity Theft Insurance.]
But wait…was I or wasn’t I affected? The uncertainty in the phrases “we believe” and “may have been impacted” fueled my worry instead of calming it.
And so, with this news, I began investigating how to protect my credit and privacy online. I quickly realized how complicated it is. Once I aggregated the tips that I read online, I implemented them with the credit bureaus. I wrote up what I learned and shared that with my immediate family. But the more I read about the breach and how to respond, the more I wanted to share what I learned with all of my friends and family. So, here it is. Once you have had a moment to implement the following, drop me a line with your feedback. I’d love to hear about your experience.
Following are the four steps that I followed, which require between 4-6 hours. That may seem like a lot. BUT, that is far less than the time and effort required to fix your credit if (God forbid) you have your identity stolen. That would require potentially hundreds of hours.
Visit AnnualCreditReport.com to receive your free annual Credit Check Report from the three main credit services (TransUnion, Experian, and Equifax). You can pull reports from all three bureaus online via this website or, alternatively, you can fill out a PDF form, mail it in and receive the reports via mail 2-3 weeks later.
The day that I visited the website AnnualCreditReport.com, it often froze due to the high volume of visitors requesting credit reports. It ultimately suggested that I fill out a form and send it in via regular mail.
When I received mine, I discovered an employer listed that I had never worked for (or heard of), which I corrected and had removed from my report. And when I reviewed my Mom’s credit report with her, we discovered that hers had an incorrect address listed, which we removed immediately.
When reviewing the credit reports, make sure that they consistently tell the story of the credit cards or loans that you have open or closed. Hopefully you won’t find any mysterious lines of credit. As a precautionary measure, be sure to close any credit cards or loans that are inactive. And put a reminder in your calendar to get your free annual reports next year at the same time.
Place a freeze on your credit report with the credit agencies. You will need to set up accounts (with a user name and password) for the first two (TransUnion and Experian) but not for Equifax or Innovis. Note: Sign up for any new credit cards or loans before you freeze your credit.
TransUnion – costs $10 in Virginia (cost varies by state)
Sign up for the free credit freeze, not for their service called TrueIdentity.
Experian – costs $10 in Virginia (cost varies by state)
Equifax – Free
Innovis – Free
Innovis will send a confirmation letter via U.S. mail to the address that you have provided.
In the event that you want to apply for a new credit card or loan, you will need to temporarily unfreeze your credit report and then re-freeze it later.
Place a free fraud alert with only one of the 3 main credit agencies. I signed up for my fraud alert through TransUnion because I didn’t trust Equifax. You have to renew it every 90 days if you want to keep it going. And once you sign up with one agency, it will alert the others.
I found the explanation of “How to Place a Fraud Alert” on the Federal Trade Commission (FTC) website helpful.
“Ask 1 of the 3 credit reporting companies to put a fraud alert on your credit report. They must tell the other 2 companies. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days but you can renew it.”
Sign up for LifeLock or another one of the credit monitoring services. To me, it seemed odd to sign up for credit monitoring and identity theft protection with the very companies that sell my data (the 4 credit agencies), which is why I chose LifeLock, a third-party company that aligns with consumers’ interests. Some of LifeLock’s competitors include IdentityForce, Identity Guard, MyIDCare, ProtectMyID, Experian’s IdentityWorks, Equifax’s TrustedID Premier, and TransUnion’s TrueIdentity. You can read reviews of the other identity theft protection and credit monitoring services here and here. In the second of the two articles, you’ll read that LifeLock is far from perfect.
I opted not to enroll in Equifax’s free identity theft protection and credit file monitoring service TrustedID Premier, even though I was affected, simply because of a lack of trust. I’d like to hear all of your thoughts on this. Learn more about Equifax’s TrustedID Premier product on EquifaxSecurity2017.com.
NextAdvisor Blog has an insightful article about the process of signing up for the service and the outages people experienced on the website: “We Signed Up for Equifax’s TrustedID Premier and Here’s What Happened.”
In addition to the above, I also recommend the following additional precautions:
12 ADDITIONAL RECOMMENDATIONS TO CONTROL YOUR DATA AND PRIVACY
- Check your bank and credit card statements every month for any unauthorized activity.
- Close any dormant credit cards and bank accounts.
- Opt out of credit card and mortgage offers at OptOutPreScreen.com. This will remove your name and contact information from the databases of the financial service companies that you don’t currently do business with. Enter your information and then print the letter it generates, which you will then need to send in via USPS.
- Sign up for the FTC’s National Do Not Call Registry at DoNotCall.gov.
- Sign up for the Direct Mail Association’s National Do Not Mail List.
- Change your passwords so that there is at least one number, one letter and one symbol (using the shift key).
- Clear your cookies from your browser occasionally.
- When disposing of any financial records, be sure to shred documents that have your social security number and/or financial account numbers.
- Change the settings on your social media profiles so that only your friends can see your contact information and also make sure that your social profiles are not available in search results.
- Unsubscribe from email newsletters that you do not read.
- Do not click on or reply to emails from your financial institutions that look suspicious.
- Lastly, request the removal of your address and personal information from websites such as the following to make sure that your address and phone numbers no longer appears in search results: Radaris, Spokeo, WhitePages.com, PeekYou, HolaConnect, U.S. Search, and InstantCheckMate.com.
To take some of these additional steps, I worked with the law firm MG+ for reputation management. MG+ specializes in crafting legal solutions for technology and service-driven companies, operating in industries such as technology, creative, services and products. For more information, visit Masur.com.
Identity theft hit an all-time high in 2016 according to USA Today. The article states that, “An estimated 15.4 million consumers were hit with some kind of ID theft last year, according to Javelin Strategy & Research, up from 13.1 million the year before.” And now, the Equifax data breach indicates that nearly 50% of Americans has had their personally identifiable information compromised.
In conclusion, I hope you have found the above recommendations useful in protecting your credit and privacy overall. Drop me a line once you’ve had time to implement them. I’d love to hear your feedback. Best of luck to you!
Lastly, if you believe you have been the victim of identity theft, consider doing the following:
- File a complaint on the Federal Trade Commission’s website IdentityTheft.gov to report your identity theft. (The FTC maintains an identity theft database that law enforcement agencies use for investigations.)
- Close accounts that may have been tampered with or opened fraudulently.
- File a police report and get a copy to submit to your creditors who may require proof of the crime.