Equifax Hack

It has been widely reported that key identity information for nearly half of the US population has been leaked in a hack of Equifax, one of the three largest credit bureaus.  Information leaked includes names, social security numbers, birth dates and addresses. Those are primary identification information components of applying for credit, and will no doubt put all victims at elevated risk of fraud against their identity and credit history.

Protecting Identity

Standard best practices for protecting your identity apply directly to this situation.  Only the final recommendation (security freeze) would be special action to consider in light of this unfortunate leak at Equifax:

  1. Regularly check your credit records for fraudulent activity.
    1. Use annualcreditreport.com to obtain a free report from each credit bureau annually.  Schedule a calendar reminder every four months to request a report from each bureau in round-robin fashion: Equifax, Experian, and Trans Union.
  2. Use strong security precautions with any business or web site which requests your personal information, as all are vulnerable to being hacked.
    1. Use a unique password for every web site/app you use
    2. Use a password app to store your passwords centrally, so you can automatically create high security passwords that you don’t have to remember, just copy/paste them as you use them.  Apps such as 1Password and Dashlane are good choices
    3. Use made-up answers to the personal questions often used to verify your identity, then store those responses in your password app
  3. Place a fraud alert on your credit record so you are alerted when companies process request for credit against your identity.
    1. The Federal Trade Commission (FTC) web site has a useful step-by-step guide: https://www.consumer.ftc.gov/articles/0275-place-fraud-alert
    2. Fraud alerts are free to enable and they expire every 90 days
    3. Once you request a fraud alert from one bureau, they can turn this feature on for the other bureaus – request that they do so
  4. Consider applying a security freeze to your credit record, which prevents lenders from accessing your credit history without your “unfreezing” the record.
    1. Here is the FTC web page discussing security freezes:  https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
    2. Security freezes cost $5 – 10 to implement
    3. Security freezes remain in place until you specifically contact a bureau to unfreeze your account
    4. Security freezes must be done at each of the three bureaus individually

Though the top 3 actions and recommendations should be considered for use at all times, the security freeze has potential inconveniences to you the identity owner, so please consider that action carefully.

Feel free to contact Michael Senkbeil at msenkbeil@chortek.com with further questions about cybersecurity, information security and protecting your identity.

Written by Michael Senkbeil, MCSE, GCFA, CISSP, CISA | Partner
Posted in Business Advisory, Technology Consulting