facebook twitter instagram linkedin google youtube vimeo tumblr yelp rss email podcast blog external search

Ten Steps To Consider Taking After The Equifax Breach

By now you've likely heard about the massive breach of confidential information that occurred at the credit reporting agency Equifax. Millions of individuals' personal information, including social security numbers, addresses, and in some cases even drivers licenses, were exposed. While we have seen a number of security breaches in recent years, this is likely the largest and the most disturbing, given the information the credit reporting agencies have.

We know many of you are rightly concerned about this and there are some steps you can take to help protect yourself. Some of these steps will be a pain to implement, but unfortunately this is the price we pay for the convenience of living in the modern world. I should stress that I am NOT a security expert nor do I pretend to be one. I spent a lot of time digging into this topic and the potential steps you can take, but this is just my opinion and none of the steps I outline below will guard you 100% against potential identity theft. These are simply the steps I went through on my own, along with commentary on why I did or did not take each action. Hopefully this will help you as you think through the steps you should take:

  1. I did NOT enter my information on the Equifax site to find out if I was impacted. Call me a skeptic but I was not eager to enter additional information on the Equifax website just to find out if I "might" have been impacted. There were countless stories about people entering in false names/SSN information and being told they "might have been impacted." I'd rather just assume I was impacted and proceed with caution.
  2. I did NOT enroll in the TrustedID credit monitoring service that Equifax is offering everyone for free for 12 months. First, as mentioned above, I'm a little leery of trusting a company owned by Equifax right now. Second, my understanding is that credit monitoring services don't actually prevent someone from using your identity, they just alert you to potential fradulent activity. Third, after the free 12 months is up, you'll need to pay Equifax to continue using the service and you might even be auto enrolled when your term expires. So while this is a feasible, free, simple option that can be used to help protect you for the next 12 months, I chose a different route.
  3. I did NOT sign up for fraud alerts, but this is definitely one path I would recommend you taking, if you decide against the action I took in #4 below. You can put a fraud alert on your identity at all of the major credit reporting agencies just by submitting a free claim at any one of them. You can do this easily online at Experian or Transunion. This alert means that all four major credit agencies will have a note on your account to go through extra precautions to verify your identity before approving any credit applications for 90 days. They are not legally required to verify your identity however, so this is not a foolproof method. It also expires after 90 days, but you can continue to place new fraud alerts every 90 days, indefinitely, for free.
  4. I DID freeze my credit (and my wife's - don't forget your spouse, they need to be done separately). This sounds scary at first, but all it really means is that credit agencies cannot release your credit information to anyone. It has no impact on your current accounts or loans and does not impact your credit score. This will obviously cause problems if you apply for a loan or a new credit card, and it could also cause issues with other credit requests, such as signing up for utility service or applying for a new job. However, if you freeze your credit and then decide you need to gain access to your credit again, you can "thaw" the freeze for a limited time or "unfreeze" your credit permanently at any time, though it might take a few days to process. So yes, freezing your credit is the biggest hassle of the three options, but it also provides the highest level of security, it is relatively low cost, and it is easily reversible. Depending on your situation, it might make sense to take this path. It should be noted this does not prevent a thief from using your existing credit card accounts and there are fees involved in freezing and unfreezing the accounts. (Typically $5 per credit agency in MD, although only one charged me.) Here are the numbers/websites to freeze your credit at each of the 4 major credit agencies:
    1. Equifax: Call 800-349-9960 or go online
    2. Experian: Call 888-397-3742 or go online
    3. TransUnion: Call 888-909-8872 or go online
    4. Innovis: Call 800-540-2505 or go online
  5. I DID go online and check my credit card accounts to make sure there weren't any fraudulent charges. I check these accounts regularly and recommend everyone does the same.
  6. I DID change the passwords on each of my financial accounts and recommend you do the same. Be sure to use complicated passwords that are different for each site. As I've written in the past, I use a password manager for this and couldn't imagine living without one!
  7. I DO have two-factor authentication set up on all my accounts. This means anyone trying to login with my information from an unknown computer would trigger a text sent to my phone with a code they would need to enter. It's an additional form of security that is not foolproof, but is an upgrade from just a complex password.
  8. I DO check my credit report regularly to monitor for any unauthorized activity. Each of the major credit reporting agencies are required to provide you with a copy of your credit report annually and you can request your free report here.
  9. I DID opt out of receiving credit offers mailed to my house. I didn't even know this existed until now, but it appears you can opt out of all those credit card offers you get in the mail all the time. Hackers can sometimes intercept those mailings and apply for credit on your account. It says it could take a couple months to have an impact so we will see.
  10. I NEVER send confidential information that includes my social security number or financial account information by e-mail. This is why we have a portal for you to send us information and we highly recommend you use it.

Here are some of the best articles I've found on this subject:

If you have any questions about this feel free to send me an e-mail at chris@lkbenson.com or set up a time to talk to me at www.calendly.com/chrisbenson

The views expressed represent the opinions of L.K. Benson & Company and are subject to change.  These views are not intended as a forecast, a guarantee of future results, investment recommendation, or an offer to buy or sell any securities. The information provided is of a general nature and should not be construed as investment advice or to provide any investment, tax, financial or legal advice or service to any person.

Please see Additional Disclosures more information.