How should you respond to the Equifax hack?
Despite the many efforts to ensure information is secure, there always is the risk it may be compromised. We saw that recently when Equifax, one of three major credit-reporting companies, reported its systems had been hacked, exposing personal information of 143 million people.
Hackers accessed names, Social Security numbers, birthdates, addresses, driver’s license numbers, credit card numbers and certain dispute documents with personal information. They left Equifax with a mess to clean up — and consumers and businesses with massive headaches.
To help users and businesses take the appropriate steps to protect their information, Equifax set up a website — equifaxsecurity2017.com — you can visit to determine whether your information was compromised. To do so, you must insert your last name and the last six digits of your Social Security number. Be sure to write down the date you receive as you cannot backtrack and access it once leaving that initial screen.
If your data was compromised, you have the option to enroll in Equifax’s TrustedID Premier service by Nov. 21. Those impacted by the hack will receive one-year credit protection service free from TrustedID Premier that provides:
- A copy of your Equifax credit report
- Credit file monitoring at the three major credit reporting agencies, which alerts you to changes in that data
- The ability to “lock” and “unlock” your file with Equifax
- Identity theft insurance of $1 million
- Internet monitoring of sites where your Social Security number appears
Many people criticized Equifax because the terms of its website and the TrustedID Premier product included a mandatory arbitration provision and class action waiver. Responding to this criticism, Equifax removed the arbitration provision and class action waiver from the Trusted ID Premier terms and conditions and stated that it would not enforce any arbitration clause or class action waiver against consumers who signed up for TrustedID or to claims related to the data breach itself.
You also should consider additional steps to protect your identity, including:
Obtaining and reviewing your credit report three times a year. You may receive a free copy of your credit report annually from each of the three national credit-reporting agencies. Once received, you should review carefully to make sure the information is accurate, including inquiries from companies, accounts opened and debts on accounts. If anything appears incorrect, follow up with the credit reporting company, which will investigate and report findings back to you.
Consider placing a security freeze – or “CreditLock” — on your credit report with each of the three national credit-reporting agencies. A security freeze means that no one will have access to your credit report without checking with you first. This is the best way for users to protect your information but will add extra steps when trying to obtain credit. TrustedID Premier service is offering CreditLock security freeze for free as part of its offer. However, users will have to communicate individually with the other two national credit agencies to get the protection with them. More information on the freeze programs at TransUnion and Experian can be found on their websites.
Placing a fraud alert on your credit report. This means that any creditor who receives a copy of the credit report will need to verify the identity of the person applying for credit. There is an initial fraud alert that will last 90 days and can be renewed. There also is an extended fraud alert that will last seven years for users who have experienced identity theft.
Monitoring bank account and credit card statements closely. If unauthorized transactions appear, report it immediately to the bank or credit card lender.
The protection that Equifax is offering is not total protection. You will need to be vigilant and work with each of the three credit reporting agencies to ensure your data is as secure as possible.
Rodney D. Martin is a partner at the law firm Warner Norcross & Judd LLP where he counsels financial institutions on banking and consumer compliance issues, with a focus on cybersecurity and privacy. He can be reached at firstname.lastname@example.org.