Surviving The Equifax Security Breach

How to Protect Yourself After 143 Million Accounts Were Hacked

What Happened:

On September 7th, Equifax — one of the three large credit monitoring agencies — reported that it had suffered a massive data breach by hackers. Worse, they reported that the hack had occurred five weeks previously, on July 29th. That data breach exposed credit information, social security numbers and other information on more than 143 million Americans and some foreigners. Why did Equifax wait five weeks before telling anyone about this massive hack? Your guess is as good a mine. A data breach that severe, followed by a five-week delay in letting consumers know that it had occurred isn’t OK with me, and it shouldn’t be for you.

To put this kind of hack in scope, I’d compare it to Hurricane Irma: it’s catastrophic, massive in scope and something from which it will take some of us many years to recover. I say “some of us”, because hopefully, by reading this primer, you’ll be one step ahead of the crowd. The Equifax breach exposed hundreds of millions of social security numbers. We cannot allow hackers with malicious intent to have access to our Social Security Numbers without increased security measures.

Experts, myself included, recommend implementing two tools to help protect and — in some cases — lock down your financial information:

  1. Sign up for free credit monitoring at websites like Credit Karma
  2. Freeze your credit reports at all four major credit agencies.

Let’s take a closer look at each of these tools.

Credit Monitoring

Credit monitoring is a system that allows you — as the name implies — monitor your credit accounts. This kind of information should provide you an alert if something unusual occurs to your credit. Think of it as an early-warning system.

There are several companies that offer credit reporting services to consumers. The most well-known is offered by The U.S. Government. By law, all American consumers are entitled to an annual free credit report. However, I find the AnnualCreditReport.com website to be a MassivePainInTheAss.org. Instead, I’d recommend Credit Karma: It’s 100% free and far easier to use than the alternatives. Credit Karma also provides full-time access to credit scores, compared to just once a year from the competition. Once you’ve signed-up, you get access to your current credit scores and any activity your credit accounts, including loans, credit cards, and any suspicious activity. Here’s an example of how Credit Karma’s web page alerts you to activity on your accounts. Note the bottom of the image: there, Credit Karma is alerting you that new information has been added to a recent credit report:

Image for post
Image for post
Credit Karma letting you know to check your TransUnion report

As I mentioned before, we should think of credit monitoring as an early-warning system. And although early-warning systems are useful, it’s far better to prevent serious problems from happening in the first place.

While credit monitoring allows us see suspicious activity on our credit accounts, it can’t prevent malicious hackers from running our credit reports and then using info from those reports to steal our identities.

To help prevent intrusions like that, we’ll need a far more powerful tool: credit freezing.

Credit Freezing

Securing our credit information is also known as implementing a “security freeze”. Taking such action doesn’t impact us from using our own credit cards or financial accounts: it simply prevents anyone else (in most cases) from accessing our credit information without our express permission. For example, when we apply for car loans, mortgages or rentals, our potential lenders and landlords usually run credit checks. However, once we’ve provided our Social Security Number and legal name, anyone with that information and the right level of access can access our credit information, if our accounts are not “frozen”.

Freezing our credit accounts, however, helps prevent identity theft. If our credit files are frozen, even someone who has our name and Social Security number probably can’t obtain credit in our name. While hackers and those with unique access might still be able to cause us harm, freezing our credit help prevent many kinds of identity theft.

Every credit agency allows consumers to enable a credit freeze by phone, snail mail and, now: by online forms, for near instant activation. Regardless of which option you choose, be prepared to provide proof of who you are, where you live and a method to pay for any setup fees.

Setting up a freeze costs $0 to $10 per agency; temporarily lifts on those freezes can also incur fees. Costs and legislation vary by state and agency. Below is a list of the four major credit agencies with the costs I personally spent to enable a credit freeze; your costs may differ slightly depending on your state. Click each company name on the list to begin the credit freeze process:

When applying for a credit freeze online make certain to look for and save any personal identification numbers (or PINs) as you’ll need those later. Hot Top: store your PINs in a secure password manager like LastPass, something I’ve cover in depth in part four of my security series. Also look for a confirmation that your accounts are officially frozen. Here are two examples of what these moments look like on Equifax and TransUnion:

Image for post
Image for post
Image for post
Image for post

When applying for a credit freeze in writing (#MadRespect), know the law: a freeze is supposed to take effect within five business days of your letter being received. I’d recommend sending everything to any credit agency via certified mail and with proof of a signature.

Congratulations: now your accounts are frozen.

Once a credit freeze is enabled, any rogue credit checks on your accounts should be denied. However, you might need to allow certain people access to your credit records for a specific period of time. For example, if you’re applying for a loan or a rental, you’ll most likely need to allow potential lenders and landlords to run a credit check. To do so may require that you:

  • Contact the credit reporting agencies by phone, fax or internet.
  • Provide proper identification to prove who you are.
  • Provide the unique PIN you established when enabling your credit freeze.
  • Specifying to whom your credit report will be accessible and for how long.
  • Paying any associated fees ($0–10) for each temporary access you approve.

Is this process a burden? Yes, but the credit agencies have made it far more simple in the age of the internet. Additionally, it’s far better than having your credit info stolen, abused or compromised. And it’s much better than having your identity stolen.

If you have better solutions, please: share them in the comments section. I think it’s worth discussing this as a community.

For those wanting to know more about the formal process, including sample letters you can use when writing to all three credit agencies, here is the link. And, I’ll toss in a bonus since you made it this far: here’s a link to a great article from Brian Krebs, a noted security expert, about credit freezing.

Now, go out there and lock it down, everyone!

David is a veteran of technology & comedy. Sign up for his fun & informative technology newsletter here: https://techtalk.substack.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store