Post Equifax: Will Free Credit Freezes Help?

freeze your credit

When Equifax announced the historic data compromise that exposed the sensitive personal information of up to 143 million consumers, the company said victims would have access to credit freezes for a month free of charge. This was not exactly a solution to the fresh hell it had just announced.

Frankly, it seemed like a relatively cheeky move considering the staggering number of people who had just learned that they will be looking over their shoulders for a virtual mugger for the rest of their lives. I wouldn’t be surprised if Saturday Night Live re-creates Equifax’s offer of free credit freezes (for a whole month!) as a classic schoolyard drama featuring a bully holding a stolen bike in front of its owner and offering to give it back for a hefty fee.

My first thought was definitely not, “That seems fair.”

And while I can’t speak to whether there was any discussion of sketch comedy in their process, the Identity Theft Resource Center (ITRC) seems to have had a similar reaction. It launched a change.org petition that urged Experian, TransUnion, and Equifax to let consumers freeze, thaw, and refreeze their credit files, free of charge, once per year.

Sadly, this is not a solution either.

The Legislative Angle

Senators Elizabeth Warren (D-MA) and Brian Schatz (D-HI) recently introduced legislation that would force the Big Three credit bureaus to provide more robust solutions to the 24/7 identity-theft quagmire we now inhabit thanks to the Equifax breach.

One of the main provisos was a legislative version of the ITRC petition: Give all Americans access to free credit freezing (and unfreezing) for life. Additionally, the bill would force the credit bureaus to reimburse any fees collected for freezes purchased after the Equifax compromise was made public.

“Credit reporting agencies like Equifax make billions of dollars collecting and selling personal data about consumers without their consent, and then make consumers pay if they want to stop the sharing of their own data,” Warren said when announcing the bill.

The Freedom from Equifax Exploitation Act is a move in the right direction, a roadmap for the Big Three to provide consumers with more robust fraud protections as well as an additional free annual credit report. (One free report is already a consumer right in the United States. You can check your credit report for free at Credit.com.)

That SNL sketch encapsulates the feeling of the Freedom from Equifax Exploitation Act: credit bureaus shouldn’t be able to profit off the fear generated by their failures to protect our sensitive data.

Freezes Aren’t the Answer

While it is good to get those freezes (if you can figure out how to set them up), a credit freeze is by no means the be-all and end-all answer to the “What now?” reality of 143 million consumers.

Credit freezes do not mitigate all threats.

First of all, you are still vulnerable to attacks on existing accounts. Two easy ways to help diminish this threat is by setting up transaction alerts and opting for two-factor authentication wherever it is offered.

You are also more susceptible to spear phishing emails and texts now, since fraudsters now know where you bank, where you have debt, and who financed your car. They no longer have to guess which bank you use, thereby making the whole process of defrauding you much more expedient—a real win for scam artist productivity. Employment and tax fraud as well as medical/healthcare fraud are also real concerns after the breach.

The best course of action given all these variables is to change the way you think about your vulnerability and practice the Three Ms, which I discuss in my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.

  1. Minimize your exposure. Don’t click on suspicious or unfamiliar links; don’t authenticate yourself to anyone unless you are in control of the interaction; don’t over-share on social media; be a good steward of your passwords; whenever offered, opt for 2-factor authentication; safeguard any documents that can be used to hijack your identity; and freeze your credit.
  2. Monitor your accounts. Check your credit reports religiously; keep track of your credit scores; review major financial accounts daily if possible (better yet, sign up for free transaction alerts from financial services institutions and credit card companies); read the Explanation of Benefits statements you receive from your health insurer; and seriously consider purchasing a sophisticated credit- and identity-monitoring program.
  3. Manage the damage. Make sure you get on top of any incursion into your identity quickly and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and employers.

The Three Ms are not a solution to the threat of scams in the wake of the Equifax hack, but they are a lifestyle change that can help fend off the inevitable attempts to exploit your identity for ill-gotten gain.

Image: istock

The post Post Equifax: Will Free Credit Freezes Help? appeared first on Credit.com.

Identity Thieves Bought a New Car in Her Name—Here’s How She’s Fighting It

identity-theft-after-death

Jen* is one of the few people that opens and reads every piece of mail they receive. It’s a quirk that has paid off: A piece of junk mail is how Jen found out someone had stolen her identity.

“I opened a letter from Macy’s, which I thought was weird,” she said. “I haven’t shopped there in years. But the letter was a rejection of a credit card application.”

Jen took immediate action, placing a credit freeze on her accounts. She thought it was all resolved then, but her identity theft nightmare was just beginning.

The Depth of the Identity Theft Problem

Jen checks her free credit report every four months. After finding the Macy’s rejection letter, she immediately checked her report again.

There were several credit inquiries for loans and credit cards that she had not made. Banks and lenders had rejected all of them. However, there was one item on the report that had been approved: a car loan for a $30,000 vehicle.

“The thief applied for a loan through an online company, which is much easier than applying for a loan in someone’s name in person,” Jen said. “She picked up a used Lexus the next day. She used my Social Security number but didn’t use my actual last name. The company still didn’t bat an eye.”

The thief even took out a car insurance policy in Jen’s name. Again, the thief applied for an account online for easier approval.

Beyond Credit—How Theft Affects You

“There were about a dozen inquiries on my credit report besides the car loan, all of which hurt my credit score,” said Jen. “And, the thief didn’t make payments on the insurance or the car, which could have hurt my credit too. I had to take action right away.”

Jen then filed a police report. An officer came to her home, and she handed over copies of her credit report with all of the fraudulent inquiries. Because it was a financial matter, the officer handed the case off to a different department.

Once Jen had a copy of the police report, she took action rather than waiting for the police to work it out. Luckily, her employer offered a free identity protection service through InfoArmor. She called the company, and representatives assigned her a case manager. Together, Jen and the case manager made a list of every false inquiry on Jen’s report and started contacting the companies one by one to have them removed.

“There were inquiries for store credit cards, phone companies, furniture stores, and car loans,” said Jen. “All of them were at places in California, and I’m thousands of miles away from there.”

The process couldn’t be completed in one day. The thief had taken information from Jen’s LinkedIn profile to verify employment dates on applications, and the person’s actions changed her security questions on the credit bureau sites as well.

Jen’s credit report now showed the thief’s address and other information instead of her own, so she couldn’t dispute the charges online. Instead, she had to call each business herself and prove her identity.

Most of the companies’ customer service departments were available only between 9 a.m. and 5 p.m., when Jen was at work. “I had to squeeze in calls on my lunch break and every spare minute I had,” she said.

Over the course of two months, Jen spent over 80 hours on the phone to dispute charges and inquiries. There were times when she was on the phone for five hours straight. Despite the long hours, she values the identity protection service for helping her handle it.

“[The case manager] was on the phone with me for the full time,” she said. “He helped me keep it together and work through the list of companies.”

Other Financial Ramifications of Identity Theft

Although the phone calls were tedious and incredibly time consuming, there were larger issues that Jen hadn’t even considered. Her InfoArmor case manager helped her navigate those problems as well.

“I could never have thought of it all on my own,” she said. “But he told me I needed to alert my 401(k) company, my mortgage lender, and my credit union account so [the thief] couldn’t access those accounts too.”

Worst of all, the problem still isn’t over. The car loan has been removed from her credit report, but other inquiries remain. Jen also worries about future issues, such as the thief filing a fraudulent tax return in her name to get a tax refund.

“I’m worried about my taxes,” she said. “It’s a real stressor. I contacted the IRS, but I’m still concerned.”

She has every reason to worry. Despite now having the thief’s full name and address, the police have not yet arrested or charged the individual. Instead, the investigation is ongoing thousands of miles away.

Advice for Dealing with ID Theft

Thanks to Jen’s hard work, her credit score has recovered since the identity theft. She notes that not everyone could handle identity theft as quickly as she did, nor does everyone have the means.

“It was time consuming and tedious, but it was also expensive,” she said. “I had to pay to FedEx documents across the country, to put a credit freeze on my account, and to have access to a fax machine—most of the documents couldn’t be emailed because of security concerns, so faxing them was the only way.”

In addition, Jen said that her employer and coworkers were understanding as she navigated the process. In many workplaces, taking personal calls during work wouldn’t be possible. Other people might have had to take time off from work to deal with identity theft, hurting their paycheck.

For those who face a similar situation, Jen recommends you do the following:

  • Take diligent notes and keep them nearby. Every credit inquiry Jen disputed had its own case number, and because she sometimes had to wait days for a response, Jen had to move quickly when she did get a response. Keeping a notebook handy with every case number, the date and time of each call, and who she spoke to last helped her stay on top of the issue.
  • Check your credit report. Jen caught the problem early, which saved her credit and finances. It’s a smart idea to check your credit report every four months for red flags.
  • Consider hiring a service. While Jen was able to get identity protection for free, she says she would have willingly paid for it. Her case manager helped her through every phone call and identified other actions she needed to take to protect herself.
  • Give yourself a break. Dealing with endless phone calls and the stress of identity theft can be hard on your nerves and well-being. Jen advises giving yourself a break every now and again and indulge in some self-care.

Moving Forward after Theft

Jen doesn’t know how the thief got her Social Security number or name, especially because she’s diligent about protecting sensitive information. However, she suspects it’s from medical forms from her frequent doctor appointments, as they all required her to enter her Social Security number, address, birthday, and other identifying information—making her an easy target for identity theft.

“Unfortunately—and the police said the same thing—people take those forms and sell them on the black market for others to use,” she said. “It’s made me much more conscious of what I put out there.”

Jen’s story isn’t an anomaly. A whopping 41 million Americans have experienced identity theft. That’s why it’s so important to continually and regularly check your credit report.

“You have to stay on it to prevent your name and credit report from being ruined,” Jen said. “Be diligent.”

*Because the investigation into this situation is ongoing, the individual featured asked that we not use her real name.

Image: istock

The post Identity Thieves Bought a New Car in Her Name—Here’s How She’s Fighting It appeared first on Credit.com.

The Equifax Breach and the Cybersecurity Silver Bullet

acer hack

Some time ago, the popular show Mythbusters wanted to find out if the Lone Ranger was right about silver bullets being better than lead ones. Turns out silver bullets are actually slower and less accurate.

When it comes to cybersecurity, quick-fix silver bullets are also less effective than tried-and-true approaches. The most effective cybersecurity strategies begin with two certainties: mistakes will be made, and breaches like the one that hit Equifax will keep happening.

The 143 million consumers exposed in the Equifax breach provide plenty of evidence that there’s still no effective “silver bullet” when it comes to both chronic and acute threats to our collective cybersecurity.

While the Equifax breach is by no means the largest hack to date (that distinction still belongs to Yahoo), it definitely stands out as the breach with the greatest potential to harm its victims.

The Equifax hackers got the most complete data dossiers possible on millions of people. Those dossiers are worth about $30 on the black market and include Social Security numbers, names, addresses, birth dates, and, in some cases, driver’s license numbers. Additionally, the credit card numbers of 209,000 consumers were lifted.

What can be done with this information? Just about every sort of identity theft imaginable.

Credit lines and credit-worthiness can be destroyed overnight, health care records can be polluted with the information of thieves using your benefits illegally, and it can be nearly impossible to get medications filled in a timely manner. Crimes can even be committed in your name, since the thieves have all they need to create a driver’s license with your information and someone else’s photograph.

No Easy Fix

If there were any easy way to solve the data-breach problem, we’d be seeing fewer newsworthy compromises. But as yet, nothing works.

Take, for instance, biometrics. Fingerprints, retina scans, body weight, and shoe size—they offer a great addition to the various ways we authenticate ourselves to the systems storing our data. But they are not a true fix. If a security patch released by a software provider is not installed, as happened in the Equifax breach, it doesn’t matter how many body parts you scan.

Picture the mailboxes in the lobby of a city dwelling—the individual boxes can be opened with one master key so the letter carrier can slot the mail for all the apartments at the same time. It doesn’t matter how well you protect the key for your one apartment’s mailbox if a thief gets access to the master key. The same goes for individual cyber hygiene in the face of a breach.

One of the most promising solutions was once thought to be tokenization—a system of referents that create an impenetrable security trail—but it suffers from the same issue that was behind the Equifax hack: human beings messing up.

Tokenization systems have to be secured and validated using security best practices. That’s where the fallibility part creeps in. Those best practices still need to be implemented by fallible humans with busy lives who have not been told—and consistently reminded—that they are the only solution to the data breach problem.

Data breaches and the identity-related crimes that flow from them are the third certainty in life—right after death and taxes—because there will always be that fallible human element. Education can help mitigate the risks, but even the savviest populace will make mistakes.

Real Solutions

Senator Elizabeth Warren has set her sights on the three credit reporting bureaus, specifically demanding that they offer credit freezes for free. The looming threat of credit hijacking is made possible by the hoarding of information—the credit reporting bureaus’ daily bread. It seems logical, then, that the bureaus should have to pay for the most common crime that data can lead to: credit fraud.

While new laws are good, education is the only real solution.

For many years now I have been advocating a system called the Three Ms, which are the centerpiece of my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.

Practicing the Three Ms continues to be the best way to keep your personally identifiable information from being used in identity-related crimes. 

  1. Minimize your exposure. Don’t click on suspicious or unfamiliar links; don’t authenticate yourself to anyone unless you are in control of the interaction; don’t overshare on social media; be a good steward of your passwords; opt for two-factor authentication whenever it’s offered; safeguard any documents that can be used to hijack your identity; and freeze your credit.
  2. Monitor your accounts. Check your credit reports religiously (you can check your credit report for free on Credit.com); keep track of your credit scores; review major financial accounts daily if possible (better yet, sign up for free transaction alerts from financial services institutions and credit card companies); read the Explanation of Benefits statements you receive from your health insurer; and seriously consider purchasing a sophisticated credit- and identity-monitoring program.
  3. Manage the damage. Make sure you get on top of any incursion into your identity quickly and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and employers.

The odds of President Trump giving his entire fortune to the NAACP are probably better than the chances that we’ll be experiencing fewer big breaches in the future. An individual’s security protocol is only so useful, but an individual’s actions make all the difference.

Image: istock

The post The Equifax Breach and the Cybersecurity Silver Bullet appeared first on Credit.com.

No, Equifax Is Not Calling You. Watch Out for Scam Phone Calls After the Data Breach

Source: iStock

Less than a week after the Equifax data breach was made public, it seems scammers are already looking for opportunities to prey on concerned consumers.

The Federal Trade Commission posted a scam alert Thursday warning consumers to not give their personal information to anyone who calls and claims to be an Equifax representative. Over the summer, hackers breached the Atlanta-based credit bureau’s database and accessed the personal information of about 143 million consumers, including sensitive information like Social Security numbers.

But Equifax is not calling those affected by the breach, so if you get a phone call from someone saying they represent Equifax and want to verify your account information, the FTC advises you hang up. It’s ironic, in a way, to target victims by posing as a concerned Equifax representative. The company has been criticized widely for its sluggish response to the breach, which occurred sometime between mid-May and July but wasn’t discovered until July 29 and wasn’t announced until more than a month later.

In response to the security failure, the House Committee on Energy and Commerce has demanded Equifax answer several questions about the breach, including why the company put off announcing the breach for so long. Equifax has until Sept. 22 to respond to the committee’s questions, and the committee plans to hold hearings on the breach in September or October.

In a company statement, Equifax CEO Richard Smith said the breach was a “disappointing event.”

“Confronting cybersecurity risks is a daily fight,” he added. “While we’ve made significant investments in data security, we recognize we must do more. And we will.”

In the breach, people’s Social Security numbers, dates of birth, addresses, and other personally identifiable information (PII) were compromised, so it’s understandable you’d be worried and are looking for help.

Here’s what you can do to take control of protecting your identity.

Assume you’re affected

While you can go to Equifax’s website and go through a multistep process to see if your information has been compromised, you can also just assume someone has their hands on your personal information. (It’s also worth noting the Equifax site reportedly isn’t reliable for telling you if you’re affected, and many consumers have reported the site is slow to load or doesn’t load at all.) Even if you weren’t among the 143 million whose personal information was compromised in this breach (and the odds aren’t in your favor), chances are it has been or will be in a breach at a different company or organization. With that in mind, you’ll want to focus on how to detect signs of identity theft and how to respond to them.

Monitor your credit

Equifax responded to the breach by offering free credit and identity monitoring to everyone — not just those affected — for a year through TrustedID Premier. You must go to equifaxsecurity2017.com to enroll, which requires entering your last name and the last six digits of your Social Security number. You’ll then be given an enrollment date, which may be several days after you start the enrollment process, at which point you can return to the site to continue enrollment. You’ll need to set a reminder to continue the process, as Equifax won’t send you a notification when it’s time.

You have many other ways to find out if someone has misused your personal information. Several companies offer free credit scores — Credit Karma, Discover, Capital One, Mint, LendingTree (our parent company), etc. — either to everyone or to their customers. To help you choose, we put together this guide to getting your free credit score. Credit Karma also offers a free credit monitoring service, and Discover cardmembers can sign up for alerts when their Social Security numbers are detected on suspicious websites. You can also pay for credit monitoring services from a number of providers, including the three major credit bureaus Equifax, Experian and TransUnion, as well as credit scoring giant FICO.

Consider a credit freeze

You can also freeze your credit so no one, not even you, can apply for new credit using your information. If you do this, you have to initiate a freeze with each of three major credit bureaus, as well as “thaw” each report when you want to apply for a new credit account. Every time you freeze and thaw your credit you may be charged a fee, which varies by state. This only protects you from credit fraud and does not prevent things like taxpayer identity theft, criminal identity theft, medical identity theft, and insurance identity theft.

On Sept. 15, Equifax announced it is waiving the fee for removing and placing credit freezes on Equifax credit reports through Nov. 21, 2017. Anyone who paid for an Equifax freeze at or after 5 p.m. EDT on Sept. 7 will receive a refund, the company said.

Have a plan for responding to identity theft

One of the best ways you can prepare for identity theft is to detect it early. After that, you need to know how to resolve it. You can do this yourself by filing a police report, disputing fraudulent accounts on your credit reports, and making the phone calls necessary to correct any problems stemming from the fraud. Or you could pay someone to help you with this time-consuming task. Check with your employer to see if they offer identity theft insurance or identity theft resolution services as an employee benefit, and if not, consider paying for it.

We’ve rounded up the best identity theft resolution services here.

More than anything, remain calm as you sort through the fallout of this breach. Focus on making a plan for protecting yourself from and responding to identity theft and making sure you only deal with trustworthy service providers.

The post No, Equifax Is Not Calling You. Watch Out for Scam Phone Calls After the Data Breach appeared first on MagnifyMoney.

Your Equifax Download: What You Need to Know about the Equifax Hack

Teenage girl with hands on face victim of cyber bullying

Everyone knows a mosquito bite doesn’t really start itching until the damage has already been done, and the same goes for many kinds of identity-related crimes. With news of the recent Equifax breach continuing to surface, what do you need to know now to limit your exposure?

Equifax has estimated the hack impacts 143 million people, mostly in the United States. (That’s almost half the US population!) The thieves stole names, Social Security numbers, birth dates, addresses, and driver’s license numbers.

Each item of personally identifiable information (PII) is like an ingredient for a recipe. The more ingredients you have, the more recipes you can prepare. Similarly, the more pieces of PII exposed, the more kinds of fraud thieves can commit. If there were a fraud equivalent of The Joy of Cooking, thieves just got access to all the ingredients necessary to make every recipe in the book.

The Problem with Freezing Your Credit Report

The New York Times reported still more bad news in the wake of the Equifax announcement.

The credit freeze service the credit bureau offered (originally offered for a fee until it finally decided to provide it for free for 30 days) generated PINs that were based on the time and date the PIN was created. These PINs are required to release the freeze whenever you need to grant access to your credit files in connection with a loan, an apartment rental, or a job application (where permitted by law). Unfortunately, they’re laughably easy for a hacker to guess before then.

The bigger problem is that a freeze needs to be in place at all three reporting agencies in order to be effective. As credit expert John Ulzheimer told the New York Times, putting a freeze on your credit with only one reporting agency is “like locking one of three doors in your house and leaving the other two unlocked. You’re hoping the thief stumbles on the locked door.”

Types of Fraud to Be Aware Of

The hackers also made off with 209,000 credit card numbers and 182,000 credit dispute documents containing personally identifying information.

In August, there was a spike in credit card fraud, according to the New York Post. It seemed odd to security experts at first, since credit card fraud typically increases around the holidays. The Equifax news seems to provide an explanation for the statistical oddity. “We saw a 15% increase in the overall fraud attempts in our system in August, which is an unusual time of year to see such a spike,” said Liron Damri, cofounder of Forter, a fraud-prevention service for online retailers.

But the threat goes way beyond maxed-out credit cards, fraudulent credit applications, and tax-refund fraud. With Department of Motor Vehicle information also in play, the risks are elevated. A fake ID made out in your name could cause you to get arrested for an outstanding warrant. In the realm of identity-related fraud products, a fake driver’s license is a luxury item for sure, but it’s still one that could hurt you if a scammer provides your information on a fake license the next time they’re pulled over for speeding or collared for a crime.

And then there’s the serious risk of medical-identity fraud. Consumers could see delays in prescription fulfillment because of fraudsters using their health care information. Worse, consumers may not be covered for health care expenses until they are able to prove they are who they claim to be using the same information that the crooks used—a frustrating and often complicated process.

Legal Remedies 

One can only assume there will be lawsuits galore. In fact, one enterprising person has already automated the process. A robot lawyer is on the case, allowing consumers to automatically file a claim against Equifax in small claims court.

According to the Verge, consumers are still able to join class action suits while pursuing a small claims court remedy.

“Even if you want to be part of the class action lawsuit against Equifax,” the Verge reported, “you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee.”

Protecting Yourself Now

To say that the Equifax PIN assignment process was incompetent is an understatement. Nevertheless, it is a teachable moment. While it’s okay to hope that your services and vendors will do things right, you need to stay vigilant. And this should go without saying: if you can change privacy and authentication settings on a product or service, do it. If that’s not possible, perhaps you should consider finding a new vendor or service.

The easiest way to protect yourself, in my opinion, is by using a system called the “Three Ms.” The Three Ms is the centerpiece of my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, and the approach continues to be the best way to keep your personally identifiable information from being used in identity-related crimes.

And they are simple: 

  1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t oversshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.
  2. Monitor your accounts. Check your credit report religiously, keep track of your credit score, and review major accounts daily if possible. (You can check your credit report for free at Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit- and identity-monitoring program,
  3. Manage the damage. Make sure you get on top of any incursion into your identity quickly, and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.

Your Chances of “Getting Got”

Scammers pay around $30 per complete ID dossier on the black market. With 143 million packets available through the Equifax breach, that’s more than 4 billion dollars’ worth of information. Though it may not seem so at first glance, this could actually be good news for you: your chances of “getting got” decrease with an increase in available targets.

Odds aside, though, Equifax is not the first, nor will it be the last, breach of note. Being prepared and alert is still the best remedy, because breaches have become the third certainty in life—right behind death and taxes.

A final tip: check with your insurance company, financial services institution, or employer. You may already have access to identity protection and resolution services, which is your best bet when it comes time to navigate the identity theft quagmire.

Image: AIMSTOCK

The post Your Equifax Download: What You Need to Know about the Equifax Hack appeared first on Credit.com.

Freaked Out by the Equifax Hack? Here’s What You Need to Know

Source: iStock

About 143 million consumers’ sensitive information has been compromised in what was one of the worst data breaches to date in size and potential impact on consumers. Credit reporting agency Equifax announced the breach Thursday, more than a month after detecting the intrusion.

Equifax is one of the three national credit reporting agencies (the others being TransUnion and Experian) and collects a wide variety of consumers’ sensitive and personally identifiable information (PII). The information on credit reports determines credit scores and is used in lending decisions, among other things.

What happened

The breach exposed the names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s license numbers of about 44 percent of the current American population. Hackers also took the credit card numbers for about 209,000 U.S. consumers and dispute documents for 182,000 U.S. consumers.

In its announcement, Equifax said “criminals exploited a U.S. website application vulnerability to gain access” to the files. In addition to the millions of U.S. consumers affected, the company says the criminals had access to limited personal information of some U.K. and Canadian residents.

The Atlanta-based reporting agency said the thieves had access to the data from mid-May through July 2017, but it didn’t discover the breach until July 29. Equifax announced the breach more than a month after discovering it and hiring a cybersecurity firm to investigate.

The company says it’s also working with law enforcement authorities and that its investigation will be complete soon. Equifax has not said who they believe attacked their database.

What the breach means for consumers

The breach isn’t the largest to date, but it’s close. In 2016, Yahoo announced an attack that affected 500 million users. Another breach, announced just a few months later, involved 1 billion users. In those breaches, hackers stole users’ phone numbers and passwords.

The Equifax breach could be worse in impact, given the sensitive nature of the consumer data the company has on file. In its release, Equifax said it had found “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.” That doesn’t necessarily mean the information hasn’t been misused or that it won’t be misused, as signs of identity theft may not immediately show up on a credit report.

“If you were going to rate this breach from one to 10, this is a 10. The amount of sensitive info that is contained in the Equifax database is staggering,” says Adam Levin, founder of CyberScout and author of “Swiped,” a book on how and why consumers can protect themselves from identity theft.

When this level of information has been compromised, it “opens up the door for thieves to commit many different other types of identity theft. Not just financial, but criminal, government, medical theft as well,” says Eva Velasquez,the president of Identity Theft Resource Center.

Levin adds, when Social Security numbers are part of a database that’s been exposed, all of the individuals who have their numbers in that database will need to be “looking over their shoulders for the rest of their lives.” The Social Security Administration rarely changes someone’s Social Security number.

What to do now

First, don’t panic.

“People really feel violated when things like this happen,” says Velasquez. “Direct your energy from being angry or upset and feeling powerless to actually doing something and taking some steps to feel more empowered.”

Levin says the breach may add to “breach fatigue” — how the drastic rise in security breach causes consumers to believe breaches are inevitable and react to them apathetically instead of with urgency.

“But it shouldn’t,” Levin says. “It should be a clarion call. Unfortunately, as consumers we have to think of this as as if we’re alone. The government has failed us. The financial industry has failed us, and frankly we have failed ourselves. It’s important that we develop a culture of privacy and security.”

Find out if you are one of the impacted
Given the increasing threat and frequency of data breaches, everyone should be proactive in detecting identity theft. For this breach in particular, Equifax set up a website to see if you’re one of the people affected and how to enroll in the free year of credit monitoring it’s offering victims.

Visit equifaxsecurity2017.com and click on “Potential Impact.”

You’ll see a page with a large, rectangular button that says “Check Potential Impact” and a few lines of text.

Source: Equifax

The text explains that if you click on the link that says “Check Potential Impact,” you’ll be taken to a form that asks you to provide your last name and the last six digits of your Social Security number.

Based on that information, you’ll then be shown a message that says whether your personal information may have been impacted by the breach.

Source: Equifax

Regardless of the message you see, Equifax will give you the option to enroll in a credit monitoring service from TrustedID Premier. Beware: if you enroll, you’ll have to agree to waive some of your rights to sue Equifax. The arbitration clause is written in all caps in the company’s terms of service, but consumers may miss the language. The Washington Post reports Equifax on Friday updated its terms to incorporate a way out of the arbitration clause.

Consumers can be excluded if they let Equifax know within 30 days in writing they would like to be excluded from the arbitration clause, but must first accept the agreement.

If you choose to enroll, you’ll be given an enrollment date. There’s quite a backlog of people enrolling, so you have to take it upon yourself to return to the site on your enrollment date. In short: You have to take your protection into your own hands. Equifax isn’t doing it for you.

Source: Equifax

Sign up for credit monitoring

Equifax is offering one year of free credit monitoring through TrustedID Premier to all U.S. consumers, regardless of whether they were affected by the data breach. There are five services under the program:

  • Get a free copy of your Equifax credit report.
  • Sign up for credit monitoring and automated alerts to be notified of key changes to your credit report on any of the major big three reporting agencies.
  • Put a freeze on your Equifax credit report.
  • Scan suspicious sites for use of your Social Security number.
  • Get up to $1 million of identity theft insurance to help you pay for any costs you may incur if someone commits identity fraud against you.

Even if you don’t want to enroll in Equifax’s service, you should enroll in a credit monitoring service, like free options offered through Credit Karma, Discover, Mint, Wells Fargo, and Capital One® — there are lots of ways to keep tabs on your credit.

Some identity theft protection services like the ones offered through myFICO, charge a monthly fee to monitor your credit year-round and provide identity theft insurance.

Regularly review your credit reports

You’re entitled to a free annual credit report from each of the major credit bureaus, which you can get through annualcreditreport.com. Carefully check your credit report for any accounts or recent activity you don’t recognize.

Make a plan to respond to identity theft

Detecting identity theft as soon as possible is crucial to minimizing the damage and stress it can cause — that’s where credit monitoring and reviewing your credit reports comes in. But the next step is just as important: Know what to do when it happens.

You can dispute errors on your credit report, file a police report documenting the identity theft, and do the legwork of resolving any problems it causes. You can also pay for identity theft insurance or identity theft resolution services (some employers offer this as a benefit, so check with your human resources department). Here’s a guide on identity theft resolution, so you know what to do in case you see anything suspicious. Even if you don’t see anything out of the ordinary, you should continue to remain vigilant in monitoring your credit activity.

Freeze your credit report

Velasquez says a credit security freeze is an option impacted consumers should look at. It prevents any application for new credit without first verifying your identity. If you want to apply for new credit, you’ll have to “thaw” your credit reports. The credit bureaus charge a fee, which varies by state, every time you freeze and thaw your credit report.

“While that does create some added inconvenience, the level of protection is worth it,” says Velasquez.

Be alert for unusual activity

Now is the time to practice what Velasquez calls good “identity hygiene.”

“Being vigilant about your identity is just a part of the world that we live in,” says Velasquez. “ If being involved in a data breach is the catalyst that brings that to the top of your mind, then we can see that as a positive.”

Velasquez recommends consumers act proactively and remain cognizant of anything that may involve using or verifying their identity. For example, if you receive a notice from a government agency about benefits or some weird explanation of benefits, pay attention to it.

Even after you do things like enroll in credit monitoring and freeze your credit, continue to do your best to watch out for signs of abuse. Don’t wait until you start receiving strange calls from government agencies and debt collectors.

When tax season rolls around, file your return as soon as possible. Identity thieves frequently use Social Security numbers to get fraudulent refunds, and if they file before you do, it will further complicate your tax-filing process.

At the least, go through your financial statements regularly (the more often, the better) to look for anything out of the ordinary. While protection is top of mind, sign up for any alerts you can set up on your mobile banking app to receive transaction notifications.

The post Freaked Out by the Equifax Hack? Here’s What You Need to Know appeared first on MagnifyMoney.

How to Avoid Scams in the Wake of the Storm

High angle view of credit card with security lock on computer keyboard. Computer keyboard is in full frame position, defocussed. Focus on lock. Horizontal composition. Image developed from RAW format.

You’ve seen the dramatic footage of rescues and calamities, shots of stranded families, pets, and wildlife—even giant carp—and you’ve probably had the same reaction many other Americans had the past few weeks: “How can I help?”

There are myriad ways you can ease the suffering and hardship being experienced in the wake of Hurricane Harvey, but there are also a number of pitfalls to watch out for.

It is quite easy to fall prey to scam artists who come out in full force whenever a disaster of this magnitude occurs. In fact, the National Center for Disaster Fraud (NCDF) was instituted after Hurricane Katrina with a mission to hold post-disaster scam artists in check.

“Unfortunately, criminals can exploit disasters, such as Hurricane Harvey,” a recent NCDF release warned. These criminals have one goal: to get rich (or less poor) quick by sending crooked communications—and it doesn’t matter if it is via SMS, email, social media, or fraudulent websites designed to solicit contributions.

Several state attorneys general have sent out similar communiqués over the past week. If you want to help but are worried about scams, we’ve outlined best practices for you here.

What to Avoid

There are many ways a scam can go down. It’s worth bearing in mind that, just as you go to work, these criminals are also “going to work”—but their job is conjuring up new and ingenious ways to garner ill-gotten gains.

Phony Websites: One ploy that happens every year is in connection with the annual registration of storm names. Each spring, when the National Weather Service announces the roster of storm names, phony websites are registered using those storm names. These are hedges. Should the particular storm occur, the scammer is ready with a website purporting to collect relief funds—but in this case, it is relief from the criminal’s unbearable urge to separate you from your money, and, worse, your desire to help.

Crowdsourcing: Another common ploy is the GoFundMe page. Sometimes these pages are legitimate, but it’s up to you to do the research to figure that out. Crowdsourcing sites like GoFundMe provide you with the means to communicate with the organizer requesting funds, and you should always do so before donating.

Just because you saw the story of a particular person’s horrendous plight on the news doesn’t mean the GoFundMe campaign is legitimate. Scam artists saw the same segment. If you have any questions about a particular page, you should contact the crowdsourcing site directly in addition to the organizer of the campaign that you’d like to help.

Email Appeals: Do not reply to email appeals. Don’t do it if it’s an organization that you’ve given money to over and over. Don’t do it even if it’s your mom. Just don’t do it. The chances that you’re being baited into a phishing scam are high. It’s easier and safer to delete that message and type the URL of whatever charity is making the appeal into a securely connected internet browser instead.

The same goes for emails that link to images of a storm’s aftermath. Do not click those links.

Forwarded Emails: Never click on links emailed to you about big news events, even if they come from friends or family, unless you confirm with the sender that they actually sent the link. But, even then, be wary. They may just be forwarding a malware-laden email they received from someone they thought they knew (who was a scammer masquerading as the person they thought they knew). Email accounts can be spoofed, and any identity thief worth their salt can quickly and easily scam you using this method.

Never forget, if a scammer can get you to click on the right malware, they can drain your bank accounts or available credit, open accounts in your name, take advantage of your access to health care, divert your tax refunds, or commit other crimes in your name.

It’s also important to watch out for relief-related fraud. There have been multiple reports of people impersonating FEMA inspectors, insurance inspectors, and representatives of the National Flood Insurance Program. These impersonators perform another form of fraud—filing claims for relief money in your name.

Better Bets

If you’re looking for vetted places where your money will do the most good, there are many legitimate sources of information about helpful organizations.

If you see a story that interests you, get in touch directly with the organization or person featured. In our connected society, this is almost always possible, and it cuts out the risk of “getting got” by someone in the middle looking to take your money and run.

Before you submit your payment, make sure the charity you selected can actually deliver relief to victims. There are legitimate charity efforts that simply cannot deliver, often due to a lack of on-the-ground resources. Check to see if the charity you’re interested in already has operations in place, and if they don’t, find one that does.

If you’re worried you may have been the victim of identity theft or credit card fraud, you’ll want to check your bank accounts and credit reports regularly for suspicious activity. You can check your credit report for free at Credit.com.

Image: Ismailciydem

The post How to Avoid Scams in the Wake of the Storm appeared first on Credit.com.

Steps for Protecting Your Personally Identifiable Information at Home

Someone could be spying on you right now and you might not even know about it.

The only reason you have not yet been the victim of an identity-related crime (and that includes credit card fraud) is that no one practiced in the art has had the opportunity to separate you from your available credit, health care, or other bankable soft assets—yet.

The figures on data compromises vary, but Risk Based Security estimates that just last year more than 4.2 billion sensitive records were compromised—information that opens the door to all kinds of identity-related malfeasance, including account takeover, credit draining, theft of health care, and even the commission of a crime in the victim’s name.

To put it bluntly, your chances of avoiding fraud are right up there with winning it big at a bingo convention in Florida—slim to none.

Hopefully this is not news to you. If it is, read on for tips on how to protect yourself against identity theft.

Familial Identity Theft

Unless you’ve been pulling double shifts in a pyramid guarding one of the lesser-known pharaohs, you already know the basics about protecting yourself against the threat of ID theft. You never answer the phone by saying “Yes,” no matter what the interlocutor says (thieves steal voiceprints to authenticate your accounts and take them over), you use two-factor authentication whenever it’s offered, and your long-and-strong passwords are never used to access more than one account.

But here’s a factor you may not be protecting yourself against: the various ways you are vulnerable to identity theft at home.

The Identity Theft Resource Center has provided a comprehensive guide for navigating the problem of familial identity theft—that is, when a friend or a family member steals your identity.

While no one can be completely protected from identity theft, there are things you can do to safeguard yourself against this particular approach. First, you can practice the three Ms that I first introduced in my book, “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.”

  1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.
  1. Monitor your accounts. Check your credit report regularly (you can check your credit report for free on com), keep track of your credit score, and review major accounts daily if possible. If you prefer a more laidback approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit- and identity-monitoring program.
  1. Manage the damage. Make sure you quickly get on top of any incursion into your identity and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.

Minimize Your Exposure to Identity Theft at Home

Regardless of your income and regardless of your likeability, someone you know is probably willing and able to steal your identity. To stave off that eventuality, you need to practice the first M: Minimize your exposure at home.

Consider what kind of personally identifiable information (PII) lives with you in your home—everything from tax returns to password cheat sheets. Now think about where these things are stored.

If you are like most people, your tax returns are at best kept in a locked filing cabinet with a key hidden in a not-too-paranoid spot nearby. For still more people, the above security measure has more in common with the protections at Fort Knox than the protections they’ve put in place themselves. Maybe it’s time to rethink that cardboard box.

The individuals who are regularly in and out of your house, and those who live in your house, are in a position to know what you have, where you have it, and the most opportune moments to steal it. It may be only a matter of time before they use that barely hidden key, or simply take that cardboard box.

Who are we talking about here? Literally anyone who can get in your house. And don’t think for a moment it matters if you’re at home, because the most sticky-fingered among us can rob us blind on a trip to the bathroom.

Our homes are not perfect sanctuaries, as much as we would like to think they are. Repair people come through, utility meters need to be read, we hire babysitters and housekeepers, friends and relatives come by to visit: all of them are potential ID thieves.

What You Can Do

There are a variety of things you can do to safeguard your PII in your home and minimize your attackable surface.

  • Miniaturize your data. Not only is a mountain of paperwork hard to store, it is also increasingly unnecessary. Get into the habit of scanning or even photographing your documents and then shredding the hard copies. Create two or three copies of the digital files—and make sure one of them is stored somewhere other than your house, since fires and other cataclysmic events do happen.
  • Use encrypted external storage. Whether you choose a thumb drive, a cloud server, or an external hard drive, store your PII digitally in an encrypted form. And it’s always better to choose a device that offers rich security features, like biometrics or two-factor authentication.
  • Invest in a safe. Once the exclusive equipment of rich folks, safes are now very affordable. They are a great place to store all that miniaturized data. Get one that is fireproof and has a biometric element (like a fingerprint scan) to further protect your information.
  • Employ two-factor data management. Store your data in more than one place. An encrypted drive can be left with the most untrustworthy relative. Just make sure that you have a backup somewhere. If you have a safety deposit box, that’s probably the best bet.

At the end of the day, you are the only one with access to the data points needed to figure out precisely how vulnerable you are to identity theft. If you think like a thief, you will be pointed in the right direction.

Image: shapecharge

The post Steps for Protecting Your Personally Identifiable Information at Home appeared first on Credit.com.

12 Places Your Data May Not Be Safe (And What You Can Do)

Someone could be spying on you right now and you might not even know about it.

Data compromises and the identity-related crimes that flow from them are now the third certainty in life, right behind death and taxes. That said, there is plenty you can do to stay as crime-proof as possible.

According to Risk Based Security, more than 4.2 billion records were compromised worldwide in 2016 alone. In truth, the total number of compromised records is unknowable. Here’s what you do need to know: it is a near certainty that most, if not all, of your personal identity portfolio is already “out there.”

How to Keep Your Personal Information Safe

Identity theft is a catch-as-catch-can endeavor. Where there is a will, there is almost always a way. In fact, many, if not most, of us have already been compromised either by a breach or as a result of obsessive (and excessive) overexposure on social media. Enough of our personally identifiable information (PII) is readily available on the web to make us easy targets for phishing attacks and identity-related crimes.

Thankfully, identity theft is often a crime of opportunity. All that vulnerable information still needs to be accessed, which may require more effort than your average identity thief is willing to expend. This is why it’s important to keep your data safe from those opportunistic hands.

Here’s what you need to bear in mind at every turn: It’s likely that you’re going to “get got” with PII that hasn’t been compromised . . . yet.

Though it may seem like a lost cause, you can make yourself a harder target to hit. First, you should follow the three Ms:

Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.
Monitor your accounts. Check your credit report regularly, keep track of your credit score, and review major accounts daily if possible. If you prefer a more laidback approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit and identity monitoring program.
Manage the damage. Make sure you quickly get on top of any incursion into your identity and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.

Where to Check Your PII

To minimize your exposure to identity thieves, you’ll want to evaluate places that may not be making the security of your PII a priority. Here are twelve places that may not be keeping your personal data safe.

1. Small businesses: Mom-and-pop shop owners have a lot on their plates, and managing your personal data isn’t necessarily on the front burner. Whether it’s the company that fills your oil tanks, a lawn service, or a local store where you have a tab, ask how they store your information. If they give you a vague answer, ask them to erase whatever they have—and watch them do it, if possible.
2. Children’s sports leagues: Children’s sports leagues need basic information to enroll your child, including medical contacts, names, addresses, emergency contact information, and other data points that can be used in identity-related crime. If you get a vague answer about data storage, ask them to erase whatever they have.
3. Doctors and dentists: You ever see those color-coded files sticking out of open metal cabinets at a medical provider’s office? They contain all the information needed to steal your healthcare services, compromise your financial accounts, or file fake tax returns and divert your refunds. If you see something, say something. Either way, ask your medical professionals how they store your records and request that they be stored securely.
4. Veterinarians: You might not think that your vet’s office could be a point of vulnerability. Worse yet, the possibility of data compromise may not have occurred to your vet, either. Ask how they store your data. Chances are good they will improve their methods once they understand the immediate consequence of lost business for failing to do so. If they don’t respond, ask for your file and vamoose.
5. Gyms and fitness clubs: Increasingly, fitness clubs are on the ball when it comes to data security, but you’ll still want to ask how they store your information. If they don’t have a satisfactory answer, you may want to consider looking for a different gym.
6. Educational institutions: Many people contribute to the care and education of our children. Unfortunately, not all of them are educated in the ways of cyber hygiene, which is why it matters how your child’s information is stored by these institutions. Always ask about it and request that your child’s information be stored securely. Once it no longer makes sense for a particular institution to have personal information about your children, ask that they delete their records.
7. Accountants: While bigger accounting firms are liability-minded, smaller firms and one-person operations may not be as up to date on cybersecurity best practices. In addition to having hard copies of your files, which contain extremely sensitive personal data, your accountant has to send electronic files to the IRS and other state agencies that collect your taxes. Make sure they are using secure networks and store your files securely. If they don’t, it’s in your best interest to look for a more secure accountant.
8. Lawyers: If you’re worried about the amount of sensitive data residing with your accountant, take a moment to reflect upon the sort of personal information that resides with your attorney. It’s okay to have a direct conversation about their data security practices. If there is any pushback, take your business (and your data) elsewhere.
9. Real estate agents: While they may not have a lot of your PII, real estate agents have enough for a thief to get a foothold into your mineable credit. If your agent gives you a vague answer about how they handle sensitive information, don’t give them any—or limit what you share to the bare minimum required.
10. Car dealerships: Car dealerships are focused organizations. While their employees know a great deal about closing deals, they may not know how to close the gates to ID thieves—and because they offer credit, they are in possession of the skeleton key to all your finances: your Social Security number. Make sure it’s safe. You’ll want to check with any other retailers that offer credit as well, since they will also have access to your SSN.
11. Travel agencies: In order for travel agents to do their job, they likely need your name, address, date of birth, contact info, emergency contact information, license or passport number, and credit or debit card number. You need to know how long they will keep it and how they will store it. If you are not satisfied with their explanation, cruise on over to someone else.
12. Home: Your domicile is an El Dorado of personal information, and you need to be able to protect those riches. Store all of your most-sensitive documents in a secure, fireproof location. Better yet, scan and store them in an encrypted, password-protected thumb drive.

Never forget, the ultimate guardian of the consumer is the consumer. No one cares more about the protection of your personally identifiable information and your financial security than you do.

Image: shapecharge

The post 12 Places Your Data May Not Be Safe (And What You Can Do) appeared first on Credit.com.

The Hidden Cost of Verizon’s ‘Free’ Rewards Program: Your Data

Free rewards programs can actually cost you in terms of privacy.

With the announcement of Verizon Up, a new wireless rewards program that provides users with customer incentives, first-dibs opportunities on things like VIP tickets and other exclusive deals, we thought it was time to review how reward marketing plans work.

First, the good news: Verizon Up is free!

Like their intrusive cousin the loyalty program, reward-based marketing schemes usually require no additional fees. In essence, Verizon Up is a camouflaged version of what author Seth Godin calls “permission marketing.”

Now the bad news: Nothing is free. Verizon is making you pay with your personal information instead of money. But make no mistake: They’re going to profit more than you will from the arrangement. (Note: Verizon did not return our request for comment.)

Never were the words of the German philosopher Georg Wilhelm Friedrich Hegel more prescient: “To be free is nothing, to become free is everything.” Translation: In the world of big data, there’s no such thing as “free.” If a company offers you something for your data, you’re the product. They are monetizing your information.

The eligibility requirements on Verizon’s website make this clear. Opting in enables Verizon to personalize marketing sent your way by them, and by other companies, using your data.

What Data?

These days “your data” is pretty much anything marketing companies can get their hands on. If you belong to a gym, it may be selling that fact to a third party, and with it possibly more data about how often you go and anything you bought there to enhance your workout.

If you use a mobile phone, your data could include everywhere you have gone and most likely anything discussed via text. Whether or not you use the popular Waze app, there’s data on how fast you drive, which in the wrong (or right) hands could affect the rates you pay for car insurance — never mind the possibility that law enforcement could one day claim jurisdiction in the realm of cyberspace-clocked speeding tickets.

When it comes to your data, the goal is to create a granular portrait of you — your interests, likes, dislikes, passionate yearnings — all of it prepared and arranged for resale to companies and organizations hoping to match products and services with various aspects of your personality.

How Specific Does This Get?

The kind of information the big data companies have — what constitutes “your data” — depends on your privacy hygiene. The less you share, the fewer times you opt in, the more privacy you will enjoy.

Companies like to incentivize the sharing of personal data. Sometimes it’s by creating something fun, like a toy or gaming experience. The lure of social media is hard to resist but every like and comment becomes part of your sellable data.

If you’ve ever signed up for a loyalty program, everything you’ve purchased will be included under the heading of “your data,” providing a very specific window into your life, not just simple stuff like your gender and age — they already know that — but your health and habits based on what you buy. And of course, your credit card companies know more about you than almost anyone else — including, probably, you. (You can get an idea of what they see about you with a free credit report snapshot on Credit.com.)

Nothing to See Here

Remember the story about the emperor’s new clothes? Basically, he didn’t have any. That’s the deal here. And while Verizon is not alone in perpetrating a consumer data grab, their recent announcement makes them today’s blue-plate special.

As is the way with this kind of offer, Verizon Up will provide users with some perks, but for what? And is it a fair swap?

To be clear, whenever the right to use your data, without limitation, is the ask, saying “yes” is never going to be the answer I recommend. It doesn’t matter what you’re getting for it. In this case, Verizon is asking to monetize the data on products and services that you use (and pay for) as well as far more personal stuff, “including location, web browsing and app usage.”

Does this mean your iPhone Safari browser can be set to “Private” and it doesn’t matter? Internet service providers can see any traffic that doesn’t move via virtual private network. So, is everywhere you go online still visible, able to be sold to a third party no matter how private?

It doesn’t matter. Get in the habit of saying no.

When it comes to privacy, you need to be your own advocate. As Toni Morrison said, “Nothing and nobody is obliged to save you but you.”

Image: serdar_yorulmaz

The post The Hidden Cost of Verizon’s ‘Free’ Rewards Program: Your Data appeared first on Credit.com.