Your Equifax Download: What You Need to Know about the Equifax Hack

Teenage girl with hands on face victim of cyber bullying

Everyone knows a mosquito bite doesn’t really start itching until the damage has already been done, and the same goes for many kinds of identity-related crimes. With news of the recent Equifax breach continuing to surface, what do you need to know now to limit your exposure?

Equifax has estimated the hack impacts 143 million people, mostly in the United States. (That’s almost half the US population!) The thieves stole names, Social Security numbers, birth dates, addresses, and driver’s license numbers.

Each item of personally identifiable information (PII) is like an ingredient for a recipe. The more ingredients you have, the more recipes you can prepare. Similarly, the more pieces of PII exposed, the more kinds of fraud thieves can commit. If there were a fraud equivalent of The Joy of Cooking, thieves just got access to all the ingredients necessary to make every recipe in the book.

The Problem with Freezing Your Credit Report

The New York Times reported still more bad news in the wake of the Equifax announcement.

The credit freeze service the credit bureau offered (originally offered for a fee until it finally decided to provide it for free for 30 days) generated PINs that were based on the time and date the PIN was created. These PINs are required to release the freeze whenever you need to grant access to your credit files in connection with a loan, an apartment rental, or a job application (where permitted by law). Unfortunately, they’re laughably easy for a hacker to guess before then.

The bigger problem is that a freeze needs to be in place at all three reporting agencies in order to be effective. As credit expert John Ulzheimer told the New York Times, putting a freeze on your credit with only one reporting agency is “like locking one of three doors in your house and leaving the other two unlocked. You’re hoping the thief stumbles on the locked door.”

Types of Fraud to Be Aware Of

The hackers also made off with 209,000 credit card numbers and 182,000 credit dispute documents containing personally identifying information.

In August, there was a spike in credit card fraud, according to the New York Post. It seemed odd to security experts at first, since credit card fraud typically increases around the holidays. The Equifax news seems to provide an explanation for the statistical oddity. “We saw a 15% increase in the overall fraud attempts in our system in August, which is an unusual time of year to see such a spike,” said Liron Damri, cofounder of Forter, a fraud-prevention service for online retailers.

But the threat goes way beyond maxed-out credit cards, fraudulent credit applications, and tax-refund fraud. With Department of Motor Vehicle information also in play, the risks are elevated. A fake ID made out in your name could cause you to get arrested for an outstanding warrant. In the realm of identity-related fraud products, a fake driver’s license is a luxury item for sure, but it’s still one that could hurt you if a scammer provides your information on a fake license the next time they’re pulled over for speeding or collared for a crime.

And then there’s the serious risk of medical-identity fraud. Consumers could see delays in prescription fulfillment because of fraudsters using their health care information. Worse, consumers may not be covered for health care expenses until they are able to prove they are who they claim to be using the same information that the crooks used—a frustrating and often complicated process.

Legal Remedies 

One can only assume there will be lawsuits galore. In fact, one enterprising person has already automated the process. A robot lawyer is on the case, allowing consumers to automatically file a claim against Equifax in small claims court.

According to the Verge, consumers are still able to join class action suits while pursuing a small claims court remedy.

“Even if you want to be part of the class action lawsuit against Equifax,” the Verge reported, “you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee.”

Protecting Yourself Now

To say that the Equifax PIN assignment process was incompetent is an understatement. Nevertheless, it is a teachable moment. While it’s okay to hope that your services and vendors will do things right, you need to stay vigilant. And this should go without saying: if you can change privacy and authentication settings on a product or service, do it. If that’s not possible, perhaps you should consider finding a new vendor or service.

The easiest way to protect yourself, in my opinion, is by using a system called the “Three Ms.” The Three Ms is the centerpiece of my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, and the approach continues to be the best way to keep your personally identifiable information from being used in identity-related crimes.

And they are simple: 

  1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t oversshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.
  2. Monitor your accounts. Check your credit report religiously, keep track of your credit score, and review major accounts daily if possible. (You can check your credit report for free at Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit- and identity-monitoring program,
  3. Manage the damage. Make sure you get on top of any incursion into your identity quickly, and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.

Your Chances of “Getting Got”

Scammers pay around $30 per complete ID dossier on the black market. With 143 million packets available through the Equifax breach, that’s more than 4 billion dollars’ worth of information. Though it may not seem so at first glance, this could actually be good news for you: your chances of “getting got” decrease with an increase in available targets.

Odds aside, though, Equifax is not the first, nor will it be the last, breach of note. Being prepared and alert is still the best remedy, because breaches have become the third certainty in life—right behind death and taxes.

A final tip: check with your insurance company, financial services institution, or employer. You may already have access to identity protection and resolution services, which is your best bet when it comes time to navigate the identity theft quagmire.

Image: AIMSTOCK

The post Your Equifax Download: What You Need to Know about the Equifax Hack appeared first on Credit.com.

12 Places Your Data May Not Be Safe (And What You Can Do)

Someone could be spying on you right now and you might not even know about it.

Data compromises and the identity-related crimes that flow from them are now the third certainty in life, right behind death and taxes. That said, there is plenty you can do to stay as crime-proof as possible.

According to Risk Based Security, more than 4.2 billion records were compromised worldwide in 2016 alone. In truth, the total number of compromised records is unknowable. Here’s what you do need to know: it is a near certainty that most, if not all, of your personal identity portfolio is already “out there.”

How to Keep Your Personal Information Safe

Identity theft is a catch-as-catch-can endeavor. Where there is a will, there is almost always a way. In fact, many, if not most, of us have already been compromised either by a breach or as a result of obsessive (and excessive) overexposure on social media. Enough of our personally identifiable information (PII) is readily available on the web to make us easy targets for phishing attacks and identity-related crimes.

Thankfully, identity theft is often a crime of opportunity. All that vulnerable information still needs to be accessed, which may require more effort than your average identity thief is willing to expend. This is why it’s important to keep your data safe from those opportunistic hands.

Here’s what you need to bear in mind at every turn: It’s likely that you’re going to “get got” with PII that hasn’t been compromised . . . yet.

Though it may seem like a lost cause, you can make yourself a harder target to hit. First, you should follow the three Ms:

Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.
Monitor your accounts. Check your credit report regularly, keep track of your credit score, and review major accounts daily if possible. If you prefer a more laidback approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit and identity monitoring program.
Manage the damage. Make sure you quickly get on top of any incursion into your identity and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.

Where to Check Your PII

To minimize your exposure to identity thieves, you’ll want to evaluate places that may not be making the security of your PII a priority. Here are twelve places that may not be keeping your personal data safe.

1. Small businesses: Mom-and-pop shop owners have a lot on their plates, and managing your personal data isn’t necessarily on the front burner. Whether it’s the company that fills your oil tanks, a lawn service, or a local store where you have a tab, ask how they store your information. If they give you a vague answer, ask them to erase whatever they have—and watch them do it, if possible.
2. Children’s sports leagues: Children’s sports leagues need basic information to enroll your child, including medical contacts, names, addresses, emergency contact information, and other data points that can be used in identity-related crime. If you get a vague answer about data storage, ask them to erase whatever they have.
3. Doctors and dentists: You ever see those color-coded files sticking out of open metal cabinets at a medical provider’s office? They contain all the information needed to steal your healthcare services, compromise your financial accounts, or file fake tax returns and divert your refunds. If you see something, say something. Either way, ask your medical professionals how they store your records and request that they be stored securely.
4. Veterinarians: You might not think that your vet’s office could be a point of vulnerability. Worse yet, the possibility of data compromise may not have occurred to your vet, either. Ask how they store your data. Chances are good they will improve their methods once they understand the immediate consequence of lost business for failing to do so. If they don’t respond, ask for your file and vamoose.
5. Gyms and fitness clubs: Increasingly, fitness clubs are on the ball when it comes to data security, but you’ll still want to ask how they store your information. If they don’t have a satisfactory answer, you may want to consider looking for a different gym.
6. Educational institutions: Many people contribute to the care and education of our children. Unfortunately, not all of them are educated in the ways of cyber hygiene, which is why it matters how your child’s information is stored by these institutions. Always ask about it and request that your child’s information be stored securely. Once it no longer makes sense for a particular institution to have personal information about your children, ask that they delete their records.
7. Accountants: While bigger accounting firms are liability-minded, smaller firms and one-person operations may not be as up to date on cybersecurity best practices. In addition to having hard copies of your files, which contain extremely sensitive personal data, your accountant has to send electronic files to the IRS and other state agencies that collect your taxes. Make sure they are using secure networks and store your files securely. If they don’t, it’s in your best interest to look for a more secure accountant.
8. Lawyers: If you’re worried about the amount of sensitive data residing with your accountant, take a moment to reflect upon the sort of personal information that resides with your attorney. It’s okay to have a direct conversation about their data security practices. If there is any pushback, take your business (and your data) elsewhere.
9. Real estate agents: While they may not have a lot of your PII, real estate agents have enough for a thief to get a foothold into your mineable credit. If your agent gives you a vague answer about how they handle sensitive information, don’t give them any—or limit what you share to the bare minimum required.
10. Car dealerships: Car dealerships are focused organizations. While their employees know a great deal about closing deals, they may not know how to close the gates to ID thieves—and because they offer credit, they are in possession of the skeleton key to all your finances: your Social Security number. Make sure it’s safe. You’ll want to check with any other retailers that offer credit as well, since they will also have access to your SSN.
11. Travel agencies: In order for travel agents to do their job, they likely need your name, address, date of birth, contact info, emergency contact information, license or passport number, and credit or debit card number. You need to know how long they will keep it and how they will store it. If you are not satisfied with their explanation, cruise on over to someone else.
12. Home: Your domicile is an El Dorado of personal information, and you need to be able to protect those riches. Store all of your most-sensitive documents in a secure, fireproof location. Better yet, scan and store them in an encrypted, password-protected thumb drive.

Never forget, the ultimate guardian of the consumer is the consumer. No one cares more about the protection of your personally identifiable information and your financial security than you do.

Image: shapecharge

The post 12 Places Your Data May Not Be Safe (And What You Can Do) appeared first on Credit.com.