Last week, members of Congress grilled the former CEO of Equifax, Richard Smith, over the complete mishandling of the company's massive data breach.
“How does this happen when so much is at stake? I don’t think we can pass a law that can fix stupid,” Rep. Greg Walde said during a House subcommittee hearing.
Maybe not. But to refresh your memory, here’s what happened:
July 29: Equifax discovers another breach, which compromises the personal data of more than 143 million people. The breach occurred mostly in the U.S., but also in the U.K. and Canada.
Aug. 2: Three prominent executives, including the company’s CFO, unload personal Equifax shares valued at $1.8 million total.
Sept. 7: Equifax finally informs the public about the data breach. Forty-one days after it was discovered, Smith says “we must do better” in a pre-taped video posted to the site.
Sept. 7: In a feeble attempt to help those impacted, Equifax offers an online service to check whether your personal data may have been compromised. This, ironically, requires people to input even more personal information for answers. But the results aren’t clear, nor do they appear credible or tested:
Adding insult to injury, Equifax offers consumers one year of free credit monitoring protection. But the initial legalese forces registrants to opt out of any future class action to sue the company for damages:
That didn’t make the New York Attorney General very happy:
The language has since been removed.
Oct. 3: Equifax revises the number of data files hacked upwards by 2.5 million, from 143 to 145.5 million.
Worst crisis response, ever
And before you think, “How dare they treat their customers this way,” remember that the majority of us impacted weren’t Equifax’s direct customers.
Just like the other two credit reporting agencies TransUnion and Experian, Equifax is in the business of selling our personal data to financial companies, banks, lenders, and insurers. These companies can decide whether to give us credit cards, loans, utility services, and insurance products.
But any company that is happy to sell our data should be just as careful in protecting it, and Equifax clearly wasn’t.
I’m talking about the very data accessed in the breach, better known as the holy grail of personal info: an applicant’s name, address, social security number, and driver’s license information.
How to protect yourself long after the Equifax data breach
You must be vigilant. Not just now, but also in the months and years ahead. Here are six ways to protect yourself:
1. Review your credit card statements and account transactions
We have a habit of overlooking transactions and skipping statements, but it’s more important than ever to ensure that you recognize each purchase transaction or credit inquiry.
The Equifax hack left wide open opportunities for synthetic fraud, where hackers create realistic-looking accounts using a combination of two to three identities. They then use the new IDs to pay for everything from online goods to medical services rendered.
It’s important to use services that can offer a quick spending summary of your daily, weekly, and monthly purchases (yeah, shameless plug, but we'd be remiss if we didn't mention how Clarity Money can help you with this).
2. Sign up for credit monitoring and credit alerts
Services such as LifeLock can alert you when new credit inquiries or applications are submitted using your personal information.
You may also wish to enroll in services from Clarity Money (yep, we can help with this, too), Credit Karma, or Credit Sesame, that regularly check your credit score and alert you of any significant changes.
Your bank may also offer such credit monitoring and alert services. That way, if a new credit application has been submitted in your name, or if you spot unusual credit activity, you’ll know sooner than later.
3. Beef up your online security
Where possible across your online accounts, setup two-step authorization. Create even more secure passwords, and setup more complex identifying questions that go beyond your mother’s maiden name or the street where you grew up.
4. Monitor your Social Security benefit account or paperwork
If you have loved ones who are currently receiving Social Security benefits, remind them to report if even one payment goes missing. Furthermore, retain all documentation you receive from the Social Security Administration. If you do end up needing to prove your identity, you'll have the paperwork in place.
According to The Motley Fool, “That latter piece of advice is just as important if you're not yet collecting benefits. In fact, it's perhaps even more important, because if you're not regularly receiving income from Social Security, you'll have less of an indication that something is amiss than someone who clearly does receive a benefits payment.”
5. File your taxes as early as you can
According to Business Insider, "The IRS is cracking down on tax fraud, but there could be an uptick after the Equifax breach. Get your tax information organized early, and submit your return as soon as you receive your W-2 and 1099 forms. Added benefit: If you're due a refund, you'll get it sooner, and if you owe taxes, the amount isn't due until April 15 regardless of when you submit your return."
6. Consider fraud alerts and credit freezes
If you don’t plan on opening any credit applications or applying for loans in the short-term (the next three to five years), then you may consider freezing your credit files with each bureau.
That said, freezing your credit after the Equifax breach won’t protect you as much as simply being vigilant about your transactions and new credit applications.
In fact, a credit freeze protects only against new accounts being opened in your name, which at 4% is one of the rarest types of identity theft out there, according to recent Bureau of Justice Statistics data.
Time will tell how significant the Equifax breach’s effects will impact consumers.
But if you regularly monitor your accounts and credit activity, you can spot trouble early and avoid financial damage.