The Equifax breach: steps to protect yourself
Equifax suffered one of the worst data breaches in modern American history. As one of the three major nationwide credit reporting agencies, Equifax maintains sensitive data on most American adults. If you or your family has any sort of credit history, it is likely that you are affected by this breach. Equifax’s databases contain an exhaustive list of consumer’s names, Social Security numbers, birth dates, and more. The National Consumer Law Center (“NCLC”) has released some helpful guidance to minimize risks associated with this breach. Here at The Sarrett Law Firm we want to make sure consumers are aware of the risks arising from this breach and how best to protect yourself and your family from identity theft.
The guidance from the NCLC is summarized in this blog post.
Determining whether you are at risk
The safest way to approach this situation is to assume you are affected and take all reasonable precautions detailed below. Equifax created a website that will advise if you may be impacted by the breach. The website is https://www.equifaxsecurity2017.com/. To use the Equifax site, click on “Potential Impact” at the top of the page and enter the last six numbers of your Social Security number and last name. Most consumers will receive a response advising that they may have been impacted. You do not need to enroll in “TrustedID Premier,” an Equifax credit monitoring service, as part of accessing the “risk estimate.”
- “New account” identity theft: The NCLC explains that this type of identity theft occurs when a hacker creates new credit lines in the consumer’s name. This type of theft frequently ends with a determination that the victimized consumer is not liable; however, the dispute process is cumbersome and tedious. In addition, the consumer may be subject to debt collection calls and other harassment.
- Threat of hacked existing accounts: Depending on what kind of and how much information the hackers got their hands on, it is possible they could access a consumer’s existing accounts and direct future action for those accounts.
- Tax Fraud: If hackers obtained a consumer’s Social Security number and other identifying information, it is possible for an identity thief to file a tax return in the consumer’s name, while ensuring the refund goes to an account owned by the thief, usually through a prepaid card.
Ways to prevent identity theft
- Credit Freeze: This is the most drastic measure you may take to prevent an identity thief from opening new accounts. A freeze prevents future creditors from accessing your credit score to lend, rent an apartment, start a new insurance policy, etc. The only way for prospective creditors to access the credit score is through a “thawing” process, in which the consumer will verify that it is indeed them associating with this new creditor. New creditors will not take actions with a consumer unless they can access their credit score, thereby preventing identity thieves from opening new accounts or borrowing money in a consumer’s name. A credit freeze will not affect a consumer’s credit score or affect their relationship with current creditors, it will only prevent future creditors from lending money or opening new accounts in the consumer’s name.
- Fraud Alert: A fraud alert is a less drastic version of the credit freeze. A fraud alert will put possible creditors on notice that the consumer may have been affected by identity theft. Ideally, the potential creditor would then take necessary steps to ensure they are dealing with the actual consumer and not an identity thief by contacting the consumer. The downside to the fraud alert is that it relies on a possible creditor’s diligence in verifying who they are dealing with, unlike with a credit freeze where the possible creditor is automatically blocked from viewing the consumer’s credit score. There are three types of fraud alerts:
- An initial fraud alert works for 90 days and is renewable. The following link provides instructions for placing an initial fraud alert on your credit reports: https://www.consumer.ftc.gov/articles/0275-place-fraud-alert%20/
- An extended fraud alert stays in place for seven years and requires the consumer to file an identity theft report. Guidance for placing an extended fraud alert on your credit files is available at the following link: https://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes
- An active duty military alert is for active duty military personnel and lasts for one year. Instructions for placing an active duty military alert on your credit files are available at https://www.consumer.ftc.gov/articles/0273-active-duty-alerts
- Credit Monitoring Services: Unlike a credit freeze or a fraud alert, credit monitoring is a service which must be paid for by the consumer. Credit monitoring will keep track of any new accounts opened in the consumer’s name. The NCLC recommends that a consumer simply monitor themselves through https://www.annualcreditreport.com/ and avoid the costs associated with paying for third-party credit monitoring.
The full NCLC article is available at https://library.nclc.org/key-steps-minimize-risk-after-equifax-data-breach. If you have an issue with identity theft or an inaccurate credit or background report, please do not hesitate to contact The Sarrett Law Firm. Thank you to my intern, Kadian Carter, who is largely responsible for drafting this post!