Ideas & Insights

Equifax Data Breach: Five Steps to Keep Your Data Safe

Equifax Data Breach: Five Steps to Keep Your Data Safe

By Andy Loong
Chief Information Security Officer 
San Francisco Office

As one of the nation’s leading CPA and Advisory Services firms, MGO is often asked to address questions surrounding the security of our client’s financial data. The recent Equifax data breach was no exception. This article offers a number of data security best practices that companies and individuals can take to keep their clients safe.

In the fall out from the hack, Equifax is facing several lawsuits, received a massive stock price hit, and faces scrutiny from numerous state and federal investigators. Industry analysts believe that Equifax was neglectful in safeguarding consumer data and chose to save money rather than execute protective technology solutions.

Recapping the Equifax Data Breach

On July 29, 2017, the IT security team at Equifax, one of the country’s three foremost credit reporting organizations, observed suspicious traffic associated with a portal web application. The following day, additional suspicious activity was observed, motivating Equifax to take the application offline to apply a patch. Equifax then hired an independent cybersecurity firm to research the hack and its consequences.

Over a month later, Equifax publicly released estimates of the damage:

  • The personal information of 143 million U.S. consumers was exposed, including names, Social Security numbers, birth dates, addresses, and driver’s license numbers.
  • Credit card numbers for approximately 209,000 U.S. consumers were exposed.
  • Personal identifying information for approximately 182,000 U.S. consumers was exposed.
  • Limited personal information for certain U.K. and Canadian residents was also exposed.

Public outcry followed in the wake of the announcement and the leaders of Equifax’s IT department have summarily “retired.” Meanwhile, up to one third of all Americans are scrambling to determine whether their information was compromised, and what they can do now.

Following are some steps U.S. consumers can take to see if they were affected and how they can protect their vital personal and financial information.

Step 1: Find Out If You Were a Victim

Firstly, it is important to determine if any of your information was exposed or has been manipulated. You can do this by entering your last name and the last six digits of your Social Security number at Equifax’s website. The site will tell you if you’ve been affected by the data breach.

Step 2: Enroll in Credit Monitoring & Identity Theft Protection Service

Equifax is offering a free year of their Credit Monitoring & Identity Theft Protection Service for affected consumers. You can enroll at the Equifax website. The enrollment period ends on Tuesday, November 21, 2017. Some features of this service:

  • 3 Bureau Credit Monitoring
  • Equifax Credit Report
  • Credit Report Lock
  • $1MM Identity Theft Insurance
  • Social Security Number Scanning

However, there is a catch as always – By enrolling, users may waive their right to take part in a class action lawsuit against Equifax at a later date.

Step 3: Review & Compare your Credit Reports with other Credit Organizations

For the next several months it is wise to keep a close eye on your Equifax credit report and compare it with other nationwide credit company reports. You are eligible for a free credit report every 12 months from the other two major consumer reporting companies — Experian and TransUnion. You can request a copy from AnnualCreditReport.com.

You can also sign up for a free account on creditkarma.com. It is a user-friendly website that monitors suspicious activity on your account and sends instant alerts. Their credit score monitoring system is partnered with TransUnion and also provides insights on how you can improve your credit score.

Step 4: A Credit Freeze Might Be a Way Out

Krebson Security, a popular security expert, recommends placing a credit freeze on your accounts. A credit freeze will block anyone from opening a new line of credit in your name, unless they know a PIN number you specify. This also makes it more difficult for someone using your identity to take out loans in your name. However, a credit freeze does not protect from manipulation to existing accounts.

You will have to freeze all your major credit report with multiple organizations — Equifax, Experian, Credit Karma and TransUnion. A credit freeze usually requires a small fee but Equifax has removed its fee for the next 30 days.

Step 5: Monitor your Accounts Daily

For the immediate future it would be wise to add an account check to your daily to-do list. Activities during this period can include:

  • Manual check of bank accounts, statements, and credit reports
  • Flag unknown inquiries on your credit report
  • Set up alerts on purchases above $100
  • File your taxes as soon as the tax season starts next year.

Setting up fraud alerts on your credit accounts, will require creditors to verify your identity before opening a new credit card or increasing your credit line.

Lastly, following good security practices and being aware of your online activities should be a priority. As always, do not share confidential passwords or login credentials to your email ID. To avoid ransomware do not open unknown links or download software from unknown websites.

For more information on steps you can take to further protect your personal and financial information, look for regular updates on the Federal Trade Commission’s Lost or Stolen page.