The Equifax Breach and the Age of Big Data

hack

Key Takeaway: The Equifax breach exposed the risks of big data; the reality is that we do not control our own identities anymore. But you can take steps to be an advocate for the protection of your identity.

About 143 million people potentially had their personal data stolen in the Equifax security breach. While it was announced only last week, the actual theft of our data occurred over two months ago. So, by now, it is probably right for all of us to feel a little uneasy that the bad guys have a running head start. Yet this is not the first—nor will it be the last—loss of personal information. In this new world of big data, everything about us is floating around whether we like it or not. It is time to take steps to fix your exposure if you haven’t already.

In the Next Week

It has been widely reported that you can check to see if you were a victim of the Equifax breach through their website (note, you must give them the last six digits of your Social Security number). Equifax is also offering a one-year enrollment in their credit monitoring service, TrustedID Premier, at no cost to all U.S. consumers, whether you were affected by this breach or not. Initially, in accepting this service you would waive your legal rights to be part of a class-action lawsuit, but Equifax has announced that they have deleted the language for this cybersecurity incident from their terms of use.

While credit monitoring is helpful, it really doesn’t take care of the long-term problem that our data is out there and thieves can sit on it for years before using it. Thus consider the following steps this week:

1. Credit reports: Check your credit reports, and create a habit of doing so. All of us have a right to one free credit report per year, per credit reporting agency. You can get your reports on annualcreditreport.com (note, other websites purporting to be free may not be). Since you get only one free report per year from each of the three agencies (TransUnion, Equifax, and Experian), consider ordering just one of them every four months. Since most credit issues are reported to all the agencies, this method gives you a more consistent way to continually check your credit instead of waiting for 12 months to expire.

2. Fraud alert: A fraud alert can be placed on your credit by contacting one of the agencies (see contact information below). Once you place an alert on your account with one agency, they must tell the other agencies, which will then place an alert on your account with them. Alerts last for 90 days (up to seven years if you can show your identity has already been stolen), so you do need to stay on top of this.

3. Credit freeze: If monitoring your credit is good, credit freezes might be better. This option literally freezes your credit at the three agencies. This means someone trying to open credit in your name would have to unfreeze it first (with a PIN given only to you). In Minnesota, you can freeze your credit at any of the agencies for $5 each (or for free if you have a case number from a police department showing that you reported identity theft).

Experian:experian.com/freeze; 888-397-3742
Equifax:freeze.equifax.com; 800-685-1111
TransUnion:transunion.com/securityfreeze; 800-680-7289

Note that some administrative work is involved with credit freezes. Every time someone needs access to your credit (e.g., your insurance agent needs to renew your policy), you will need to unfreeze your report for them, then go back and freeze it again.

4. Electronic versus paper: We are hearing about identity theft via electronic means in the news, but it can happen in paper form just as easily. Thieves steal from mailboxes, homes, cars, and purses all the time. We all get prescreened credit opportunities in the mail, which can be stolen from our mailboxes. Opting out of these offers can at least reduce some potential. Opt out online or by calling 888-567-8688.

Longer-Term Habits

Outside of this week, there are other steps you should be taking to stay on top of identity theft. While it can take a bit of work to retrain yourself, making these steps a part of your routine can help protect your identity:

1. Use a password manager: We’ve all chuckled at the stories about people who use “password” or “123456” as their passwords. But if you use the same password across even two websites, you are inviting problems, particularly if one of those sites gets hacked. Password managers allow you to keep one strong password that gets you in the manager program while the program manages all of your other passwords, even generating strong passwords for each site you are on.

2. Check your statements: Identity thieves like to test the system to see if you are paying attention. For example, they often charge very small amounts to your credit card, and if you don’t notice, they charge larger amounts. The days of ignoring your monthly statement are over. In fact, consider checking your credit card, bank, and brokerage accounts weekly (daily even) to make sure someone isn’t tampering with them.

3. Consider an identity theft endorsement: When thinking of identity theft, consider that it comes in other forms other than just someone stealing your credit. For example, someone could commit a crime and use your identity. Dealing with these types of identity theft can take time and money. For this reason, talk to your property/casualty agent about whether you should have an identity theft endorsement added to your homeowner’s policy. Typically, these endorsements will cover expenses such as attorney’s fees, some lost wages, notary costs, and certain fees needed to get your identity back. They do not cover the actual loss of property, though.

Finally, it should be noted that incidents like the Equifax breach create opportunities for other scammers. So be careful about clicking on emails that supposedly come from Equifax. They will contact you by mail if they need anything (this goes for the IRS and most other governmental agencies as well). If you do think you have been a victim of identity theft, go to the Federal Trade Commission’s website to report and start a recovery plan. This website is particularly useful—it has already been updated with the Equifax breach.

In this new age of big data, our personal information is no longer ours. It is no longer possible to ignore this point and believe that we are not participating in this new economy. Just like you should be an advocate for your care with your doctor, you now need to be an advocate for the care of your identity.

he opinion of the author is subject to change without notice and must be considered in conjunction with relevant regulation, as well as subsequent changes in the marketplace. Any information from outside resources has been deemed to be reliable but has not necessarily been verified. Each individual has unique circumstances to which this information may or may not be relevant. Under no circumstances will this information constitute an offer to buy or sell and it does not indicate strategy suitability for any particular investor.