By Julie Myhre-Nunes, NextAdvisor.com
If you haven’t already heard, Equifax — one of the three major credit bureaus — announced on Sept. 7 that 143 million consumers’ information was leaked in a security breach. Leaked information includes social security numbers, dates of birth, names, credit card numbers, addresses and more. As consumers, we try to believe that financial-related companies, especially a credit bureau, will store our personal information securely, so it’s pretty alarming to hear that a breach of this scale has occurred. To help you understand how far-reaching this incident is, we’re breaking down all the reasons why everyone should care about this major data breach.
The Equifax breach impacts everyone
If you’re an adult with a credit card, student loan, mortgage, personal loan, car loan or any other type of credit account, you are a victim of the breach. Although Equifax is using the term “customers” to describe impacted consumers, you should recognize that every consumer with a credit history is likely impacted — this means even those who have never signed up for an Equifax product can still be affected. That’s because Equifax is one of the three major credit bureaus (Experian and TransUnion are the others), meaning any bank or financial institution that manages your credit accounts reports your social security number, name, address and credit account information to the credit bureau to build your credit report. So, even if you’ve never done business with Equifax, you still have a relationship with the bureau and it has your personal information stored somewhere on its servers. As such, every adult should be concerned about this breach and take steps to protect their identity and credit. Additionally, since Equifax has said that the investigation is not 100% complete, there’s a chance that the original number of 143 million consumers will go up as the investigation continues, something we have often seen with other security breaches.
Equifax isn’t being upfront with everything
Since this breach is something that impacts every consumer, one would think that the company would aim to be upfront about every aspect of the breach. Unfortunately, that isn’t the case. To start, Equifax discovered the breach on July 29, but didn’t announce it to the public until Sept. 7, which means that consumers’ information was leaked and available for anyone to use from the start of the breach in mid-May until the beginning of September.
Next, Equifax claims to be helping breached consumers by providing them with free identity theft protection from TrustedID for one year. Considering TrustedID is an Equifax-owned service, it seems like Equifax may just be offering this protection to boost its bottom line. To make matters worse, TrustedID’s terms and conditions state that if you sign up for the free protection, you’ll be waiving your right to join any future class-action lawsuits, which caused some uproar, as noted on the New York State Attorney General’s Twitter page. Equifax updated the clause on Sept. 8 to say that consumers can exclude themselves from the arbitration provision if they send notification within 30 days of signing the agreement, which is still unacceptable. (Editor’s note: Equifax removed this language from the terms and conditions as a result of this uproar and stated nobody who enrolled before its removal will be subject to the original language.) Adding insult to injury, Equifax’s tool on its website to help you determine whether or not you’re impacted by the breach doesn’t even work — three NextAdvisor employees were merely given a date that they can enroll for TrustedID, even though it promises to give you a definite answer and cybersecurity expert Brian Krebs received the same result after he plugged in a fake social security number and name. Other reporters have noted discrepancies in the results they get depending on whether they’re utilizing the tool from a mobile phone or a computer browser.
Your leaked information cannot be changed
The Equifax breach is a new breed of data breaches, as it’s the first time a breach of so much personal identifying information has occurred. While experts are saying it’s the third-largest breach ever disclosed to the public, you should know that the information leaked in this breach is much more valuable than the two Yahoo breaches that hold the No. 1 and 2 spots. In those breaches and most other data breaches in the past, we’ve seen a leak of names, email addresses, phone numbers and maybe even credit card numbers, which is all information that can’t really do much damage to your identity, relatively speaking. On the other hand, the Equifax breach revealed people’s social security numbers, birth dates, addresses, names, driver’s licenses (in some cases) and credit card numbers (in some cases). As you probably already know, most of this information is unchangeable, as there’s no way you can change your date of birth or social security number. In fact, all of the revealed information is all someone would need to open a credit card in your name, which is something you should be concerned about.
There isn’t really a way to protect yourself
While Equifax is pushing identity theft protection through TrustedID, which we believe is to boost the business’ bottom line, as explained above, this one year of identity theft protection is likely not enough. As we noted above, this breach revealed information, like your social security number and date of birth, that cannot be changed. This means that the information leaked from this breach will never get outdated, allowing someone to steal your identity now or 10 years down the line — something one year of identity theft protection can’t fix. In fact, this leaked information is something that breach victims will likely have to worry about for the rest of their lives. As such, there’s, sadly, not really anything you can to do protect yourself in the long-run. That said, there are some things you can do now and continue to do in the years to come:
Monitor your credit. Whether you’re checking it for the first time or the 30th, monitoring your credit is one of the most effective ways to protect your credit after a major breach like this. You can check your credit reports for free every 12 months through AnnualCreditReport.com, but you should be checking them more than once every year since identity theft can happen at any time. If you want a reactive way to protect your credit, you may want to consider a credit report monitoring service. These services actively monitor your credit reports and alert you if something is added or changed, or if a new account appears on your reports. If you choose a service that monitors all three of your credit reports, which you should, you can make sure that you stay in the know with your credit as a whole and are able to take action as soon as a fraudulent account appears on your credit reports. As noted above, Equifax is offering these services through TrustedID, but considering the arbitration clause included in the terms and conditions, it’s probably best for you to choose another non-affiliated service. If you’re not sure which services you can trust, check out our reviews of the best credit monitoring services to find a service that may fit your needs. While these services come with monthly or annual fees, most of them have free trials or money-back guarantees that allow you to test out the service for free, and you won’t be expected to put your trust in the same company that just betrayed it. Keep in mind that if you sign up for a credit report monitoring service, it’s probably something you’ll want to keep for a long time.
Consider a credit freeze. While credit report monitoring services will protect your credit reports by allowing you to take immediate action when potential fraud is spotted, there is a way for you to take a proactive approach to protecting your credit by placing a credit freeze — it’s actually something I’ve been using to protect my credit since I fell victim to tax identity theft in 2016. When you place a credit freeze on your credit reports, you’re essentially locking them, meaning no new accounts can be opened in your name (by you or anyone else) and your credit reports cannot be viewed by any potential creditor. This means if you’re applying for a credit card or trying to get a new apartment in the near future, you’ll need to unfreeze your credit before doing so — you can refreeze it afterward. The major downside of credit freezes is that most states require you to pay to freeze your credit reports — for example, I live in California and it costs me $10 per bureau ($30 total) every time I refreeze my credit. That said, credit freezes can help provide some peace of mind because you will know that your credit reports are untouchable. Because credit freezes can be somewhat complicated, we suggest you take a look at our guide to credit freezes or visit the FTC’s website to learn more. It should also be noted that fraud alertsare also an option, but since they heavily depend on each bank or financial institution to do its due-diligence and alert you of any new credit application, fraud alerts aren’t the most reliable solution.
Report identity theft immediately. Identity theft is a crime, which means it should be reported as soon as its spotted, like any other crime. While identity theft victims may feel shame or embarrassment, they should still make sure they report the crime. Not sure how? This blog post details every step you need to take.
The Equifax breach may impact the future of credit
Currently, our whole credit lives are based around our social security numbers, birth dates, names and addresses. Now that millions of people’s social security numbers are available to essentially anyone who knows where to find them, it may not be the best idea for creditors and credit bureaus to continue to use social security numbers as a main source of identification. While this practice may not change in the near future, it’s possible that we will see it develop over time, especially if the number of identity theft victimsdramatically increases after the Equifax breach. For now, consumers can only take actions to protect themselves as best they can and hope that a more secure solution will come in the future.
As far as data breaches are concerned, Equifax is taking the cake for one of the worst thus far, at least in our opinion. The company is not only handling the breach poorly, but it is also seemingly trying to boost its business while claiming it’s trying to protect consumers. If you think you may have been exposed in this breach (spoiler: you likely were), it’s wise to take some steps to protect your credit and read anything you receive from Equifax carefully, as the bureau has proven it can’t be trusted at face value. Keep up with our identity theft protection blog to learn more about how you can protect your identity, and follow our Equifax breach blog to stay in the know with any breaking news as it relates to this breach.
This blog post originally appeared on NextAdvisor.com.