Many consumers were unnerved to learn that Equifax, the giant credit-reporting corporation, suffered a data breach between mid-May and July that exposed sensitive personal information for an estimated 143 million individuals. The information obtained by hackers included Social Security numbers, dates of birth, address histories, driver’s license numbers, and legal names, all of which are often used to commit identity theft and other types of fraud.
According to the Federal Trade Commission (FTC) website, anyone with a credit report is potentially a victim. The FTC website also provides recommended steps to take in order to find out if your information was exposed, along with remedial actions you can take, including a year of free credit report monitoring from Equifax. The site also offers several practical suggestions, including closer-than-usual monitoring of your credit card and bank accounts, early tax filing, and fraud alerts on your files.
One item that is raising many consumers’ hackles is a provision in the Terms of Service for Equifax’s TrustedID credit protection program–the service currently being offered for free–that requires customers to waive their right to participate in any class-action lawsuits that might arise in the future from the use of the TrustedID service. It is important to note that this provision would not apply to claims arising from the current cybersecurity incident, according to an online statement from Equifax. Nevertheless, many consumers are wary of agreeing in advance not to sue a company that has just admitted a data breach that could cost millions.
In addition to the steps recommended on the FTC identity theft website, you should also be suspicious of emails that purport to come from Equifax. The company is directly contacting only the 209,000 customers whose credit card information may have been compromised, and they are doing this via the US Postal Service, not email. Hackers will use “phishing” emails that look like genuine communications from Equifax in order to entice consumers to click on links connecting with malicious websites. Such emails should be deleted immediately without being opened.
Other practical steps, not only now, but in general, include checking your credit report regularly at the government-authorized site: AnnualCreditReport.com. This is a good idea, not only because of the recent breach, but because it is not unusual for errors to show up on your report. In fact, a 2014 study by the FTC found that about one in four consumer credit reports contains errors. Unless you’re checking it yourself, they’ll just stay there and potentially hurt your credit. Also, don’t be hasty about closing credit card accounts, especially those that you’ve had for a long time and that are in good standing. Doing that can actually hurt your score, because it can look negative for your credit history.
For consumers who do not agree with the legal waiver included in Equifax’s free TrustedID service, there is another alternative. Experian and TransUnion, the other two major credit-reporting firms, offer consumers the ability to put an alert on their accounts for 90 days. An alert on any of the services will cover all three companies, and it is free. For more information on placing a free fraud alert on your account, see the information on the FTC website.