It’s been hard for me to read the news lately. Every “breaking” story seems to involve people being mistreated by others or the government, the weather destroying people’s homes or some other new danger.
So you can imagine how over it I was when I heard about the cyber attack on Equifax. It was massive, compromising 143 million people’s names, birth dates, addresses, Social Security numbers and drivers licenses. 143. Million. People. According to the NY Times, criminals gained access to the system from mid-May to through July. It’s the third such breach since 2015.
That’s bad enough, but to make things worse, Equifax’s recommended course of action wasn’t working. Ben emailed me on Friday to tell me his information was compromised. My information was compromised too. But it turns out everyone got the same message, even those with fake names and Social Security numbers.
So how big of a deal is this? It’s a pretty big deal. Criminals having access to your name, date of birth and Social Security number leaves you open to years of turmoil and credit headaches.
I like to focus on things I can control, and no one has any control over breaches of this nature. However, you can be proactive in mitigating the risk of cyber attacks. Here are three ways to do that.
Get a credit freeze
As of Sunday, Equifax claimed that the many website glitches we experienced were fixed. I put in my information and also Obama 123456 just to make sure. My information was compromised, but hers wasn’t.
Early on Equifax automatically disqualified you from a class action suit — at least 23 have been filed so far — if you signed up for their one free year of credit monitoring. By Sunday, they had rectified that, though I’m still not signing up for the service. It seems very likely that the per/month payment may kick in eventually, despite them Tuesday no longer requiring credit card information to sign up and waving fees to sign up for freezes. I want Equifax to profit from this as little as possible.
Instead, I’m opting for the credit freeze approach. Under this service, you sign up on the Equifax, Experian and TransUnion websites and pay a fee to set up the service (so seems like Experian and TransUnion may profit from this situation). Once you complete the process, the bureaus will only release your credit report to company’s that you already do business with. If you need new credit, you can “thaw the freeze” by using a personal identification number that each company gives you.
Ron Lieber, of the NY Times goes into more detail on the early website troubles, worrisome PIN issues and Equifax bowing to public pressure on the credit freeze fee. You should also follow him on Twitter to get highlights of some of the troubles he and his followers have been having. Also, keep in mind that a credit freeze is different from a fraud alert. So make sure you’re signing up for the right service.
Set alerts on your current credit cards
The breach also exposed some 209,000 credit card numbers, so you’ll have to keep tabs on your current credit as well. I suggest logging in to your current accounts and setting up account alerts.
You can set alerts for many things like your balance exceeding a current amount, a transaction exceeding a certain amount or transactions made without a physical card.
Our account alerts saved me and Ben a headache last month when someone used our card number to buy $100 worth of stuff at Hammond, IN gas station. I was texted and emailed right away. Within about 10 minutes the card was cancelled and we were not responsible for the purchase.
I wondered how in the world someone would have gotten that card number. We hadn’t used that particular account in forever and both Ben and I had the cards in our possession. Now I know what happened.
Keep tabs on your overall financial situation
The recent breach is reason number 1,593,301 why you need to keep regular tabs on your financial situation. I’m not saying you need to do monthly net worth or income statement reports like I do. But you should at least check in on all of your accounts once a month. You probably have accounts that you haven’t used for a long time but have kept open since that can help your credit score. If you aren’t careful, you could be liable for a portion of the fraudulent charges.
The Fair Credit Billing Act (FCBA) and the Electronic Fund Transfer Act (EFTA) provide liability protection if your cards are lost or stolen.
Under the FCBA, you’re subject to a max $50 out of pocket for unauthorized use of your credit card. You aren’t liable for anything if you report the loss before your card is used or your credit card number, but not the card, is stolen (which will likely be this scenario).
Under the EFTA, rules for lost or stolen ATM/debit cards are much stricter.
- $0 for reporting before any unauthorized charges are made
- $50 if you report the loss or theft within 2 business days
- $500 if you report the loss or theft after two business days but less than 60 calendar days after your statement is sent to you
- All money taken from the ATM/debit account (including money in accounts that are linked to your debit account), if you report more than 60 calendar days after your statement is sent to you.
So it pays to stay on top of your accounts. Or at the very least use credit cards rather than ATM/debit cards when making your transactions. You can find more tips for protecting your accounts here.
Lastly, to stay on top of your situation, you should keep track of your credit score. You can get your FICO score from many credit cards at this point (I get mine from my Discover and Citi cards). You can also get a free credit report from each bureau at www. annualcreditreport.com
I would love to hear from you if you’re running into any problems with your current credit accounts or types of identify theft due to the breach. You can reach me at the links below.