Equifax Data Breach - What You Should Do Next

What Happened?

  • Equifax, the credit-tracking and rating company, revealed it suffered a massive data breach on July 29th of this year
  • Approximately 143 million U.S. consumers were affected

Why Should I Be Upset?

  • Having your sensitive personal information leaked is bad enough, but Equifax failed to report the hack until Thursday, September 7th - more than a month after the breach actually occurred
  • To make matters worse, executives at Equifax sold millions of dollars in company shares in early August, which isn't at all shady
  • Equifax's response to the breach was laughable, and not in a good way:
    • Initially, the website www.equifaxsecurity2017.com/, which was created to notify consumers of the hack, had numerous problems, which made it appear as if the site was a phishing threat
    • Immediately following disclosure of the breach, security codes were displayed on the main Equifax site
    • The PIN generated when a consumer initiates a security freeze appeared not to be random but generated in such a way that hackers could still determine the consumer's identity (this has since been fixed)

What Can I Do?

  • Find out if your information was included in the breach by visiting this site created by Equifax and clicking "Potential Impact"
  • Sign up for the free 12-month credit file monitoring and identity theft protection provided by Equifax
    • Note 1: Initially, the terms and conditions of this service required anyone who enrolled to give up the right to sue the company, but Equifax has since stated that specific clause would not apply to the data breach)
    • Note 2: You do not have to sign up for the monitoring service, it's simply an option
  • Check your credit reports from the three main reporting agencies, Equifax, Experian, and TransUnion by visiting www.annualcreditreport.com.
    • You are allowed to obtain one free report annually from each of the three companies
    • There are numerous websites willing to charge you for a credit report, so make sure you use the one authorized by Federal law
  • Place a credit freeze on your files
    • You can find out more about this service by visiting the Federal Trade Commission website
    • Equifax is providing the credit freeze service free of charge, but Experian and TransUnion are charging consumers $10 - $15 for the privilege (I'll give you three guesses how I feel about paying for this service to a company that's managing my sensitive data)
  • If you don't want to lock-down your credit with a credit freeze, you can initiate a fraud alert, which allows creditors to get a copy of your credit report as long as they take steps to verify your identity
  • Review your bank and credit card statements for any transactions you don't recognize
  • Improve your passwords
    • I understand how difficult it is to remember dozens of passwords, so I recommend using a password manager, such as LastPass
    • Even better, enable two-factor authentication for your most important websites
  • When using public wi-fi networks don't visit websites that require sensitive information
    • If you must use a public network, use a virtual private network (VPN), such as VPN Unlimted, which will encrypt the traffic between you and the internet

Listening / Reading / Watching

Here's what has my attention right now:

  • I'm still working on last week's books!