One of the largest data breaches in history has left 143 million people wondering if their personal data has been exposed to hackers . For now, Equifax will not tell you explicitly if you were one of the victims, and in 99.99 percent of cases you will not be notified by direct mail. But, if you’re concerned that you’ve become vulnerable to identity theft due to hacking, this guide is for you.
First things first: What happened?
Equifax, one of the largest credit reporting agencies in the United States, said on Thursday its database was hacked, affecting about 143 million accounts. That information included social security numbers, residence addresses, credit card numbers, driver’s license numbers, and dates of birth. The company estimates that the data of 143 million people were exposed, which is equivalent to approximately half of the population of the United States. That means that the chances of you being affected are quite high.
Although Equifax established a program to help people protect their potentially exposed data, it could not give everyone the complete assurance that their identity would remain secure. Here are the reasons:
The Equifax program does not tell you explicitly if your data was part of the hack. The company only makes it clear to those who were not exposed. That is confusing. (We contacted Equifax to request a comment, but we have not heard).
- The hacking could have started mid-May 2017. That means that data for 143 million people were exposed for more than three months. It is not clear what the hackers did with those data during those months.
- Those wishing to be cautious about protecting their identity may have to wait a week before they officially enroll in Equifax’s protection program.
- You do not have to wait to enroll in the Equifax program to start protecting yourself from hacking . This is what you can do.
Step 1: Sign up for the Equifax program
Equifax’s identity protection program is not perfect, but it will help ensure that you are using all available resources to protect your identity. Please note that even if the registration tool indicates that you were not exposed, you are still eligible for a free one-year subscription to Equifax Protection Services. (Not a bad idea given the frequency of these security breaches).
The language in the terms of service for the Equifax program, Trusted ID, has raised concerns that enrollment in the program prevents consumers from participating in a class action lawsuit. CNET is studying this and we are asking for more information from Equifax. We will update this article when we know more.
Step 2: Check your credit report
More than three months passed between the time the hacking could have started and now. We are not sure if the data of those affected were used maliciously during that period, so consider looking at your credit reports any suspicious activity. The federal government guarantees everyone a free annual credit report from the top three agencies – yes, including Experian. You can get those reports here .
When reviewing your credit reports, take a good look at new accounts that you have not opened, late payments on debts you do not recognize and any other activity that seems unknown.
If you suspect someone used your identity to open credit cards, take out a loan, or re-open closed accounts, contact your credit card company’s fraud department immediately. You are not responsible for charges made on a fraudulent card, but you have to report the problem in a timely manner. Once you have reported the fraudulent credit, follow this guide to recover from identity theft.
Step 3: Freeze your credit
It’s still early, so even if your credit report is clean, do not lower your guard as far as protecting your credit. One of the most reliable ways to prevent someone from opening credit cards in your name is to place what is called a “credit freeze.”
When you freeze your credit, you (or anyone who uses your identity) will have to “unfreeze” the account by providing the PIN you received at the time of freezing your credit.
To freeze your credit, contact each of the credit bureaus using these phone numbers:
The process is usually automated and can be completed in a few minutes. Just make sure you write down your PINs in a safe place.
Step 4: Set up a fraud alert
A fraud alert is another way to make it difficult for identity thieves to open accounts to your name. When a fraud alert is established, credit card companies must verify your identity before opening an account. That, combined with the credit freeze, is a great way to keep your credit secure.
To establish a fraud alert, contact one of the credit card agencies and request an initial fraud alert. Once the alert is established, it will last 90 days. After that, you will have to renew it. Here are the appropriate phone numbers for the offices (remember, just call one of them):
Step 5: Repeat the process with your loved ones
Because Equifax does not notify those affected by direct mail or email, some people will be left without the resources or know-how to protect their identities or find out if they were compromised. With this in mind, consider helping your loved ones – especially the elderly who do not have access to a computer – by taking advantage of the steps above.
Keep Eye On Tax Season
It is still early to know if the data exposed will be misused, but a major concern will come during the tax season. Identity thieves can use stolen social security numbers to file fraudulent tax returns and receive rebates.
Many victims find that they have been targeted for tax fraud when they try to file their taxes. The US tax office (IRS) has a practical guide to avoiding tax fraud. You can find more information on this link.