BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Trump Stock (DJT) Is Overvalued-But You Might Be Crazy To Short It
Q1 Had Market Surprises, But Biggest One May Not Yet Have Arrived...
Indices Have All Their Eggs In One Basket That May Soon Tumble & Crack
AI is Red Hot: Will Investors Get Burned On Nvidia And Super Micro?
When Is Executive Compensation Excessive? Elon Musk and Beyond
Financial Markets Teeter On Rate Cut & Inflation Uncertainty
Edit Story
ForbesMoneyPersonal Finance
Editors' Pick

Equifax Breach Impacts 143 Million Americans: How To Protect Yourself

Nick Clements
Former Contributor
Opinions expressed by Forbes Contributors are their own.
This article is more than 6 years old.

Yesterday, Equifax announced a security breach that impacted 143 million Americans. A company that sells identity protection services has become the victim of a breach that is unprecedented in both size (half the country) and scope (the type of information that was stolen).

In this post, I will explain:

  1. How to determine if you have been impacted
  2. The risk from this breach
  3. How to protect yourself
  4. Why Equifax's remedy will not provide sufficient protection

Have I Been Impacted? 

Given the number of records exposed, it is highly likely that your information has been exposed. There is a quick way to find out. Visit www.equifaxsecurity2017.com and input your last name and the last six digits of your Social Security Number. You can determine if you have been impacted. I was impacted - and here is the message I received:

Equifax

How Big A Risk Is The Breach? 

There is no disguising the severity of the information that was stolen: this is about as bad as it gets. The fraudsters were able to obtain social security numbers, dates of birth, addresses and - in some cases - drivers license numbers and even credit card numbers.

Once a fraudster has a social security number, date of birth and address - it becomes much easier for the fraudster to open new credit accounts. Even worse, the social security number can be sold and used in other high risk scenarios - including for medical debt.

Equifax has stated that it "has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases." But that should not provide reassurance. Consumers should assume that the data will eventually be used - and it could be used years into the future. 

How To Protect Yourself

Everyone should have a strategy for:

  • Prevention: make it difficult for fraudsters to open a new account
  • Early detection: find out as soon as possible if a fraudster is trying to open a new account
  • Resolution: if your information is stolen, have a plan to dispute and close unauthorized accounts

Prevention

If you have been impacted by the breach, your data has already been exposed. You could consider a credit freeze. If you don't plan on opening any credit cards or mortgages in the near future, a credit freeze could be a good idea. You can learn how to freeze your credit report here.

Detection

If a fraudster tries to open a new account on any of your credit bureaus, you should be notified immediately. You can get free credit monitoring from sites like CreditKarma. If you have been a victim of the Equifax breach, you will get free 3-bureau monitoring for a year. If you haven't been a victim, you could pay for 3-bureau monitoring from one of the credit bureaus or FICO.

Resolution

If you have been a victim of identity theft, it can take a lot of work to get the issue resolved. The federal government has a helpful (although intimidating) checklist at IdentityTheft.gov. If you pay for 3-bureau monitoring, you will probably have resolution services included. Typically that means you will provide a power of attorney and let the resolution service handle the dispute and legal processes. A resolution service is like an insurance policy: you pay now so that you can get help from a team of experts if your identity is compromised.

Beware Equifax's Response - Detection (For One Year, In A Few Days) Without Resolution

If your information has been exposed as a result of the breach, Equifax is offering one year of TrustID Premier. This product includes "credit file monitoring and identity theft protection product." So, if a fraudster uses the exposed information to open a fraudulent account - you will be notified. However, you are on your own to resolve the issue, because resolution services are not being provided. In addition, the service is only provided for one year. Your social security number does not expire - so the long-term risk is real and one year is not sufficient to protect yourself.

When people sign up via the Equifax website, they are given a date (in the future) when they can come back to sign up. When I was notified that my information was exposed, I was told to come back to the website on September 12th. Clearly Equifax is not ready to handle the demand for protection. Not the best consumer experience.

Worst of all, when you sign up for the "free" protection, you are waiving your right to sue Equifax for the breach and instead agree to binding arbitration. So sign up for this at your own risk. It would probably be better to pay for a service from someone like FICO - and maintain your right to litigate.

Your Personal Data Is At Risk - The New Normal

A data breach of this size was inevitable. As consumers, we just have to accept that there is no way to prevent identity theft. That means we need to focus on early detection and fast resolution. However, the inevitability of sophisticated fraudsters is no excuse for a breach of this size. Data security will make or break brands in the future - as Experian will now learn.

Nick Clements
Nick Clements