ADVERTISEMENT

Q&A: What to know, what to do about Equifax data breach

How to prevent ID theft in wake of massive exposure of records

By  |  Updated: September 15, 2017

alt text

The massive data breach at Equifax announced Thursday exposed potent information for identity theft, experts said. So millions of U.S. consumers should take steps to protect themselves from having their identity hijacked to open new accounts, collect government benefits or obtain medical services.

“Unfortunately this is very rich data that thieves can use in a variety of ways,” said Eva Velazquez, CEO of the nonprofit Identity Theft Resource Center in San Diego.

Social Security numbers, birth dates, addresses and in some cases driver’s license numbers were exposed for about 143 million in the U.S., Equifax announced Thursday.

In addition, about 209,000 people’s credit card numbers were accessed, and 182,000 people’s credit dispute documents, which contained personal information. Equifax said it will notify those people by mail if they are affected.

Here are questions about the data breach and what you can do to protect yourself. The information is drawn from Equifax, the Identity Theft Resource Center, the U.S. Federal Trade Commission, and the National Consumer Law Center.

Q. Were my identifying details taken in the hack?
A. Equifax has set up a website to check whether you have been affected. Enter your last name and the last six digits of your Social Security number to find out. Initially, on Thursday, the form confused many users with responses that did not clearly say whether they were exposed. By Friday the form was modified to be more clear. People whose data was exposed are invited to return to sign up for ID theft monitoring at a future date, before Nov. 21 when the offer expires. The rolling enrollment period is to manage the volume of sign-ups and minimize delays, the company said.

Q. Equifax is offering one year of free identity theft protection. Will signing up for that keep my identity safe?
A. The service provides some protection from identity theft, but is not a complete shield. The service provides copies of your Equifax credit report and alerts you to changes in your credit file at the three main credit bureaus; Equifax, Experian and TransUnion. Such alerts can be red flags of ID theft, if applications for credit are made, or new accounts are opened, without your knowledge.

The service also monitors hacker websites for your Social Security number, as an added way of assessing your risk. It provides insurance for out-of-pocket expenses if your identity is hijacked, and locks access to your Equifax credit report for the creation of new financial accounts.

Q. Will I start getting billed for the credit monitoring at the end of the one-year free period?

A. People signing up for service now see a notice that they do not need to provide their credit card information at sign-up, and will not be billed for the credit monitoring service after the one-year period ends. 

Q. What else should I do to keep identity thieves from using my name, Social Security number and other identifying information to open accounts?
A. Experts say consider freezing your credit report at the three main reporting bureaus – whether your data was exposed in the breach or not. A three-bureau freeze blocks access to your credit file, so thieves can’t open an account and run up debts under your name. It will also be difficult for you to apply for legitimate credit, without first unlocking the report. There are charges for the freeze, which vary from state to state. Here are links to the credit report freeze at Equifax, Experian and TransUnion.

Equifax has announced it will waive charges for credit freezes for U.S. consumers during the free enrollment period for its credit monitoring services – that is, until Nov. 21. It also said on Twitter that it will refund fees people paid for Equifax credit freezes since the breach was disclosed.

TransUnion, another big-three credit bureau, offers a lock on its credit reports as part of a free service called TrueIdentity. The service requires no credit card to begin, but users face multiple attempts to upsell them into other products.  

Short of a freeze, routine measures will provide some protection, or at least inform you when ID theft has occurred. Everyone is entitled to check their full credit report from each of the big three bureaus once a year. Experts recommend to check one report every four months, to spread your monitoring effort out during the year.  Get your free reports through AnnualCreditReport.com (you can also check your credit report for free at CreditCards.com.)

You can also set up a fraud alert at the credit bureaus to alert creditors that your identifying data has been hacked. This should cause lenders to contact you to confirm any applications for credit they receive are genuine.  

Q. Will signing up for Equifax’s credit monitoring block me from getting payments from a class-action lawsuit against them?
A. Equifax has dropped the ban on legal action from the terms of use for its credit monitoring service since it announced the breach Thursday. People signing up for the company’s TrustedID service see a notice that the ban – part of what’s called an arbitration requirement – is no longer part of the terms of use. The legal language included a “class action waiver” preventing people from joining a class-action lawsuit. At least one class-action lawsuit, in Oregon, has been filed against the company on behalf of people whose information was accessed in the data breach.

However, the ban on customer lawsuits still appears on Equifax’s general Terms of Use for products purchased on its main website “and all other websites owned or operated by Equifax and its affiliates.” Consumer lawyers say this language could potentially be used to dispute people’s right to take the company to court, or to collect damages in a class-action lawsuit. As a guard against this possibility, people signing up for TrustedID credit monitoring may opt-out of Equifax’s arbitration requirement. To do so, you must send an opt-out letter within 30 days of signing up for the service. Opting out should not affect your credit monitoring service. Here are the instructions to opt out:
“To be effective, timely written notice of opt out must be delivered to Equifax Consumer Services LLC, Attn.: Arbitration Opt-Out, P.O. Box 105496, Atlanta, GA 30348, and must include Your name, address, and Equifax User ID, as well as a clear statement that You do not wish to resolve disputes with Equifax through arbitration.”

Q. Apart from opening new accounts, what else can ID thieves do with data they got?
A. Experts say to file your taxes early as a prevention from tax return fraud. ID thieves may claim to be you and file a false tax return seeking federal benefits.

Also be on the watch for medical identity theft. In this scam, thieves get medical treatment and potentially insurance benefits by using your name. The FTC has information about spotting and fighting medical identity theft here.

Time to check statements, accounts regularly
While freezing your credit reports is the strongest protection from ID theft, its scope is limited to credit fraud such as new credit cards opened in your name, or the hijacking of existing accounts with new addresses and contact information.

As data breaches become common, U.S. consumers should expect to devote more time to checking their transaction statements and protecting their accounts, Velazquez said. “It is definitely time for a national conversation about security versus convenience,” she said. 

Editor’s note: this article has been updated to reflect Equifax’s statement that it will not charge people for credit monitoring at the end of the one-year free period. The company has also stated that it will not block people from joining lawsuits against Equifax if they take advantage of the free credit monitoring. A further update reflects Equifax's statement that it will temporarily waive fees to freeze U.S. consumers' credit reports.

See related: Data breach protection: 10 tips, Equifax breach exposes data of 143 million U.S. consumers

ADVERTISEMENT
ADVERTISEMENT

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Updated: 09-25-2017

ADVERTISEMENT


Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


ADVERTISEMENT