How to Respond to the Equifax Data Breach

Print Email

Consumer credit reporting agency Equifax Inc. (NYSE: EFX) announced Thursday that as many as 143 million personally identifiable consumer records could have been stolen in a cyberattack on the company’s data store.

A number of consumer-oriented websites have suggested steps that consumers can take to protect themselves against criminal use of their data if it was released in the Equifax or any other breach.

How the Equifax attack was made has not been revealed in detail. The company said that criminals got access to its computer systems for a period from mid-May to July by exploiting a weak point in the firm’s website software. Equifax discovered the breach on July 29.

The company has set up a website where consumers can check to find out if their data were stolen, but the site appears be somewhat less helpful than Equifax claims. Read on.

The stolen data does not belong to Equifax — it’s yours and you have every right and several ways to protect it. Consumer website WalletHub offers five tips for you to keep your information secure.

Sign up for 24/7 credit monitoring. You’ll find out immediately if someone tries to open an account in your name. WalletHub has a list of credit monitoring sites that are free.

Enable two-factor authentication. Use your cell phone as another layer of protection when logging into your email account and financial websites.

A freeze is better than an alert.  If you really want to protect yourself from fraudulent borrowing, freeze your three major credit reports (Equifax, Experian and TransUnion). This prevents anyone but you from accessing them, thus making it impossible to take out a loan or line of credit. Fraud alerts actually do not do much.

Suppress fraudulent information.  While you can dispute run-of-the-mill credit report inaccuracies, if your personal information has been stolen in this case, it may be best to use a process called “suppression/blocking” to get rid of negative info resulting from the theft. In short, this makes it so the records in question can’t make reappearance after they’re initially removed.

Never respond to unsolicited requests for information.  Don’t be surprised if you receive more unsolicited calls and emails requesting personal information. Always remember: Never answer if you did not ask to be contacted.

NerdWallet’s Liz Weston reminds consumers that they need to make certain that by participating in Equifax’s credit monitoring service they are not giving up their rights to join in future lawsuits or other actions: “We haven’t seen the agreement, so we’re not sure if this is something [Equifax] will try to pull.” Weston also recommends freezing your credit reports:

Anyone who’s Social Security number has been compromised should consider freezing their credit reports at all three bureaus. That typically prevents a criminal from opening new credit accounts in their names.

Weston also notes that if you regularly open new credit card or other accounts you’ll end up paying somewhere between $3 and $10 every time you freeze or unfreeze your credit reports.

Matt Schulz, senior industry analyst at CreditCards.com, adds:

This is reason Number 10,000 to check your online bank statements and credit card statements on a regular basis, ideally weekly. … It’s easy to do, doesn’t take long and can help you spot problems before they get out of control.

When breaches like these happen, consumers need to be diligent — and not just in the short term. Just because nothing looks amiss on your bank statements or your credit report now, that doesn’t mean you haven’t been compromised. Bad guys can be very patient, so it’s important to keep an eye out long after this story fades from the headlines.

Remember that no one cares as much about your money as you do, and you are ultimately your last line of defense against fraud. Check your credit card statements and bank statements, examine your credit reports from all the bureaus, and as the saying goes, if you see something, say something. You’ll be glad you did.