Equifax Breach: Why You Should NOT Follow Their Advice (and What To Do Instead)

The annual cost of cybercrime to the global community is more than $4 billion.      

-Mark Rutte

Concerned about the Equifax breach? Most likely it affected you, as it has most people. First and foremost, don’t panic. As a CERTIFIED FINANCIAL PLANNER™, I’m going to explain here exactly what happened, and give you my professional recommendations to protect yourself and your loved ones.

Equifax’s Major Data Breach

Equifax, the behemoth credit-reporting agency, says that 143 million American’s personal information has been breached in a major cyber-security attack this summer. The company discovered the breach on July 29th, says it occurred between mid-May and July, but didn’t announce it until September 7th. How heartening.

The breach included names, dates of birth, Social Security numbers, driver’s licenses and credit card numbers.

Equifax is offering this site to check to see if your personal information is “potentially” impacted.

I admit, when I input my data and the result came back that I had “likely been impacted” and the recommended course of action was to hire Equifax to monitor my credit, I guffawed. I figured everybody would get the same result, which means the “tool” wasn’t checking anything. But I’ve checked in with several other financial experts, and since about 1 in 5 people reports that the result they get is “not affected” I now believe that there is some credibility behind the tool.

Basically, I recommend you take the position that your data was likely affected by this breach, or will be in another breach soon.

While the Equifax data breach is vast, it isn’t unique. Criminals have been successful at accessing confidential data many times in the past, including Anthem, JPMorgan Chase, Target, Sears, and The Home Depot.

“On a scale of 1 to 10, this is a 10, and that’s because of the quality of the data … your Social Security number is the skeleton key for your identity,” said Adam Levin, founder of CyberScout, a company offering identity theft and data breach defense services.

Equifax’s stock is down 20 percent since the breach was finally made public.

The Internet’s Response? FREEZE YOUR CREDIT!

I’ve been quite surprised that most of the Internet wants you to rely on the very firm that put your data at risk to now “freeze” your credit—which puts all of the costs of this breach squarely on your shoulders.

According to NBC News, telling Equifax to freeze your credit is “the only thing that’s going to save your bacon.”


What is a Credit Freeze?

A freeze makes credit reports inaccessible to new creditors. You can still access your own records, and it has no effect on your credit score. Because new creditors want to see your credit history, a freeze means they’re unlikely to approve new requests for credit.

Most credit agencies in most states charge to freeze your credit (from $3 to $15). Once you’ve done it, your credit is locked with a PIN so nobody can access it.

When you decide you want to use your credit or the threat is gone, you’ll likely have to pay to “thaw” your credit and you’ll need to have those PINs on file for each credit agency.

Why Freezing Your Credit is a Drastic Solution

While freezing your credit does make it easier for Equifax to get itself out of this terrible situation by unilaterally denying credit requests, for most people, it’s pretty drastic, inconvenient and costly.

And it doesn’t actually solve the problem.

Not only could it cost you $40 to freeze and subsequently thaw your credit (or maybe up to $200 for a family of 5?), but it prevents you from using your own hard-earned credit reputation to borrow money when it’s appropriate to do so.

A credit freeze is a unilateral action that allows Equifax to say “no” to all requests for credit. But it also means you can’t apply for credit anywhere, get a loan to buy a car, or shop for a house without first paying and waiting to remove the freeze.

According to Consumer Reports, requesting a credit freeze is a good idea if someone has actually stolen your identity, but not if they have access to your current accounts because a credit freeze doesn’t prevent thieves from using your existing credit cards!

Use a credit freeze if you must, but definitely adopt your own monitoring techniques as well.

The Responsible Alternative—Monitoring

Just as I always recommend checking bank account transactions daily as a way to stay “in the know” about your spending, I also believe that vigilance is the best protection against identity theft and fraud.

Rather than freezing your credit, consider monitoring requests for credit and other ways criminals can use your identity to steal money. You must monitor your credit and identity yourself. Even if you use one of the credit monitoring services mentioned below, you still must remain vigilant and aware. See the list of recommended systems and habits at the bottom of this article.

LifeLock is a firm that offers credit monitoring (I have no relationship with the firm, referral or otherwise). At various membership levels and prices, they offer to detect account actions and alert you by text or email as you prefer. Then, if you become the victim of identity theft, they’ll work with you to fix the issue. Finally (though it’s probably unnecessary as most banks and credit cards already reimburse fraudulent transactions), they offer to replace stolen money, up to certain limits.

Costco offers a competing service called Complete ID.

No, it isn’t free. But is anything in life as important as security and peace of mind free these days? We live in a world enabled by technology at every turn, but it has its downsides.

Bonus—Guard all of the Identities in Your Household

Just because your kids don’t have credit cards doesn’t mean thieves can’t get a hold of their Social Security Numbers and apply for credit. Consider purchasing a credit monitoring service for the littles, too.

Other Actions to Consider Now

  • Use complex logins and passwords for all of your banks and financial institutions. I use 1Password to safeguard all of my complex passwords.
  • Shred sensitive documents, don’t put them in the trash.
  • Check with existing bank and credit card providers—some are automatically sending new cards with new numbers to affected users.
  • As I always say, check your bank account and credit card transactions daily! Look for transactions you don’t recognize and report them immediately.
  • Set up email or text alerts on all of your accounts. Personally I get an email every time a transaction over $250 occurs in my accounts. This is critical for business owners, who only have 24 hours to challenge a fraudulent ACH transfer. Personal bank accounts allow for more time, but if you own a business entity and have a business banking relationship you are subject to different rules. If you don’t catch fraud quickly, it could become permanent.
  • Make sure your contact information is updated with banks and credit card companies—most have robust fraud detection departments and will reach out by phone or text if a transaction comes in that is out of your normal protocol. Cancelling breached cards is your first line of defense.
  • Check your mail and email daily and open all of your mail. Don’t leave mail in the mailbox!

We’re now in the age where we must partner with our financial institutions to safeguard our own financial security.

Resistance…. Is futile.