Being first is usually thought of as a good thing. Except when it’s not.
Take the recent Equifax data breach, for example. It’s the first of its kind in many ways—not the least of which is its overall impact on the average American—but in no way is this a good thing.
Unless you have been spending time with Gilligan and his fellow castaways lately, you have by now heard of the massive Equifax data breach. While we will undoubtedly learn more about this incident in the coming months, as it now stands over 143 million records may have been compromised. This means that the names, Social Security Numbers, addresses and, in some instances, driver’s license numbers of almost every American adult have been laid bare.
This is a big deal.
If credit card numbers are compromised, they can be changed. The same is not true for your birth date or SSN. Putting that aside for a minute, this means that should your identity be compromised, proving you are who you say you are will be very difficult going forward.
In order to help you, we have compiled a list of actions you can—and should—undertake immediately to protect yourself and your family. We highly recommend that everyone follow these steps. It is additional work, but it could potentially save you years of headaches if your information is ever used against you.
Six steps to staying safe from the Equifax Hack
- Obtain your credit report immediately. If you have not requested your free report this year, you are entitled to it. You can use this to track any changes post-Equifax breach
- Sign up for free credit monitoring as part of the breach.
- Get a security freeze with every credit bureau. This is your best bet at protecting yourself. Pro tip: Brian Krebs has a great guide.Security freezes have been around for years—I personally have leveraged it in the past. While there are minor charges associated with freezing/unfreezing your credit (fees are decided on a state-by-state basis) it’s money well spent. You can also request freezes on your children’s accounts—they may not have been impacted by the incident, but better safe than sorry.Luckily, it’s all a simple phone call. Unluckily, since our financial systems revolve around credit, you’ll need to unfreeze it before you buy a car, house, or perform any other credit check-based function.For easy reference, here are the numbers to call. Make sure you call all three.
- TransUnion: 1-888-909-8872
- Equifax: 1-800-349-9960
- Experian: 1-888-397-3742
- Monitor your financial accounts and change any shared passwords—especially if you have an online account with Equifax. As always, if your accounts offer two-factor authentication, you should have it enabled.
- Up your social engineering awareness game. Now that all of your information is in the open, experts are expecting an uptick in social engineering attacks, including phishing emails, texts, and calls.
- File your taxes immediately from here on out. With your credit frozen your biggest risk of direct impact is going to come from a fraudulent tax return.Unfortunately, the IRS only requests your SSN to verify your identity—which is now out in the open. If somebody files with your SSN, you will be locked out from filing yourself. This is a common financial attack. Keep in mind that the IRS will never ask for your personal information on the phone—if someone calls you from the IRS, hang up and call your local office to verify any request. To be proactive, you can register with the IRS for additional protection.
Don’t stop now …
Finally, there are a few additional steps you can take to further protect yourself in the unfortunate event that your identity is stolen. For example, if you only have a copy of your birth certificate, look up your County of Birth’s rules on requesting a new one and keep it safe. This will help prove that you are… well… “you” if you are handling fraud. Likewise, if you don’t have a passport, consider getting one. Having both of these can help you get out of a bad situation if you need to prove that you are who you say you are.
SANS recently gave a webinar that covered some of these steps, along with information about the data breach. In the event you missed it, you can listen to the recorded version at your convenience. (We recommend sooner rather than later.)
We hope you find these tips helpful. We want to make sure everyone is safe.
It’s what we do.