They say there is no such thing as bad publicity. Equifax disagrees. In one the largest breaches ever, some 143 million users had their information compromised. Personally identifiable information (PII) such as Social Security numbers, birth dates, and full names are now in the hands of criminals, who will undoubtedly use that info to launch phishing campaigns and boost an already excessive industry of identity theft.
What can you do if you are one of the nearly 44% of Americans that are impacted by this breach? Unfortunately, there is no way to retrieve the information that was stolen, or even know who has it. But you can go on the defensive to mitigate the damage. Here are a few steps to take immediately.
Step 1: Check potential impact.
Equifax has set up a website specifically for determining if you were impacted by the breach. Here is the link to that site: https://www.equifaxsecurity2017.com. At the bottom of the page, click the button on the left titled “potential impact”.
Step 2: Enroll in free credit monitoring.
Most often, when a major breach occurs, the organization in question will offer a year of free credit monitoring to those affected. Equifax is falling in line with that process, though it should be noted that credit monitoring does not prevent identity theft. Enrollment is free even if you weren’t impacted and is open until November 21.
Step 3: Change your credentials (passwords and logins) immediately.
It’s hard to know exactly what was stolen, so do this on every account that might even remotely be tied to the breach. And while you’re at it, enable two-factor authentication if available.
Step 4: Check your credit reports.
You are entitled to a free report every 12 months from the three major credit bureaus: Equifax, Experian, and TransUnion. You can sign up here: https://www.annualcreditreport.com/index.action.
Step 5: Consider placing a credit freeze on your accounts.
A credit freeze prevents creditors from being able to pull your file, which means if someone—an identity thief for example—tries to open an account in your name, they will be blocked. You can unfreeze your file at any time. Note, that freezes must be placed with each credit reporting bureau individually. Here are links and numbers to each one:
Step 6: Setup fraud alerts.
If you don’t want to place a credit freeze, at least take advantage of fraud alerts. Fraud alerts last for 90 days and are completely free:
- Equifax Fraud Department – 1-800-525-6285
- Experian Fraud Department – 1-888-397-3742
- TransUnion Fraud Department – 1-800-680-7289
Step 7: Beware of phishing attacks.
When personally identifiable information ends up in the hands of criminals, one of most common results is an uptick in phishing attacks. Specifically, spear phishing attacks see an increase because the attacker already has your information and can tailor emails that look legit. Think before you click!
For obvious reasons, everything listed above is completely reactionary. That’s the unfortunate side effect major breaches. To be proactive, here are five ways to prevent identity theft: https://www.thesecurityawarenesscompany.com/2017/03/23/five-ways-prevent-identity-theft/
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019