Steps to Take After the Equifax Data Breach

See if you’re affected, then take steps to protect your identity moving forward.

In early September 2017, Equifax informed the public that millions of consumer records were compromised in a data breach. The breach occurred sometime between mid-May and July 29 when they discovered that they were hacked. However, they failed to information the public promptly and their response hasn’t exactly been all about consumers. Here’s what you need to know…

Consolidated Credit infographic detailing steps to take following the Equifax data breach

Once More into the Breach Steps you can take to ensure you’re protected after Equifax data breach Step 1: Check to see if you’re affected 1. Head to equifaxsecurity2017.com 2. Click “Am I Impacted?” 3. Enter last name and that last 6 digits of your social 4. Confirm you’re not a robot 5. Equifax tells you if you’re part of the breach or not Step 2: Review your credit for free 1. Go to annualcreditreport.com 2. Confirm your identity (security questions based on your report) 3. Download your credit reports from each bureau 4. Review your reports for items you don’t recognize 5. Dispute them to see if they’re mistakes or a sign of ID theft 6. You can repeat this review for free once every 12 months Step 3: Consider signing up for credit monitoring 1. Equifax offers 1 free year to anyone affected by the breach 2. You can also use independent third-party services 3. Monitoring allows you to set up fraud alerts 4. They notify you anytime there’s activity in your credit file 5. Expect monthly fees that vary based on size of service package Step 4: Decide if you want to freeze your credit 1. Prevents anyone from opening credit in your name 2. Lenders must confirm identity during credit applications 3. Only stops new accounts – won’t protect existing accounts 4. Fees may apply (usually $10 max to place or remove freeze) 5. Length of freeze and fees vary by state 6. Check with state Attorney General’s office for state-specific details

6 Surprising Facts about Consumer Credit Bureaus that You May Not Know

#1: They’re all separate for-profit companies

Some people assume that credit bureaus are connected to a government agency because they gather and distribute confidential consumer information. However, all credit bureaus are private, for-profit companies. Three of them are the big players in the U.S. credit system: Equifax, Experian and TransUnion.

They are bound by federal regulations, mostly under a law called the Fair Credit Reporting Act. This law dictates what information they can include in your credit report AND who they can sell your report to. But there’s little federal oversight of their daily operations.

#2: You actually have three credit reports, not one

Since each bureau is a separate for-profit agency, they all maintaining their own proprietary copy of your credit report. So, instead of one consumer credit report, every individual actually has three. In theory, they should all say the same thing. However, discrepancies can occur. These are often mistakes in reporting that you must dispute to have removed.

#3: There’s no way to opt-out of reporting

In other circumstances, such as a retailer getting hacked, you can choose not to shop at that store because they may have lax security. But that’s not the case with credit reporting agencies. There is nothing you can do to opt out of reporting with any bureau. If you use credit or take out loans, this information always gets reported.

That’s one of the reasons that this breach is frustrating to many people. Equifax didn’t have proper security in place, even though they were warned by federal security agencies of the vulnerability. Then they waited for a few months to tell the public. And they even set up an automatic credit charge renewal on their “free credit monitoring services” offered to those affected.

But despite all that shoddy customer service, there is nothing you can do to stop Equifax from collecting and selling your credit information.

#4: Third party services often still generate revenue for the bureaus

With so much mistrust of credit bureaus, particularly Equifax, many people decided to sign up for “independent” third-party services. The most common choice is to go with LifeLock. But here’s the catch: Those third-party services have to get their information from somewhere. So, they sign contracts with one credit bureau to get the information they use to send credit report alerts. In other words, a credit bureau gets a kickback anytime you sign up for one of these services; they still generate revenue off your business.

Funny thing, LifeLock signed an exclusive contract with Equifax in 2015. So, all the people who are paying LifeLock now are also effectively paying Equifax, too. For the record, Credit Karma has deals set up with both TransUnion and Equifax. The only difference is that you don’t give them any money directly. But the credit bureaus still manage to generate revenue, even with “free” services.

#5: Like any company, the bureaus exist to turn a profit

Credit bureaus do not exist to provide consumer protection or advocacy. Just like any for-profit company, they exist to make money. This means even in the midst of the worst consumer data breach in American history, Equifax is still focused on finding ways to generate revenue. For example:

  1. At first, Equifax wanted to charge full price on credit monitoring services offered to people affected by the breach.
  2. They only made it free after public outcry.
  3. But it’s only free for one year from when you sign up.
  4. However, they follow the same shady auto-renewal system used routinely for credit monitoring services. They tell you it’s free, ask for credit card information to sign up, then automatically charge you at the end of the free promotion period if you don’t opt out promptly.

#6: They haven’t really learned anything from this

Given that they hold such vital personal information for every consumer in the U.S. and this breach showed their vulnerability to attacks, you’d think they’d take every measure possible to avoid other attacks.

Unfortunately, you’d be wrong again. Equifax has a website that we listed in the infographic above where you can check if you were affected. That site is EquifaxSecuity2017.com. To show just how vulnerable Equifax still is, a hacker made a fake security website with a very similar name: SecurityEquifax2017.com.

Sadly, not only did Equifax not catch it, they linked to the fake site instead of their site in their Twitter feed. Not just once, but several times. So much for learning from your mistakes

What to do if you’re worried about security

The old adage that if you want something done right, you should do it yourself really applies here. You must be diligent about taking the proper steps to protect your identity. That means checking your credit report every year and considering credit freezes carefully. It’s really up to you to protect your identity.

This self-help booklet can help you get started:

Use this infographic

<a href="https://www.consolidatedcredit.org/infographics/equifax-data-breach/" target="_blank"><img src="https://www.consolidatedcredit.org/wp-content/uploads/2017/11/EquifaxBreach-IB.jpg" alt="Consolidated Credit infographic detailing steps to take following the Equifax data breach" class="img-fluid" /></a>