Steps to Take After the Equifax Data Breach
See if you’re affected, then take steps to protect your identity moving forward.
In early September 2017, Equifax informed the public that millions of consumer records were compromised in a data breach. The breach occurred sometime between mid-May and July 29 when they discovered that they were hacked. However, they failed to information the public promptly and their response hasn’t exactly been all about consumers. Here’s what you need to know…
Once More into the Breach Steps you can take to ensure you’re protected after Equifax data breach Step 1: Check to see if you’re affected 1. Head to equifaxsecurity2017.com 2. Click “Am I Impacted?” 3. Enter last name and that last 6 digits of your social 4. Confirm you’re not a robot 5. Equifax tells you if you’re part of the breach or not Step 2: Review your credit for free 1. Go to annualcreditreport.com 2. Confirm your identity (security questions based on your report) 3. Download your credit reports from each bureau 4. Review your reports for items you don’t recognize 5. Dispute them to see if they’re mistakes or a sign of ID theft 6. You can repeat this review for free once every 12 months Step 3: Consider signing up for credit monitoring 1. Equifax offers 1 free year to anyone affected by the breach 2. You can also use independent third-party services 3. Monitoring allows you to set up fraud alerts 4. They notify you anytime there’s activity in your credit file 5. Expect monthly fees that vary based on size of service package Step 4: Decide if you want to freeze your credit 1. Prevents anyone from opening credit in your name 2. Lenders must confirm identity during credit applications 3. Only stops new accounts – won’t protect existing accounts 4. Fees may apply (usually $10 max to place or remove freeze) 5. Length of freeze and fees vary by state 6. Check with state Attorney General’s office for state-specific details
6 Surprising Facts about Consumer Credit Bureaus that You May Not Know
#1: They’re all separate for-profit companies
Some people assume that credit bureaus are connected to a government agency because they gather and distribute confidential consumer information. However, all credit bureaus are private, for-profit companies. Three of them are the big players in the U.S. credit system: Equifax, Experian and TransUnion.
They are bound by federal regulations, mostly under a law called the Fair Credit Reporting Act. This law dictates what information they can include in your credit report AND who they can sell your report to. But there’s little federal oversight of their daily operations.
#2: You actually have three credit reports, not one
Since each bureau is a separate for-profit agency, they all maintaining their own proprietary copy of your credit report. So, instead of one consumer credit report, every individual actually has three. In theory, they should all say the same thing. However, discrepancies can occur. These are often mistakes in reporting that you must dispute to have removed.
How to Repair Your Credit for Free
In this video, we teach you how to dispute items in your credit report to have incorrect negative information removed. Discrepancies in your credit profile can damage your score and decrease your borrowing power. Disputing those mistakes helps maximize your score.
Welcome, contestants, to an exciting round of the Game of Good Credit. If you’ve ever lost big in the Game of Good Credit, it can feel like you’ll never be able to win again. But if you take the right moves you can get back to winning score faster than you think.
A winning game plan often starts by cleaning up your credit report. It helps you clear the board so you can move forward effectively. Negative items can linger longer than necessary. You may have actually made some bad moves, but some negative items that show up may not be real at all.
So, the first step in your game plan should be to order your credit reports through annualcreditreport.com. Answer a few security questions, pass through the portal and access your profile from each credit bureau. After a bad credit loss, you’ll want to play through three rounds of review – one for each bureau.
As you work through each round, look for trouble spots that could set you back. Make sure those items are legitimate. But keep an eye out for errors, such as mistakes in your personal information. But take note if your report shows duplicate accounts or accounts that shouldn’t be there.
Detail any information that’s not correct: Look for late payments that you actually made on time and identify bad account statuses that might be outdated. See if there are any hard credit inquiries that you didn’t authorize.
Now you can dispute these errors to the credit bureau to have them verified or removed. They have 30 days to respond to a dispute. Once that clock expires, the item must be verified or, by law, it must be removed from your report.
This is how you clean up your credit so past issues don’t affect your current game. If you’re ever unsure of any credit rules, call the toll-free number for the bureau listed on the report. They’re required to explain any rules you don’t understand so you can play with confidence.
For more tips on how to win the Game of Good Credit, visit ConsolidatedCredit.org.
#3: There’s no way to opt-out of reporting
In other circumstances, such as a retailer getting hacked, you can choose not to shop at that store because they may have lax security. But that’s not the case with credit reporting agencies. There is nothing you can do to opt out of reporting with any bureau. If you use credit or take out loans, this information always gets reported.
That’s one of the reasons that this breach is frustrating to many people. Equifax didn’t have proper security in place, even though they were warned by federal security agencies of the vulnerability. Then they waited for a few months to tell the public. And they even set up an automatic credit charge renewal on their “free credit monitoring services” offered to those affected.
But despite all that shoddy customer service, there is nothing you can do to stop Equifax from collecting and selling your credit information.
#4: Third party services often still generate revenue for the bureaus
With so much mistrust of credit bureaus, particularly Equifax, many people decided to sign up for “independent” third-party services. The most common choice is to go with LifeLock. But here’s the catch: Those third-party services have to get their information from somewhere. So, they sign contracts with one credit bureau to get the information they use to send credit report alerts. In other words, a credit bureau gets a kickback anytime you sign up for one of these services; they still generate revenue off your business.
Funny thing, LifeLock signed an exclusive contract with Equifax in 2015. So, all the people who are paying LifeLock now are also effectively paying Equifax, too. For the record, Credit Karma has deals set up with both TransUnion and Equifax. The only difference is that you don’t give them any money directly. But the credit bureaus still manage to generate revenue, even with “free” services.
#5: Like any company, the bureaus exist to turn a profit
Credit bureaus do not exist to provide consumer protection or advocacy. Just like any for-profit company, they exist to make money. This means even in the midst of the worst consumer data breach in American history, Equifax is still focused on finding ways to generate revenue. For example:
- At first, Equifax wanted to charge full price on credit monitoring services offered to people affected by the breach.
- They only made it free after public outcry.
- But it’s only free for one year from when you sign up.
- However, they follow the same shady auto-renewal system used routinely for credit monitoring services. They tell you it’s free, ask for credit card information to sign up, then automatically charge you at the end of the free promotion period if you don’t opt out promptly.
#6: They haven’t really learned anything from this
Given that they hold such vital personal information for every consumer in the U.S. and this breach showed their vulnerability to attacks, you’d think they’d take every measure possible to avoid other attacks.
Unfortunately, you’d be wrong again. Equifax has a website that we listed in the infographic above where you can check if you were affected. That site is EquifaxSecuity2017.com. To show just how vulnerable Equifax still is, a hacker made a fake security website with a very similar name: SecurityEquifax2017.com.
Sadly, not only did Equifax not catch it, they linked to the fake site instead of their site in their Twitter feed. Not just once, but several times. So much for learning from your mistakes
What to do if you’re worried about security
The old adage that if you want something done right, you should do it yourself really applies here. You must be diligent about taking the proper steps to protect your identity. That means checking your credit report every year and considering credit freezes carefully. It’s really up to you to protect your identity.
This self-help booklet can help you get started:
This publication discusses the fastest growing federal crime in the country and provides steps one can take to minimize the chances of personal information being stolen and used by a thief. The first part of this brochure is organized into checklists you can use to put these ideas into practice. The second part of this brochure will give you steps to take if you are a victim.
Use this infographic
<a href="https://www.consolidatedcredit.org/infographics/equifax-data-breach/" target="_blank"><img src="https://www.consolidatedcredit.org/wp-content/uploads/2017/11/EquifaxBreach-IB.jpg" alt="Consolidated Credit infographic detailing steps to take following the Equifax data breach" class="img-fluid" /></a>