A lot of folks are very angry about the Equifax data breach. Honestly, you would think by now we would be somewhat numb to our data being stolen – what with the Anthem data breach impacting 79 million people and the Target one affecting 41 million customers a few years back. But this one surpasses them both, at 143 million.
If you only heard about the breach but can’t remember the details, here’s a fun timeline (one that will really annoy you if you’re in IT like I am):
- March – Flaw in Apache Struts identified by a cybersecurity arm of the U.S. Department of Homeland Security, US-CERT
- May 13th – Hackers start exploiting the flaw
- July 29th – Equifax discovers data breach
- July 30th – Equifax “observes suspicious activity” and takes affected application offline (instead of, you know, yesterday when they discovered it)
- August 1st and 2nd – Equifax senior officers sell significant amounts of stock
- August 2nd – Equifax hires a cybersecurity firm to help them figure out what was compromised and when
- September 7th – Equifax decides to let the 143 million impacted people know about the breach
- September 15th – In an incredible coincidence, their Chief Information Officer and Chief Security Officer have decided to retire. Imagine that!
I’ve Been A Victim
I am an identity theft victim. After the Anthem breach, shortly before Christmas of 2015, I had the experience of opening a letter informing me how sad Target was for needing to deny my application for a credit card. Trouble was, I hadn’t applied for a credit card. Then the thief tried hacking my AT&T account, switching my phone plan and getting new phones. I believe they were arrested, actually, because AT&T realized it was a fraud (unfortunately not before the thief succeeded in changing the plan).
Luckily I had heard about identity theft, and what to do about it, from one of my favorite podcasts – Clark Howard. I’ve seen his awesome guide making the rounds online and even at work. Our security chief posted an article about the breach and what to do, and one of our employees posted a link to the guide.
I’m sorry to tell you this, but even if for some reason Equifax says that your data wasn’t impacted by their breach, you need to assume your data is out there. You want to tell me that you haven’t been an identity theft victim? That’s just because the thieves have so much data, they haven’t gotten to you yet. Sorry.
What You Can Do
So you need to assume your data is out there. How can you protect yourself? Since this is a subject that’s very personal to me, I’ve written about it in the past. Here are my top identity theft resources:
Five Tips To Prevent Identity Theft – In this article, I go more into my personal story and experience with identity theft, along with an extensive guide on preventing identity theft. With links to the credit bureaus, the FTC’s identity theft guide, and tons (and tons!) of other key sites, this is a one-stop-shop to helping you protect your identity
Seven Steps to Take If Your Identity’s Been Stolen – A follow-up to my prevention guide, this article will walk you through what to do if you’re in identity theft recovery mode (rather than prevention mode). One word of caution, this is a very long and comprehensive article, so it will take time to read. I’ve worked hard to cover everything a victim might need to know.
Swiped, by Adam Levin – This is an awesome and amazing book I picked up after my identity was stolen. It will go through all the things you need to think about and to do in order to protect your phycial and virtual environments. After reading this book I made significant changes to my password management process, got a shredder and security cameras, and made lots of other changes. I highly recommend this book if you’re looking for a comprehensive guide to addressing your own security, and not just a quick fix of placing a fraud alert/security freeze on your credit.
I want To Hear From You!
What are you doing in response to the Equifax data breach? Let me know in the comments.
Be sure to follow my blog for more great posts via e-mail or WordPress, or connect with me on Facebook or Twitter and say hello! You can also check out what I’m buying or baking on Instagram, what I’m pinning on Pinterest, or the latest books I’m reading (or want to read) over on Goodreads.
We had our credit frozen because of past credit card fraud before this breach was announced. BUT – we had to unfreeze it right around the time this happened to get homeowner’s insurance for the house we are downsizing into. It made me furious – because we had landlord insurance on the same house, with the same company for over 25 years! We could have been quoted rates without opening our credit files (we’re in NY) – but they would have been hundreds of dollars higher. Our insurance agent said he had only dealt with a few people in our situation (having our credit locked) and he’s been doing this for 40 years. I’m not sure why folks aren’t taking this more seriously. I’d rather spend $10 to unfreeze my credit if I want to open up a line/new credit card – than to deal with identity theft. And I do understand they can still steal your identity – but it should be harder to open accounts (though not impossible), with it frozen. Thanks for sharing this important information!
Agreed, I want to make it as difficult as possible for an identity thief to steal my identity. The small hassle of unfreezing my credit temporarily pales in comparison to the large hassle of dealing with identity theft. Even when it’s not successful, it’s a huge pain (calling companies, filing police reports, etc. I even got new car & home insurance without needing to thaw my credit (through Amica). I do know most people don’t freeze their credit, and it seems like many are worried about needing to thaw it. Always makes me wonder how much new credit they’re taking out if it’s that much of a hassle.
I have frozen my credit at Equifax and Experian. Transiunion keeps telling me they can’t verify my identity online. I have tried calling them but keep getting disconnected. I will keep trying. I was also affected by the Target breach but never had a problem. Someone got my capital one credit card number and bought some items at a gas station in Tampa. Capital One detected the fraud almost immediately and got a text via their wallet app. I cancelled the card within 10 minutes and the thief kept trying to use the card for several weeks.
Long ago I had discovercard detect a fraud like that, except someone in PA was trying to pay their cable bills. I didn’t (and still do t) have cable. They called me immediately, I said it wasn’t me, and they cancelled the cards.
With the identity theft, the thief was never able to actually open credit. Fortunately for me they had the wrong date of birth. And after I froze my credit, they tried once more and never again. I always thought they must have just tossed my info after that because it wasn’t working.
Good luck with transunion-all the bureaus seem to be busy right now but I’m sure that will die down soon.
I read your article on credit freezes and I will try again this morning with transunion and the minor ones you mentioned.
Great information, Liz, thanks for sharing! I do think it’s somewhat ridiculous to be forced to pay to freeze and unfreeze your own credit, but it really is a small price to pay for some additional protection.
Agreed-I find it well worth the price. I know in some states it’s free if you’re an identity theft victim. Maybe one day it’ll be free for everyone.
I really, really hope that this will finally be the catalyst for improving security at a number of different high-risk companies such as these credit reporting agencies. It’s insane how much a social security number is used everywhere and you couldn’t possibly control what they do with your information.
I hope so. It would be even better if we rethought SSN and what it’s used for, and how you open credit/file taxes.