The Equifax Breach: Protecting Yourself Against Identity Theft
September 9, 2017- The Equifax security breach is an issue you should be aware of, as it is a tipping point in the fight against cybercrime. Equifax, one of the three major credit bureaus, recently disclosed that their systems were hacked and that the personal data of up to 145 million people were stolen. The sensitivity of this data and the size of this breach mean that prudent consumers should change how they protect themselves. In the future, it is plausible that your personal data, including your date of birth, social security number, and credit report information, could be made available to the public.
I encourage you to follow the New York Times’ Ron Lieber, an excellent personal finance journalist, who posts informative articles on the topic: https://www.nytimes.com/by/ron-lieber
Here are some things you might consider doing to protect your personal information:
1. Freeze your credit reports. A credit freeze (or security freeze) tells the three major credit bureaus that your file is off limits for new accounts, which makes it nearly impossible for identity thieves to open an account in your name. It does not affect any of your open accounts, credit cards, or business relationships. However, a credit freeze can be inconvenient. Once your credit freeze is in place, you cannot be approved for credit unless you contact the credit bureau with a personal identification number (provided when you apply), which opens up the file for a short time. If you choose to freeze your credit, you will need to do so at each of the three credit bureaus (Experian, TransUnion, and Equifax). A separate application is required for each individual (a married couple or family cannot apply together).
You can apply for a credit freeze online here:
2. Create strong passwords. As hackers get more and more creative, it is important that you have robust and deliberate online “hygiene.” One way to approach this is to create a password convention that allows you to:
a. Use a different password for each website/account,
b. Use a password that changes on a regular basis, and
c. Use dual-factor authentication so that even if hackers obtain the correct username and password, they still need information that only you know.
At a minimum, we encourage taking a thoughtful approach to creating a password convention that is specific to you and easy to remember. Because much of the information about your past, information that people commonly use for passwords, is discoverable, you might create imaginary information about yourself. Here is one way to do this. You will need:
A place you would like to travel to (for example, Italy)
An imaginary date, several months away, that you “plan” to travel (for example January 2018)
A number one through five (such as four), and
A special character (for websites that require this; in this example, “%”).
Next, create a password from the information above using the first three letters of the location in all caps (ITA), four numbers for the date (0118), the fourth letter from the website you are visiting in lowercase (z, if logging into Amazon), and your special character. In this scenario, your password to access Amazon would be ITA0118z%. Once January 2018 arrives, you have a trigger to change the password by changing the date and location.
As your password convention should be unique to you, it is important not to copy this one, but to create your own, write it down, store it in a place that is hard to find (not an online password service, which could be hacked), and tell someone you trust where it is. For dual-factor authentication, some websites use challenge questions. If this is the case, you should use imaginary answers (and remember them). Thieves can find information online such as where you were born or went to high school or your mother’s maiden name.
Of all your passwords, the most important one is the password that accesses your email account because most website passwords can be reset through your email. If someone has access to your email account, it provides the keys for most other access.
3. Monitor your credit regularly. Each credit bureau allows one free inquiry per year. By rotating among the three credit bureaus at www.annualcreditreport.com, you can check every four months for free. As a convenience, paid credit monitoring may be worth the cost.
4. Maintain good computer “hygiene.” It is important to use updated firewall and virus software and to periodically wipe traces of internet activity off your computer. If you receive popups or unsolicited contact via your computer, you may have unwanted programs that track your keystrokes. Hackers are adept at tricking people into giving up sensitive information. If they’ve been successful once, they’ll know you’re vulnerable and try again.
This post is not intended to be a comprehensive defense. My personal expertise is not in cybersecurity, and I have not included any input from security experts. For now, I believe these defenses can help you lower the probability of theft. While we follow industry best practices, it is my opinion that the Experian hack will force fundamental change in how the credit industry operates.