After Equifax Hack, Consumers Are On Their Own. Here Are 6 Tips To Protect Your Data September 14, 2017 4:34 PM ET By Yuki Noguchi
Massachusetts Attorney General Maura Healey, who plans to sue Equifax, called the breach "the most brazen failure to protect consumer data we have ever seen."
When it comes to dealing with the aftermath of Equifax's massive data breach, it'll be up to consumers to be on guard against data thieves, experts say.
Last week, the credit-rating company disclosed that it was hacked earlier this year, leaving 143 million U.S. consumers' personal information exposed. Equifax now faces numerous lawsuits, a huge stock price hit and several state and federal investigations.
Its slow and incomplete response continues to anger people all over the country, leaving many consumers wondering what — if anything — they can do to protect themselves if the company tasked with safeguarding their credit can't even make its phone lines operate.
Lisa Gerstner has been tracking Equifax's bungled response, both as a possible victim and as a writer for Kiplinger's Personal Finance.
"The call lines have been flooded to them; I think their call centers are overwhelmed," Gerstner says. "When I tried to call it last Friday about it, I got a busy signal then it hung up on me, so I went online."
But there, too, as of Thursday, problems continued with Equifax's website, with some users encountering system error messages. The company says that as of Tuesday, 11.5 million people had signed up to monitor their reports.
It's the same company selling us services to protect ourselves that's now given up our data.
Lisa Gerstner, a writer for Kiplinger's Personal Finance
Equifax declined an interview. It has tried to respond to public outcry, removing legal language on its site, for example, that appeared to waive consumers' rights to sue.
It has also had to explain why executives sold off company stock days after the breach and why it took Equifax over a month after discovering the problem to disclose it to the public.
Gerstner was also offended by Equifax and other credit agencies' attempts to capitalize on the traffic by selling data-protection services, "which I think is also something that makes this Equifax breach galling to people ... it's the same company selling us services to protect ourselves that's now given up our data," she says.
It's not just consumers and investors coming down hard on Equifax. Legal and political powers are also demanding answers and justice.
Massachusetts Attorney General Maura Healey, who plans to sue the company, called Equifax's breach "the most brazen failure to protect consumer data we have ever seen." Several other states and the Federal Trade Commission have said they have opened their own investigations. Members of Congress have demanded criminal investigations and a full accounting of what happened.
Meanwhile, security experts say the burden will fall mostly on consumers to manage the aftermath.
"The tools that consumers have are things they have to do themselves," says Robert Schoshinski, assistant director of privacy and identity protection for the Federal Trade Commission. (He says his agency's IdentityTheft.gov site is a resource for concerned or affected consumers.)
Freezing your credit — a service Equifax says it is offering temporarily free of charge — can protect against people trying to establish new accounts. Experts also urge consumers to regularly check their credit reports, monitor every bank statement, put fraud alerts on credit cards, and file tax returns as early as possible to try to prevent fraudulent filings.
When it comes to consumer measures, Avivah Litan, a security analyst with Gartner, is an even bigger pessimist — or realist — depending on your point of view.
"This was a horrible event, but this data has already been leaked," she says.
Litan says freezing credit prevents fewer than 5 percent of financial crimes. Sadly, she says, because the three credit agencies have a virtual monopoly, there are no decent alternatives.
Doug Johnson, a vice president and cybersecurity expert at the American Bankers Association, says, "There's never complete certainty associated with any security measure." Freezing and monitoring accounts may help, he says, but "it's all incremental."
Consumers like Jacob Palenske of Dallas now take a different approach.
"The change now is that because I feel like there is no such thing as true privacy when it comes to data, that instead of depending on, and trusting the organizations that I give my data to to keep it protected, I've taken that upon myself now to say, 'All right, I have to be very proactive and not assume that they are protecting it.' " Palenske says.
And that, experts say, is unfortunately about all you can do.
What You Can Do To Protect Your Credit Data
Here are steps that you can take to protect your personal information from being misused:
Find out if your information may have been exposed. You can do this by entering your last name and the last six digits of your Social Security number at Equifax's website. The site will tell you if you've been affected by the data breach.
You can enroll for a free year of credit monitoring. Whether or not your information was exposed, U.S. Equifax consumers are eligible for year of free credit monitoring and other services. The site will give you a date when you can come back to enroll.
Contact the nationwide credit reporting companies and review your free credit reports from each of them. You are entitled to a free credit report every 12 months from each of the three major consumer reporting companies (Equifax, Experian and TransUnion). You can request a copy from AnnualCreditReport.com.
Be sure to monitor your accounts for any unusual activity. Accounts on your credit reports that you didn't open, incorrect personal information on your credit reports, and credit inquiries from companies you've never contacted are all potential signs of fraud or identity theft.
Consider placing a credit freeze. Placing a credit freeze on your reports makes it more difficult for a thief to open a new account in your name. Remember that a credit freeze cannot prevent a thief from making changes to your existing accounts.
Consider setting a fraud alert. This requires creditors to verify your identity before issuing a credit card, opening a new account or increasing a credit limit on an existing account. A fraud alert will not prevent a lender from opening credit in your name the same way a freeze does, but it does require lenders to take additional steps to verify your identity first.