Thursday, Equifax announced one of the largest data breaches in history affecting almost half of the U.S. population, as many as 143 million Americans. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The company is already being criticized for this website because it doesn’t really tell you if you have been impacted but simply tells you to register for the free monitoring service. (Three executives including the CFO are also under fire for selling over $1.8 million in company stock after the breach was discovered).
Unlike other data breaches like Target and Home Depot, not all of the people affected by the Equifax breach may be aware that they’re customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.
Because some of your data was likely impacted, you should be extremely vigilant in monitoring all your financial data going forward. Here are five simple steps to protect yourself from the Equifax data breach.
1) Get free credit monitoring and identity theft protection
If you want more coverage or don’t want to waive your rights to sue in a class action, you can choose a more premium service like PrivacyGuard or LifeLock which monitor all credit reports, black market websites, bank account takeovers and more.
2) Put a free fraud alert or a security freeze on your credit report
This is an easy and free service provided by all the major credit agencies. I do this myself after data breaches for peace of mind. Simply go online and fill out the form. This service lasts for 90 days but can be renewed free of charge. Just set up a reminder for yourself so you are fully covered. This will prevent others from opening credit cards in your name. Keep in mind that if you need a new credit card or loan, the application will get flagged because of this and you will need to talk to a service representative to confirm your identity.
For a longer term solution, you can put a security freeze on your credit report. You have to do this with each credit agency. You can call or do it online:
3) Check and monitor your statements
This one is the obvious one. Check your credit card and bank statements for any fraudulent activity. Look for any suspicious purchases and any activity that you didn’t authorize. Given today’s technology, credit cards like Amex offer real time alerts on your phone via text or apps. You can setup alerts at certain thresholds like transactions more than $500 or you can see every charge that is made on your credit card.
4) Don’t overshare on social networks
This is a difficult thing for people as we tend to post everything on Facebook, Instagram, Snapchat and Twitter. Over sharing makes it easier for identity thieves and they have easy access to your information if you aren’t careful. First and foremost, don’t post your birthday or hometown online. At the very least, tighten your privacy settings. The less you share, the safer you will be. Keep in mind that social network users have a higher incidence rate for identity theft than the national average. In Javelin’s 2012 Identity Fraud Report, LinkedIn users were twice as likely to report identity theft.
5) Use strong and unique passwords
Data suggests that between 31 and 65 percent of people use the same password at multiple sites. This is a major problem because if your username and password are compromised at one website, cybercriminals use automated means to test your credentials against other unrelated websites (a.k.a. credential stuffing.) This means a single hacked password could lead to a cybercriminal potentially taking control of your email account and online bank accounts.
Most people do not use complex enough passwords and a shocking 17 percent of people use the password “123456” ― don’t do this! By using a password manager, you can easily implement the use of unique, highly complex passwords for every one of your accounts. That means you can use a 16-character password like @2a&AY8mePu8HU@H for logging into your email account and a completely different password for shopping at Amazon.com. A password manager requires you to remember a single master password (DO NOT LOSE this password!) and can sync across all of your Windows, Mac, Android, and iOS devices. I’m using LastPass, and I highly recommend it.
Don’t become a victim of identity theft. Take these simple steps to start protecting yourself today. If you have any additional tips, please leave them in the comment section below.
This post originally appeared at the Runnymede Blog