Sep 09 2017

So, you have a credit card?

Well, you might want to pay some attention to this-

Equifax Data Breach is a 10 out of 10 Scandal

Equifax says hackers have gained access to the personal information of more than 143 million people. That’s just under half the entire U.S. population. The compromised info includes credit card and Social Security numbers, addresses and birth dates.

The controversy continues beyond the breach itself. It took more than a month for Equifax to publicly disclose it, and during that time, just days after it happened, three company executives sold nearly $2 million worth of stock. Equifax claims they were unaware the intrusion had occurred.

Now meanwhile, people who sign up for an Equifax help site are being told they forfeit their right to sue or take part in a class action. That means if you want to find out if your data was stolen, you can’t take legal action against the company that lost it. New York Attorney General Eric Schneiderman has opened a probe of Equifax and told the company to remove that language.

So what should you do?

Equifax’s Instructions Are Confusing. Here’s What to Do Now.
By RON LIEBER, The New York Times
SEPT. 8, 2017

The company is offering one free year of credit monitoring to all Americans, not just the ones whose data was stolen. It includes the ability to turn your Equifax credit report on and off, to keep thieves from applying for credit in your name using information they stole from Equifax and to have access to your Equifax report to do so.

That’s all well and good, except that the thieves might use the stolen information to apply for credit with lenders that check the credit reports only at the other big agencies, Experian and TransUnion. So this protection is incomplete.

And why just a year? Who knows? Isn’t this an invitation to the thieves to sit on the data for a while and then use it when all of us have moved on?

Meanwhile, people can’t easily change their Social Security numbers to thwart the thieves. So if any bad actors have your personal data, those numbers will be useful for years, maybe decades, depending on how the credit system changes over time.

Equifax should have made the monitoring last forever. Since it didn’t, it will now be able to solicit everyone who signs up for its year of free service. And what do you want to bet that the company will offer an extension bright and early on day 366 for, say, $16.95 per month?

So, yes, your worst suspicions are now confirmed. Equifax may actually make money on this breach. We would expect nothing less from the credit reporting industry, with which few of us would choose to do business but nearly everyone has to sooner or later.

In the meantime, here’s hoping that this breach is the nudge you need to finally sign up for permanent freezes on your credit files. I’ve used them for years, and here’s how they work. You sign up (and pay some fees, because you knew it wasn’t going to be free to protect data that you didn’t ask these companies to store, right?)

Once you do (and it may take a little time to complete the process), the bureaus are not supposed to release your credit report to any company except the ones that already have you as a customer. Why is this important? When a thief shows up with your Social Security number and address to apply for credit in your name, the lender will go to fetch your credit report before anything else happens. If it can’t retrieve the report because of the freeze, then no new account for the thief.

You can thaw your freeze every time you want to apply for new credit by using a personal identification number that the companies give you, which you absolutely should not lose. This costs a few more dollars. (Would it kill Equifax to waive these fees for a while, given the circumstances? Or how about forever?) The process is annoying, but it takes only about 15 minutes to do this at all three of the big agencies. Those precious minutes, by the way, are also why the credit bureaus hate freezes. They gum up the works and make it harder for them to peddle your files to credit card companies and such, thus making ever more money off your data.

A credit freeze is different from a fraud alert, though you should also request one of those in the wake of the Equifax breach, for the longest possible time on offer.

I have always worried that a giant breach would someday come to one of the big credit reporting agencies, and now here we are. The data is out there, and thieves may use it in ways that freezes cannot thwart. They may try to gain access to other people’s health insurance, file tax reports in their names on Jan. 2 to claim a big refund and do other things that we haven’t even thought of yet.

And then there’s this: A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. That’s what happened here, and we will now spend years seeing what happens next.

Don’t bother going to the site to ask if your data has potentially been compromised, they’ll just collect 2 more digits of your Social Security number (that’s 6 of 9 folks and the remaining 3 are like your area code at the time of your application, the 2 additional they’re collecting are just the date) and tell you “your personal information may have been impacted by this incident” whatever random string of garbage you type in.

Me? I don’t worry too much because I’m pretty aggressively off the grid and have not a sou to my name which while uncommon and distinctive is not at all ‘ek hornbeck’ or unique and thus easily confused. I know how to get sous when I need them so no sympathy, please. Most people need it more than I do.