Equifax was the victim of a major data breach through their website. 143 million records leaked and if that’s one record per person that is over half of the adult population in the United States. The odds are your information was part of it. Even if it was not you should consider taking some precautions anyway. In the post breach chaos there are and will be reports, rumors and emails on what to do and what not to so. It can be confusing.
Equifax stumbled out of the gate with their response but have made improvements. You can see if you are part of the breach and signup for monitoring here – https://www.equifaxsecurity2017.com/
Unfortunately on the tail of events like this there will be those that will try to exploit it to commit more identity theft. You need to be aware and these tips will help protect your identity from future problems.
- Do not click on any links in emails that pertain to Equifax! – Phishing will be rampant after this event. Take the assumption that 100% of the emails you get about Equifax will be fraudulent. You will be contacted by mail if you are a part of this. Play it safe and DO NOT CLICK ON ANY LINKS IN EMAILS! Do that and phishing is reduced to zero. Also, don’t call any 800 numbers if you get an email telling you to do so. If you are worried, go find the real number on the company’s website. Criminal setup call centers that sound legit but are just as bad as a phony website.
- Freeze your credit reports. Contact the three credit reporting companies and put a freeze on your credit report. It costs between $5 and $15 to freeze your account. In order to open any bank account, credit card account, take out a loan they have to pull a credit report. If it’s frozen you will be contacted first to grant it. This stops criminals from using your info to open accounts.
- Turn on 2-factor, 2-step authentication on all of your accounts. Enabling two step authentication on your social media, bank accounts, websites you login to make your username and password less valuable. They may get your account info but a two step will send a code to your device or the website will ask you to generate one from your device. The criminals won’t have that and therefore will slow them down from accessing your accounts.
- Take advantage of the free identity theft monitoring that is being offered. Equifax will be offering credit monitoring, it’s required by law that any breached company does. There is a slight misunderstanding that the Equifax credit monitoring prevents you from class action lawsuit participation, that’s not accurate. If it was, the government will step in and not let that stick. If you are still worried, call your bank and get credit monitoring through them. Paying a few dollars a month for continual credit monitoring is not a bad idea anyway.
- Change your passwords for all of your online accounts. Change your passwords on your sensitive accounts. We are not sure yet on the types of information that was breached beyond identity info, account info might have been part of that too. However, if you use a password vault and do not use the same password on multiple sites your risk is less.
- Be suspicious of any other external offers. There are always companies that will step in and try to offer you services and claim they can protect you. Be skeptical. Trust your bank or account holders, you dont need 3rd party services beyond credit monitoring and report freezes.
This is the world we live in now. The dangers of security lapses in companies that house our data should become more clear the more breaches happen. The public, consumers and regulators need to step up the pressure to get security to the front lines. It’s not there yet, obviously. Big company, small business security failures are still rampant. It’s not a matter of IF but WHEN you get breached. Then it’s a question of how long does it take you to find out you were breached.
For this one take the steps to protect your credit, review your reports, and be suspicious of any offers or claims of scary data leaks. Hesitate, ask, verify, pick up the phone and get the answer from a trusted source. Email can’t be trusted, ever. Especially from events like this.
Be aware, be safe.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently with Magenic providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure everyday.