Recently, Equifax made headlines after it suffered a massive data breach affecting over 140 million individuals. The breach included data such as customer Social Security numbers, addresses, and birth dates as well as driver’s license numbers. For the most part, passwords were not compromised and only a few credit card numbers were revealed.
People affected should take action to protect themselves, but it is not always evident how to respond. Below are some of the key steps to take to protect personal financial interests in the event of a data breach inside any company, including Equifax.
Figure out the extent of the damage.
Not all data breaches are a cause for concern. When names and street addresses are exposed, the risk of identity theft or other adverse effects remains rather small. After all, this information was formerly found rather easily in a printed phonebook. Furthermore, much of this data is already available online.
Individuals need to be more concerned if email addresses, credit card numbers, and dates of birth were compromised. While credit cards typically provide protection against fraudulent charges, a breach involving dates of birth can provide identity thieves access to some information, especially when paired with other identifiers.
The most concerning breaches will include account passwords, payment security codes, account numbers, and, as in the Equifax case, Social Security numbers. These types of breaches demand immediate action to prevent accounts from getting hijacked. Even if the stolen data was encrypted, consumers should take action.
Contact all involved financial institutions.
When action is warranted, individuals should start by calling credit card companies and banks as soon as possible. By explaining that the account has been put at risk, the institution will look for fraudulent activity and change account numbers to protect against future issues.
In the event of fraudulent charges, consumers should explore liability and protections with their financial institutions. Federal law limits customer liability for fraud and alerting the company before charges are made will result in complete protection.
Unfortunately, the protection with debit cards remains less robust, especially if the bank is not notified before purchases are made. Still, alerting the bank sooner will limit liability more. After 60 days, individuals typically have no recourse for disputing the charges.
Enroll in credit and identity monitoring services.
A number of free and paid services exist to help people monitor their credit scores and their identities so that they are alerted as soon as suspicious activity appears. In many cases of data breach, this type of service is provided for free. For example, Target offered free credit monitoring after its data breach and Equifax is now doing the same.
In these cases, consumers should take advantage of the offer, especially since they have nothing to lose. If consumers do have to pay for the service, it could still help prevent serious issues down the line. Often, individuals have to pay extra for identity monitoring, but the small amount can prove worth the investment.
In any case, it is imperative to read the fine print and understand exactly what service the company is providing. Ideally, the service monitors financial accounts and credit bureaus.
Change passcodes for online accounts.
Any account that has been compromised needs to be secured as quickly as possible. To do this, consumers should change their passwords and ensure that they use something strong. Ideally, the password should not contain any number pertaining to dates or whole words that can be found in the dictionary. Combining capital letters, numbers, symbols, and more provides the greatest amount of protection.
Each account should have a different passcode so that accounts are kept secure in the event of a future breach. If the compromised password has been used for other things, individuals should be sure to change the password for those accounts, too.
Some companies provide two-factor authentication for accounts. While this choice involves an extra step in access, it will stop a thief by preventing access even if he or she has the right passcode. Password managers can help individuals keep track of all their different accounts.
Inform the credit reporting bureaus.
The Equifax breach is an interesting case because it involves one of the major bureaus. However, this should not stop individuals from contacting the other bureaus if they were affected. By doing so, people can put a fraud alert on their record so that they can informed if anyone tries to use their information fraudulently. By communicating with these agencies, individuals will know whenever someone tries to look up their credit reports.
Fraud alerts are completely free, but they do require renewal every 90 days if individuals think that the threat still persists. As an added bonus, the alert comes with a free copy of one’s credit report so that individuals can verify all the information they contain.
Outside of Equifax, the major credit bureaus in the United States include Experian, TransUnion, and Innovis. Consumers only need to contact one bureau, which will then notify the other three. Importantly, consumers do not have to give a reason for the alert.