Life After Equifax

We can now categorize identity theft as life before, and life after Equifax. To summarize the issue, Equifax – one of the three credit-reporting agencies in the U.S. – has announced they had been hacked for a period stretching from May-July of 2017. The security breach affects 143 million people in the United States. This is a big number. According to the 2010 Census, there are roughly 245.5 million people over eighteen years old or older in the U.S. I’m using large, round figures, but I estimate that just under 60% of the citizens of the United States old enough to have credit credit (mortgages, loans, credit cards, leases) have been compromised.

The hackers were able to obtain names, Social Security numbers, birth dates, addresses and (for some) driver’s license numbers. I’m just assuming my information is out there now. This is the sad world we live in, after Equifax. We are now playing defense, forever.

What Can We Do?

The information below are from the FTC, via our financial planners, EnRich Financial Partners of Madison, Wisconsin, who were nice to summarize all the options for fraud detection & prevention. These are all the options. Some of them overlap. It’s a lot to digest; if you’d rather skip the gory details and go to the actual steps I took – they’re below these bullets.

Fraud Detection & Prevention

• Request a free copy of your credit report at www.annualcreditreport.com. Under federal law, you’re allowed to request a free copy once a year from each of the three credit reporting agencies: Equifax, Experian, and TransUnion. You can do this every 122 days by rotating among the agencies. Look for suspicious accounts or activity that you don’t recognize-such as someone trying to open a new credit card or apply for a loan in your name. If you DO see something, visit Identitytheft.gov to find out how to mitigate the damage.
• Monitor your online statements & transactions. The credit report won’t tell you if there’s been money stolen from a bank account or suspicious activity on your credit card. Unfortunately, you’ll have to turn this into a habit. In most cases, theft happens over time, starting with small amounts stolen from across your accounts. Be assured that we are paying extra attention to investment transaction reports for suspicious activity.
• Place a fraud alert on your account with all the major credit bureaus. You can place a fraud alert, for free, by contacting one of the credit agencies, which is then required to notify the other two. This will warn creditors that you may be an identity theft victim, and they should verify that anyone seeking credit in your name is really you. The fraud alert will last for 90 days and can be renewed.
• Consider putting a freeze on your credit if you’re still worried. A freeze blocks anyone from accessing your credit reports without your permission-including you. This can usually be done online, and each bureau will provide a unique personal identification number that you can use to “thaw” your credit file in the event that you need to apply for new lines of credit sometime in the future. Another advantage: each credit inquiry from a creditor has the potential to lower your credit score, so a freeze helps to protect your score from scammers who file inquiries. Fees to freeze your account vary by state, but commonly range from $0 to $15 per bureau. You can sometimes get this service for free if you supply a copy of a police report (which you can file and obtain online) or affidavit stating that you believe you are likely to be the victim of identity theft.
• Sign up for a credit monitoring service. It won’t prevent fraud from happening, but WILL alert you when your personal information is being used or requested. In most cases, there is a cost involved, but Equifax is offering a free year of credit monitoring through its TrustedID Premier business, whether or not you’ve been affected by the hack. It includes identity theft insurance, and it will also scan the Internet for use of your Social Security number-assuming you trust Equifax with this information after the breach.
• Opt out from credit and insurance offers. ID thieves like to intercept offers of new credit sent via postal mail. If you don’t want to receive pre-screened offers of credit and insurance, you have two choices: You can opt out of receiving them for five years by calling toll-free 1-888-5-OPT-OUT (1-888-567-8688) or visit www.optoutprescreen.com. You can also opt out permanently online. To complete your request, you must return a signed Permanent Opt-Out Election form, which will be provided after you initiate your online request.

Whew! That’s a lot of stuff to take in. Here’s what I did this morning…

What Did I Do?

I decided to take steps to monitor my credit and protect myself without locking things down completely, and without spending any money. Unfortunately, each of these steps requires rolling follow-up or renewal of service, in perpetuity. That’s annoying, but I’m pretty sure these sunsetting provisions were added to regulations in order to get them past lobbyists and through Congress. Yes, all the steps I took (below) are things I can do because the credit bureaus are required by law to do so. I fully expect they would not do any of it if they didn’t have to.

Part One: I went to annualcreditreport.com and started the ball rolling.

1. I requested a copy of my credit report from one bureau. I chose Experian for no particular reason. (I would not recommend starting with Equifax, since they’re kinda busy right now.)
2. I filled out the form on annualcreditreport.com and it redirected me over to Experian’s website, where I was able to view my Experian credit report.
3. I printed the report to a PDF for safekeeping. (If you prefer to kill trees, go for it.)
4. I made a note of the credit report # at the top of the Experian web page, since it didn’t print on the report itself. (Argh.) You’ll need this for Part Two below.
5. I set myself a computer calendar reminder to check Experian again in 1 year. I set the calendar reminder to repeat once a year, forever.
6. I hate date math, so I Googled “122 days from today” to find the day I can check credit bureau #2. I chose TransUnion. I set myself a computer reminder to check my TransUnion credit report once a year on that day, forever.
7. Then I Googled “244 days from today” to find the day I can check credit bureau #3, finally getting to Equifax. I set myself a computer reminder to check my Equifax credit report once a year on that day, forever.

Part Two: I went to Experian’s fraud alert page to request a 90-day fraud alert.

1. The page on Experian’s site is here.
2. I used the report # I got in the previous step to fill out the form and request a fraud alert. Note that I had to strip the zeroes off the beginning of my report number, and take out the dashes to make it work. (Argh.) In other words, the if number I got from Experian was 009876-5432-11, I had to enter it as 9876543211.
3. I set myself another calendar alert for 90 days from now, to come back here and renew my fraud alert. (I will be doing this every 90 days for the rest of my life.)

Part Three: Opt Out of Credit Card Offers

I didn’t do the opt-out prescreen because I’ve already done it. But good news: when I requested the fraud alert from Experian, the confirmation I got stated they enrolled me anyway! I don’t know if this happens automatically if you place your fraud alert via the other two agencies, but if you use Experian, this will save you a step.

So, How Is My Life After Equifax?

All told, this took me about twenty minutes to do, while making notes so I could write up this post. Yes, this is a pain in the neck, but twenty minutes is worth it. None of us have time to deal with the fallout from identity theft. Going forward, I will have to request my credit report from all three bureaus once per year, and renew my fraud alert four times a year.

Do I feel safer? Not really. I feel as though I should have been doing this already, and that Equifax was just the tipping point. Considering all the breaches we’ve weathered in the last decade (Target, Home Depot, Ebay, Yahoo, Chase, OPM, Anthem, et al), it’s hard to imagine I haven’t been caught up in something already. I’ve had a personal credit card (once) and a business credit card (twice) reissued because of fraudulent use. I’m overdue for these protection measures.

A Final Word About Credit Monitoring

Equifax is offering a free year of credit monitoring service as a mea culpa for their sins. I decided not to do this for two reasons. One, the terms of service waive my right to take legal action against Equifax for anything, ever. I have no plans to sue them, but who knows what’s coming now that all this information is out there. Two, at the end of the year of free service, I’d probably have to jump through hoops to not have the service renew for $$. I reject Equifax’s efforts to limit their liability and profit from a crisis of their own making.

Update: after 72 hours of life after Equifax, I have not received confirmation from Equifax or TransUnion that my fraud alert is active with them. I will update when I hear from them.

Identity Theft photo montage by Visual Content
Frustration photo by Peter Alfred Hess