The news cycle on all of this has settled down finally, so I feel like I can determine some coherent recommendations of what to do. That’s different from what we need to do nationally (stop treating the SSN as a secret password and unique identifier, for one), but that’s a different kettle of fish.
In sum, given that 140-odd million American consumers (and some Brits and Canadians) have had their personal identification information stolen (name, address, birth date, Social Security Number, some Drivers Licenses, etc.), and companies are still treating those values as a way to identify who you are, you need to take steps to protect yourself.
1. Put a lock / freeze on your credit record at each of the major credit organizations. That will prevent new credit accounts and loans from being opened up in your name. It will also keep you from opening up new accounts, so take care of that first, and safely secure the PIN you get back from them.
This costs money (not a lot, but still …) each time you put it on or left it off.
Note that it takes a few days to lift a hold/freeze, so if you are going in for a car loan or home loan or something, you’ll need to lift it in advance (find out from the loaning company which agency they use).
2. Consensus seems to be to ignore the “credit monitoring” service that Equifax is offering (for now) for free, and that the other companies will charge for.
3. Keep an eye on your bills and statements for the next … well, forever. Remember, the info that was stolen isn’t going stale, and can be used against you this year, next year, or for decades to come (until the costs to banks and these credit agencies gets so high that someone comes up with another way to validate identity).
4. Periodically monitor your credit report to see if something is wonky there. Again, this is now a life-long responsibility. You can usually get a free copy once a year, so you can spread that out between the different firms and check it quarterly.
5. Because in theory someone with your name and SSN could file federal taxes for you and claim a big refund that they coincidentally forward to a new address, it’s recommended that you file your taxes quarterly or as soon as possible each year. Again, this is now a perpetual threat.
Here’s some run reading.
- Best summary articles I found on the breach, with advice.
- The CIO and CSO of Equifax have “retired” immediately.
- Watch out for being scammed after the breach.
- How to put in a credit record / security freeze.
- Reiterating the advice to not bother with credit monitoring.
- States are urging Equifax to stop marketing the credit monitoring product (TrustedID) they are offering to customers for free (for a year). (Also recommends against taking the Equifax TrustedID program.)
- Bills have been introduced in Congress to make credit record freezes free.
- Oh, in passing, yet two more insanely bad Equifax security problem.
Thank you posting this.
I ended up sharing this on Facebook with credit to you. It is easier than answering the same questions over and over. Thanks Dave
+Paul Gatling Honestly, I just kept a bunch of tabs open as I found coherent-sounding stuff, because there was so much Muppet-hand-waving and conflicting info out there. I'm glad it was to help to others as I hope it will be for myself. 🙂
I found myself in a similar perdicament. There was that breech in their Argentenian branch too, which was a totally seperate event that many people were confusing with the US breech. I'm still in shock of how amateurish this has all been dealt with. I hope SSNs as credit identifyers goes away.
+Paul Gatling The Argentina one is mentioned in the last couple of links I posted.
But, yes, SSN as userid and password needs to be replaced.