Our Thoughts on the Equifax Hack
We’ve received several inquiries from clients who are asking basically the same set of questions:
- Am I at risk after the Equifax hack?
- What can I do to protect my finances following the breach?
What Happened
In short, hackers broke into Equifax’s credit database sometime in May. The hack was discovered in July, but wasn’t made public until early September. It’s estimated that 143 million records have been accessed by the hackers, or roughly 44% of the adult population of the United States (Canada and some other countries, too).
Although unimaginable, this breach is far more serious than when retailers like Target or Home Depot are hacked. In those cases, thieves might get a credit card number, name and address, but likely little else. With the Equifax hack they have likely stolen Social Security numbers, past address information, account histories, etc.
What Can You Do About It?
- Equifax has created a dedicated website that provides more information about the breach and a tool to determine if a consumer has potentially been affected (www.equifaxsecurity2017.com). For more information, we recommend reviewing the tools and information at this site. Equifax is also offering one year of free credit monitoring for those who’ve been affected by the breach, and it’s definitely worth considering. There has been some concern that taking them up on the offer may limit your ability to join the many lawsuits that have been filed (and are expected to be filed), but you can always pay for a separate service independently, too.
- If you don’t want to pay for a service, you can still check your credit report for free at www.annualcreditreport.com. Each of the three credit reporting companies (Equifax, Transunion and Experian) are all required to provide you with one free look at your report every year. You can thus pull a report from each every four months to keep on top of the financial accounts linked to your Social Security number.
- You should strongly consider placing a freeze on your credit. This makes it very difficult for others to access your credit report without your express authorization. It may cost a nominal fee to place or lift the freeze, even temporarily, and it can make applying for new credit like auto loans or new credit cards somewhat cumbersome. But it is also the strongest protection for your financial information available today.
- If a freeze is a bit too drastic, you can place a fraud alert on your credit record with each of the credit companies. This will remain in effect for 90 days, and is often free. This will trigger a notice to you any time someone tries to open new credit in your name, though it can be somewhat involved to remove the alert. Each of the companies has instructions for how to do this on their websites.
- You should always monitor your credit card and bank statements, but now be especially vigilant for charges that you don’t recognize.
- One final step you can take is to review your passwords. If you had an account with Equifax (beyond your credit file), change the password on that account, and any other website where you used the same password. The second step would be review your existing passwords to make sure they’re up to current standards. The best practice for a complex password these days is:
a) a long phrase that you can remember easily,
b) something that combines numbers and letters
c) for example “1 forgot my Password”
Learn more about creating strong passwords in our blog post: Internet and Password Security.
For either a Freeze or a Fraud Alert, contact:
- Equifax – 800-349-9960
- Experian – 888-397-3742
- TransUnion – 888-909-8872
What About Your Investments?
After the Equifax hack and any time something like this happens, it’s natural to worry about your investments. Banks accounts are guaranteed by the Federal Deposit Insurance Corporation (FDIC), but what about brokerage accounts? The short answer is that the Securities Investor Protection Corporation (SIPC) offers some protection against fraudulent removal of investments, but it is limited. Most institutions (including Schwab) offer additional insurance as well.
Still, clients who are concerned about unauthorized access to their accounts can contact Schwab to place additional security measures on their accounts. These include:
- Voice recognition for phone calls. Beyond a simple numerical PIN or passcode, Schwab has begun to use voice recognition systems to verify the identity of those attempting to access Schwab accounts by phone. This is far more secure than asking questions like “what street did you grow up on” or “Mother’s maiden name”.
- We strongly recommend that clients use Schwab’s Two Factor Authentication (security token) system that adds an additional layer of security to their password. Whether you choose a key fob (like a remote car key) or a smart phone application, either will significantly enhance the security of your brokerage accounts since you can’t access your accounts without the special number generator.
For a bit more reading on tips to protect your identity online, see our blog articles: https://www.bfadvisors.com/blog/category/securitysafety/
The suggestions above are intended to help you to understand that you have options available to you to thwart the efforts of these hackers, to protect your assets and to provide you some peace of mind. As always, we’re available to our clients if you’d like to discuss the security of your finances and your investments, or to help you pick and choose the response that will work best for you. Please give us a call if you have any questions.