A Credit Freeze Won’t Help With All Equifax Breach Threats

If you’ve placed a security freeze on your credit reports at Equifax, Experian, TransUnion, and Innovis, that will help prevent fraudsters from opening new credit accounts in your name.

Freezing your credit report specifically at Equifax will also prevent crooks from registering as you at the government website “my Social Security,” and block them from attempting to steal your Social Security benefits. *Note: Setting up a credit freeze with Equifax will stop identity thieves from setting up a “my Social Security” account in your name.

But taking these steps won’t protect you against every identity fraud threat arising from the Equifax data breach.

With the information that hackers got, including access to Social Security numbers, birth dates, and an unspecified amount of driver’s license numbers, you need to take other steps to help lock down your finances.

Here are three important ways you can protect yourself.

Tax Refunds

With your Social Security number, crooks can file false income tax returns in your name, take bogus deductions, and steal the resulting refund. More than 14,000 fraudulent 2016 tax returns, with $92 million in unwarranted refunds, were detected and stopped by the Internal Revenue Service as of last March.

Though you are generally not liable for such fraud, if a criminal manages to change your tax records and receive your refund, it can take months to straighten out the mess.

How to protect yourself. The best defense is to obtain an Identity Protection PIN from the IRS, which is a code that must be filed with your legitimate return for it to be accepted. An identity thief can’t file the fraudulent return without your PIN.

But you can get a PIN only if a fraudulent return has previously been filed in your name, if the IRS determines that you’re an ID fraud victim, or if you live in a high tax-related identity theft locale such as Washington, D.C.; Florida; or Georgia.

The IRS did not yet say whether those affected by the Equifax breach would qualify for a PIN.

Andrew Mattson, a tax partner at the Moss Adams tax firm in Silicon Valley, recommends that taxpayers who don’t officially qualify for a PIN request one anyway, by filing a Form 14039, Identity Theft Affidavit (PDF). “Even if the IRS says no, your account will generally be flagged for additional monitoring for suspicious activity,” he says.

Mattson also recommends that you periodically view your IRS account information, which shows when returns were filed and which refund payments were made. Activity there—if it’s not yours—can be a sign of fraud. The balance updates every 24 hours, usually overnight, but there is a one- to three-week lag in the time it takes for refund payments to show up.

If you suspect fraud, contact your local IRS office using the Taxpayer Assistance Center Office Locator.

Health Insurance

Data from the Equifax breach can be used to steal your benefits from private health insurance, Medicare, or Medicaid when the identity thief uses your coverage to pay for their own medical treatment and prescriptions.

Many health insurers have internal special investigation units and anti‐fraud personnel to root out medical identity fraud, and if suspicious activity is detected, they’ll send email alerts to the policyholder, says Cathryn Donaldson, a spokeswoman for America’s Health Insurance Plans, the trade association of health insurers.

How to protect yourself. Get copies of your medical records from providers to establish the baseline of your health before your records are compromised. Increasingly, online patient portals make this easy to do. Check back regularly to see whether providers you didn’t use are listed and whether you’ve been charged for treatments you never received.

In addition, review your free annual MIB Consumer File, which contains medical and personal information about you reported by health, life, disability, and other member insurers. Do the same for your Milliman Intelliscript report, which tracks your history of prescription drug purchases.

The Federal Trade Commission also says consumers should ask each of their health plans and medical providers for the “accounting of disclosures” related to their medical records. That tells who got copies of your records from the provider. The law allows you to order one free copy from each medical provider every year.

If available, sign up for your insurer’s secure online portal, and regularly review the explanation of benefits, which shows which treatments you received when and from which providers. While there, sign up for fraud alerts via email or text message, which will keep you apprised of benefit payments.

Regularly review your credit report for medical collection accounts that don’t belong to you.

Your Driver’s License

Using your driver’s license number, identity thieves can create bogus driver’s licenses and hang their moving violations on you. With more work and information from phishing or further hacking, identity thieves can create bogus checks to pay a cashier, who “verifies” the shopper’s identity by writing your license number on the bad check.

If this happens to you, you may not discover how your license has been used until a police officer tells you, or perhaps, until a bank closes your account because of too many bounced checks.

How to protect yourself. Ask the motor vehicle department to give you a copy of your driving record; most states charge for this, usually about $10. To find out whether any bad checks are attributed to your driver’s license, request your free annual consumer report from each of the big three check verification companies: ChexSystems, Certegy, and TeleCheck.

If you find that your driver’s license is being used fraudulently, you can file a police report at your local police department and ask the motor vehicle department to flag your license number, which will alert law enforcement officers to be extra careful in identifying people they pull over with your license number. You should also request a new driver’s license number.

If you’re arrested or find criminal charges on your record, go to the Identity Theft Resource Center for advice on clearing criminal identity theft; if you find fraudulent checks on your record, follow the ITRC for advice on resolving checking account fraud. You can also call 888-400-5530 for free assistance.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from SherpaThe best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! Learn more about safeguarding your identity with our consumer identity theft protection guide.

Article Source: Jeff Blyskal for Consumer Reports

 

How to Protect Your Money After the Equifax Data Breach

If you haven’t already, the first, best, and fastest way to protect yourself from the Equifax data breach is to place a security freeze on your credit files at the big three credit reporting bureaus.

Consumers should apply the freeze to Equifax, and also to Experian, and TransUnion. For extra security, you can apply a freeze to a fourth, lesser-known consumer reporting agency, Innovis.

You can do this by contacting each bureau either through their website or through the customer service number. There may be a fee for placing the freeze.

Equifax stated it would not charge for credit freezes for those affected by the breach.

The massive data breach involves the potential compromise of the personal data of 143 million consumers, including names, addresses, Social Security numbers, and birth dates.

Equifax said in a news release that it was fixing its website so customers could more easily determine if their information had been compromised. The release also specified that the binding arbitration clause and class-action waiver were only applicable to the credit monitoring services, and did not apply to the data breach. Equifax later dropped the restrictions for the free credit-monitoring service as well, claiming that customers who sign up because of the data breach are not subject to the clause and would not be prevented from joining class action suits.

Many details about the data breach are still unclear, but the potential consequences for consumers are severe.

In addition to the credit freeze, there are four more steps to put an iron wall around your money.

Activate Two-Factor Authentication

In today’s world of digital crime and internet fraud, two-factor authentication is an important extra layer of safety. It requires not just a password but a second element, such as a code texted to your smart phone, which you have but a crook can’t easily get. Set up and activate two-factor authentication on all of your existing mobile banking, savings, credit card, home equity line of credit, and other financial accounts that offer it.

Maximize Your Mutual Fund Security

Although the Securities and Exchange Commission requires mutual funds companies to identify, detect, and respond to red flags of identity theft, unlike FDIC-insured banks and NCUA-insured credit unions, these investment firms aren’t required to restore assets stolen by hackers.

You should call your 401(k) plan provider and other investment managers to learn their fraud protection policies, as they can vary from company to company. If your investment company doesn’t explicitly reimburse stolen funds, consider moving your money elsewhere.

Place a Fraud Alert on Credit Reports

A fraud alert is different from a credit freeze. The fraud alert is a notice on your credit report that warns both current and prospective lenders that they must take reasonable steps to verify your identity before granting credit, such as a new credit card or loan, or extending credit on an existing account.

You need to request a fraud alert at one of the big three credit bureaus, which will then pass it on to the other two, and separately place another alert with Innovis. An alert lasts 90 days. If you’re an ID-theft victim, you can get a fraud alert that stays in place for seven years. But you may be better off with the 90-day alert, because that allows you to get a free credit report from each of the four credit bureaus each time you renew the alert, which means you can get up to 16 free reports per year.

Secure Your Smartphone + Email

How you manage your smartphone and email accounts can be critical to your online security. Your phone is where all your second-factor text message codes are sent and where your mobile banking and other money apps live. Email is where your financial institutions send alerts and password reset links.

Here’s how you can make your phone and email harder targets:

  • Activate two-factor authentication on your email account. When you log into your email on an unfamiliar computer or phone, you’ll get a text with the necessary code to complete login. A hacker would need that code, too, but can’t get it without your phone. Better yet, download an authenticator app such as Google Authenticator or Microsoft Authenticator, which generates these codes without the need for texts, which can be intercepted.
  • Use a password management app such as LastPass on your computer’s browser and on your phone. LastPass creates and plugs different passwords into each of your accounts when you log in, so you don’t have to invent and keep track of dozens of passwords. This eliminates the temptation of using the same password for multiple accounts, which can provide a master key for hackers.
  • Never click unsolicited, unexpected, or suspicious-looking links sent to you by email or text. They could download malware capable of spying on your phone or personal computer activity.
  • Follow other security tips for your phone’s specific operating system using the FCC Smartphone Security Checker, a customizable interactive tool.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from SherpaThe best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! Learn more about safeguarding your identity with our consumer identity theft protection guide.

Article Source:  Jeff Blyskal for Consumer Reports

Important Member Alert: Equifax Data Breach

On September 7, 2017 Equifax disclosed that they discovered a data breach on July 29, 2017 and it may have impacted 143 million consumers in the United States. Equifax is one of the 3 main organizations in the U.S. that calculates credit scores, so it has access to an extraordinary amount of personal and financial data for virtually every American adult.

The company stated that hackers accessed data between mid-May and July through a vulnerability in a web application. They were able to obtain names, Social Security Numbers, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers.  Additionally 182,000 “dispute documents” containing personal identifying data were compromised in the breach. They have not indicated who is behind the breach and the investigation is ongoing. Equifax is maintaining that its core credit reporting databases were unaffected.

The reason why this data breach is so severe is because nearly half of the U.S. population has been impacted and most likely will feel the impact of the breach for years to come, especially when it comes to information that does not change, i.e. your Social Security Number.

Equifax has established a dedicated website, www.equifaxsecurity2017.com – to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information.

Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern standard time. In addition to the website, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.

Additional information on the data breach can be found here. To see if you may have been impacted, get started here.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! Learn more about safeguarding your identity with our consumer identity theft protection guide.

Enroll your First Financial Debit/Credit Cards in Visa Purchase Alerts – you’ll get an email each time your Debit Card is used over an amount you set, when your card is used outside the country, or when your card is used to make a purchase online or over the phone. Credit Cardholders also have the additional option of adding a text alert, this can be set-up in Online Banking under your Credit Card account (select the Communications tab and then Visa Transaction Alerts).

As always, First Financial monitors our member accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 732.312.1500 or email us at info@firstffcu.com.

*9/11/17 Update – Please be advised that should you elect to sign up for Equifax’s one year of credit monitoring, you may be giving up your right to sue the company for the incident, and you could be prevented from joining a class-action lawsuit.

The language was laid out in the original terms of service by Equifax:

AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

On 9/11/17 Equifax provided an update on their website to state: 

Adjusted the TrustedID Premier and Clarified Equifax.com
“We’ve added an FAQ to our website to confirm that enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. 
We are listening to issues consumers have experienced and their suggestions. These are helping to further inform our actions, and we are now sharing regular updates on this website. Thank you for your continued patience and feedback as we continue to improve this process.”

Article source: https://www.cnbc.com/2017/09/08/were-you-affected-by-the-equifax-data-breach-one-click-could-cost-you-your-rights-in-court.html