If you haven’t already, the first, best, and fastest way to protect yourself from the Equifax data breach is to place a security freeze on your credit files at the big three credit reporting bureaus.
Consumers should apply the freeze to Equifax, and also to Experian, and TransUnion. For extra security, you can apply a freeze to a fourth, lesser-known consumer reporting agency, Innovis.
You can do this by contacting each bureau either through their website or through the customer service number. There may be a fee for placing the freeze.
Equifax stated it would not charge for credit freezes for those affected by the breach.
The massive data breach involves the potential compromise of the personal data of 143 million consumers, including names, addresses, Social Security numbers, and birth dates.
Equifax said in a news release that it was fixing its website so customers could more easily determine if their information had been compromised. The release also specified that the binding arbitration clause and class-action waiver were only applicable to the credit monitoring services, and did not apply to the data breach. Equifax later dropped the restrictions for the free credit-monitoring service as well, claiming that customers who sign up because of the data breach are not subject to the clause and would not be prevented from joining class action suits.
Many details about the data breach are still unclear, but the potential consequences for consumers are severe.
In addition to the credit freeze, there are four more steps to put an iron wall around your money.
Activate Two-Factor Authentication
In today’s world of digital crime and internet fraud, two-factor authentication is an important extra layer of safety. It requires not just a password but a second element, such as a code texted to your smart phone, which you have but a crook can’t easily get. Set up and activate two-factor authentication on all of your existing mobile banking, savings, credit card, home equity line of credit, and other financial accounts that offer it.
Maximize Your Mutual Fund Security
Although the Securities and Exchange Commission requires mutual funds companies to identify, detect, and respond to red flags of identity theft, unlike FDIC-insured banks and NCUA-insured credit unions, these investment firms aren’t required to restore assets stolen by hackers.
You should call your 401(k) plan provider and other investment managers to learn their fraud protection policies, as they can vary from company to company. If your investment company doesn’t explicitly reimburse stolen funds, consider moving your money elsewhere.
Place a Fraud Alert on Credit Reports
A fraud alert is different from a credit freeze. The fraud alert is a notice on your credit report that warns both current and prospective lenders that they must take reasonable steps to verify your identity before granting credit, such as a new credit card or loan, or extending credit on an existing account.
You need to request a fraud alert at one of the big three credit bureaus, which will then pass it on to the other two, and separately place another alert with Innovis. An alert lasts 90 days. If you’re an ID-theft victim, you can get a fraud alert that stays in place for seven years. But you may be better off with the 90-day alert, because that allows you to get a free credit report from each of the four credit bureaus each time you renew the alert, which means you can get up to 16 free reports per year.
Secure Your Smartphone + Email
How you manage your smartphone and email accounts can be critical to your online security. Your phone is where all your second-factor text message codes are sent and where your mobile banking and other money apps live. Email is where your financial institutions send alerts and password reset links.
Here’s how you can make your phone and email harder targets:
- Activate two-factor authentication on your email account. When you log into your email on an unfamiliar computer or phone, you’ll get a text with the necessary code to complete login. A hacker would need that code, too, but can’t get it without your phone. Better yet, download an authenticator app such as Google Authenticator or Microsoft Authenticator, which generates these codes without the need for texts, which can be intercepted.
- Use a password management app such as LastPass on your computer’s browser and on your phone. LastPass creates and plugs different passwords into each of your accounts when you log in, so you don’t have to invent and keep track of dozens of passwords. This eliminates the temptation of using the same password for multiple accounts, which can provide a master key for hackers.
- Never click unsolicited, unexpected, or suspicious-looking links sent to you by email or text. They could download malware capable of spying on your phone or personal computer activity.
- Follow other security tips for your phone’s specific operating system using the FCC Smartphone Security Checker, a customizable interactive tool.
Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! Learn more about safeguarding your identity with our consumer identity theft protection guide.
Article Source: Jeff Blyskal for Consumer Reports