By now, you’ve learned that up to 143 million people in the United States have had their private information stolen through a data breach at Equifax, a national credit reporting agency. What is new and most concerning about this breach is that Equifax is one of the few companies we entrust with our most sensitive financial data.

What was stolen?

Per the Federal Trade Commission, “The hackers accessed names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personally identifiable information for about 182,000 people.”

How do you protect yourself?

If you’ve already enrolled in an identity theft and credit monitoring service, then you have the necessary coverage and don’t need to do anything further.

If you aren’t using such a service, take the following steps:

  1. Visit Equifax’s website:
  2. To find out if your information has been exposed, click on the “Potential Impact” tab, and enter your last name and last six digits of your Social Security number.
  3. US consumers receive free credit monitoring for a year whether or not your information was exposed during the breach. You’ll be given a date to return to this exact website to enroll in their service. The free enrollment period ends on November 21, 2017.

Note: Equifax removed the clause in the terms of service whereby signing up for the free credit monitoring service would prevent the user from joining any related class-action lawsuits.

Other ways to protect yourself

  • Credit freeze – Placing a credit freeze makes it impossible for anyone to make a new request for your credit report, making it very difficult for a thief to open a new account in your name. Existing creditors still have access to your report and you will still need to monitor the activity on any existing accounts. Keep in mind that it may be a hassle to remove the credit freeze when you want to open a new account.
  • Fraud alert – This requires creditors to verify your identity before accessing your credit. A fraud alert doesn’t prevent someone from opening a new account, however it does require institutions to take extra steps to verify your identity first.
  • Monitor existing accounts – If you don’t already, begin monitoring your bank accounts and credit cards on a regular basis to see if there is any unusual activity. You can set up email alerts on most accounts to notify you of purchases or transfers above certain thresholds.
  • Add a code-word to financial accounts – You can request that your financial account providers add a code-word to be used in lieu of (or addition to) verifying social security and birthdate when you call in to access your accounts.
  • Check your credit report – You should check your credit report on a regular basis to see if anything is incorrect. You can check your credit report for free once each year at each of the three major credit bureaus through sites like I recommend spreading them out, checking one bureau every four months or so to give you a more frequent look at your credit, at no cost. If you’re married, take turns with your spouse to check throughout the year. The process to get your credit report takes less than five minutes.

Be on high alert for

Fraudulent calls – Now that criminals have relevant information about you, they may try to contact you by phone to gather more information and even ask for money. They’ll do things like ask for confirmation of debit and credit card numbers, bank accounts, etc.

In the aftermath of this breach, imposters have called consumers claiming to be representatives from Equifax reaching out to enroll people in their credit monitoring service. During the call, the imposters collect your personal account information to exploit later.

Recommendation: Don’t provide account information over the phone as no legitimate provider will confirm this information with you by phone. Hang up and call your provider at their listed business number to check if there are any problems and report the fraudulent call.

Equifax has stated they will contact all affected individuals by mail, not email or phone.

Spear-phishing – Ever receive an email that looked identical to one sent by a legitimate company you use for shopping or banking services? Fraudsters are getting better and better at customizing those emails to trick you into clicking links to enter payment or login information.

Recommendation: Instead of clicking an email prompt to login to an account, go directly to the company’s website and enter the information there. You can also contact the company directly to confirm the information.

Tax-fraud – Identity theft creates a lot of problems around tax time as an imposter may have filed your tax return before you and received a refund. When you submit your actual tax return, it will be denied and then you must deal with fixing the problem.

Recommendation: File your taxes promptly once you have the necessary information. If you determine that someone filed a fraudulent tax return under your name, do the following:

  • File a police report.
  • File a fraud report with the FTC by calling their identity theft hotline 877-438-4338.
  • Complete IRS form 14039, the Identity Theft Affidavit. Contact the IRS Identity Protection Unit at 800-908-4490 if you don’t hear from the IRS promptly.

The IRS requires that you input your last year’s adjusted gross income (AGI) prior to permitting the submission of your tax return. Try to keep your AGI and other tax related information private, as that will serve as another line of defense.

So, what’s the new normal? Identity theft is a very real threat and your personal information has more than likely been exposed through one of many breaches in recent years. It’s fair to assume that much of your personal information is no longer confidential. Identity theft protection should be taken seriously and be considered a mandatory coverage for households, just like home and auto insurance.

We suggest contacting your advisor for additional guidance on how best to protect yourself from identity theft.