I sit in a pretty unique seat: I’m a trusted advisor to thousands of present and past clients. That means that I have had a parade of emails and phone calls about what to do in the wake of the Equifax data breach. I’m also a consumer with 45+ years of credit history, which makes it highly likely that I am among the one hundred forty-three million (words don’t do that number justice: let’s make that 143,000,000) folks whose data was snagged. Last, it’s even more important to me because mortgage loan originators are held to a very strict credit standard, so I am deeply sensitized to the potential havoc that identity theft can wreak.
So that put me on the hunt for some answers. What should I tell my clients? What should I do for myself?
I’d already had the benefit of another author’s advice on this topic which went: “Bypass the first four stages of grief and go directly to acceptance.” That’s true. I don’t have time in my life to wring my hands or shout about how Equifax should be locked up for allowing this to happen (it WILL be an interesting sideshow watching Congress and the courts as they chew them up for years to come…).
What I Did
I went, somewhat skeptically, to the Equifax website to see what they were saying. I found their description of what transpired as a “Cybersecurity incident” somewhat off-putting (after all, we don’t call a robbery a “Wallet transfer incident”) and I frankly don’t appreciate the spin-masters’ attempt at sanitizing this foul event. Having heard initially that registering on their site came with the involuntary agreement to accept binding arbitration over civil litigation, I was reluctant to provide my information.
I subsequently learned that Equifax relented on this provision and that eased my concerns sufficiently to proceed. The process of registering was seamless and took only minutes to complete. The initial screening came back with another spin: “We believe that your personal information may have been impacted by this incident.” (It seems to me that it’s binary: the bad guys got my info or they didn’t so why waffle?)
After a secondary confirmation email that took 24-hours to arrive, I was able to enter their site and access several useful resources. These included a copy of my Equifax credit report (no surprises), a Social Security number database screening tool that surveyed “suspicious” websites for my info (there were none), and information on freezing my credit profile (I haven’t… yet).
What I Think You Should Do
Accept that it happened and assume that you, too, are one of the people whose information has been compromised.
Don’t wait. Take some fairly easy steps to help ensure that your credit is being monitored and to learn whether anyone has attempted to open new credit in your name.
Make 3 entries in your calendar now. You’ll want to pull a free copy of your credit report from one of the credit bureaus (on a rotating basis) every 4-months to keep an eye on any changes.
Only freeze your credit if you are prepared to deal with the consequences (unfreezing if you plan on applying for any new loan, credit card, mortgage, etc).
Be vigilant. Be on the watch for phone or email scams. Change your passwords NOW, and then make it a habit to change them periodically (maybe on the same schedule that you pull your free credit report?). Set-up alerts on your credit card accounts so that you know when there’s activity. Set-up a PIN with your cellphone service provider to prevent someone from adding a line without your knowledge.
Some Useful Links
Register with Equifax here: https://www.equifaxsecurity2017.com/
Obtain a Free copy of your credit report here: https://www.annualcreditreport.com
Freeze your credit here:
- Equifax: (800) 685-1111 or https://www.freeze.equifax.com/
- Experian: (888) 397-3742 or https://www.experian.com/ncaconline/freeze
- TransUnion: (888) 909-8872 or https://freeze.transunion.com/
Learn more about protecting your privacy and credit here: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs