Thursday, September 14, 2017

Dealing with the Equifax security breach [UPDATE] [UPDATE 2] [UPDATE 3]

As you probably heard, the credit reporting company Equifax suffered a massive security breach a couple of months ago, and only brought this to the public's attention last week.

The data exposed in the hack includes names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. The hackers also accessed credit card numbers for 209,000 US consumers and dispute documents with personal identifying information for about 182,000 US people. Limited personal information for an unknown number of Canadian and UK residents was also exposed. Equifax—which also provides credit monitoring services for people whose personal information is exposed—said the unauthorized access occurred from mid-May through July. Equifax officials discovered the hack on July 29.

Yes, it's as bad as you can imagine.

This is going to take forever to get sorted out. In the meantime, I thought I'd pass along this post on Lifehacker, which has some sound advice.

I'll add a minor suggestion to the above. It occurs to me that many banks and credit card companies now offer free FICO scores to their customers. Two of mine do, and they are both updated monthly, using different methodologies. In my experience, these numbers are sensitive to recent activity; e.g., one big car repair bill that I paid with a credit card knocked my score down quite a bit, even though I paid it in full that same billing cycle, because one of the factors affecting your FICO score is the amount of unsecured credit you're using at the moment the calculation is run. The point here is that keeping an eye on these numbers is easy to do, and they could provide an early signal to you that something to do with your credit history is worth more in-depth investigation.

Please share other ideas in the comments. Thanks.

[Added] I decided to check Equifax's TrustedID site, as mentioned in the Lifehacker article. It indicated that my info had likely been compromised. I then decided to sign up for Equifax's TrustedID Premier service. This, according to Equifax, is intended "To help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. TrustedID Premier includes five separate offerings, all complimentary." Details (not the sign-up page) here.

I got this after completing the form:


I did not have to give any credit card info. I haven't gotten the confirmation email yet. I'll let you know how it goes.

[Update 2017-09-21 11:34] Still haven't heard from Equifax. Meanwhile, here's some advice on how to write a letter to a bank or credit reporting agency, if you notice a problem on one of your credit reports.

[Update2 2017-09-22 12:58] Finally got an email from Equifax, with instructions about completing enrollment in TrustedID Premier. Followed the link in the email, got to a page asking me my date of birth, which I entered. Clicked "Continue." After a long wait, looking at the spinner, nothing happened. Clicked "Continue" again. Got a new page launched in a new tab, which was nothing but blank for a long while. Finally got a message from my browser that the page was not secure. Clicked the button to try again. Same failure. Closed that tab, went back to the previous one, clicked "Continue" again. This time, got a new page in a new tab that said, more or less, "Our records indicate that you have already enrolled. Click here to login." Did that, got same untrusted connection message. After reloading, eventually got to a login prompt. Which is hilarious, because there never was a point during the sign-up process where I chose a password. Clicked "forgot password." After several minutes, got an email with a link to follow to "reset" password. Again with the insecure page error, repeated reloads. Finally got to submit a new password, success, and was asked to login. Again with the insecure page errors. Finally got logged in, got a series of challenge questions involving my credit history and other personal info, answered those, clicked "continue," and ... stop me if you've heard this one before, got another untrusted page error. Eventually got a properly loading page, which said I was confirmed as me, and I was invited to login to my "product." Still looking at a fresh untrusted page error. It is now 25 minutes since I began this process.

[Update3 2017-09-22 13:30] Finally got logged in, after many untrusted page warnings. Message on screen:

Status: Enrollment processing

Please allow up to 48 hours to process your enrollment, at which time you will have the ability to lock or unlock your Equifax credit file.

I was, however, able to access my Equifax credit report. However, the "Print your report" link does not work. (I was able to use the browser's print function, though. Even though just a single page displays on the screen, the full report got printed.)

By the way, here are a couple more links (link1, link2) to articles suggesting how to deal with this breach. Both of them advise freezing your credit immediately, and provide some other useful thoughts.

No comments:

ShareThis