Centre Technologies Tips on Equifax Breach

Just how serious is the Equifax breach that was reported last week? Well considering that recent reports are stating that the data exposed contained Social Security Numbers, First and Last Names, Dates of Birth, Home Addresses for current and past residences, Your Children’s Names, Driver’s License Information, Credit Card and Bank Account Numbers, all identifying information that is routinely used for confirming your identity, many experts agree in stating that this is perhaps the most serious breach ever. Why?

It may not be the largest, but because the information exposed is used to confirm your identity, what is to stop some thief from calling your bank and requesting an account reset because he cannot remember his user name or password? Just think about the verifying questions the person on the other end of the line will ask:

• What are the last 4 digits of your SSN?
• What is your Last Name, First Name?
• What is your Date of Birth?
• What is your Home Address?

But what about the above scenario? These tips can also protect you if you take steps to change your passwords and bank account numbers now before someone acts with your stolen information. Security is not always expensive and can be cost effective if the right controls are applied to protect you where your risk is the greatest. Read the below tips, use your best judgment and please let us know if we can help you identify, assess and minimize your risk.

1. Consider signing up for Credit Karma’s free Credit Monitoring Service as it is not limited to 12 months like Equifax. It is an honest and free service that gets paid on the back-end by banks and lenders and they state so on their website. So be aware that they will offer you other financial products or tools, but you do not have to buy them.
2. Freeze your Credit and Score through each of the 3 Credit Bureaus. This will not affect any current lines of credit you already have and will not lower your score but will prevent any new lines of credit without your approval. Each Credit Bureau will provide you with a PIN Number which only you can use to unfreeze your credit when you want to take out a new loan.

A small fee may also be required to do this paid to each Credit Bureau. Keep the PIN in a safe place for when you do need it in the future. Fees from each Bureau should not exceed $15.

Consumers Union has State-by-State Listings of Freeze and Unfreeze Laws and Fees. Consumers Union is part of the Consumer Reports.org, a non-profit corporation, who has been around as a consumer advocacy group since 1936.

http://consumersunion.org/pdf/security/securityTX.pdf

http://consumersunion.org/wp-content/uploads/2007/11/Things-to-Consider-When-Deciding-Whether-to-Place-a-Security-Freeze-2.pdf

Once you place a Freeze on your file, you may not be able to sign up for Credit Monitoring, so do it before you activate the Freeze if you are going to sign up for monitoring.

3. Be aware that a Freeze will not prevent all types of Identity Theft, like Tax Refund, Health Insurance, Credit Card or Bank Fraud. These are still possible when the thieves know your SSN…and with the Equifax Breach, they now know much more.

4. Be aware that while freezing and un-freezing your credit file with the bureaus is annoying and will cost you a little money. It is still cheaper than long term credit monitoring for a fee. Use your own judgment on this.

5. If you choose to file a Fraud Alert, offered by some of the credit bureaus as a free service, instead of a Freeze which may cost you a few dollars, it will only stay in effect for 12 months and Lenders and Service Providers are not legally bound to honor the Fraud Alert on your file if they wish not to. Read more about this topic at the Federal Trade Commission website, https://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes

6.Consider signing up with ChexSystems Consumer Assistance, a specialty consumer reporting agency created by the Fair Credit Reporting Act of 2012 for victims of Identity theft. ChexSystems allows you to get the same report used by around 80% of banks which can provide insight as to why a bank denied you credit or open a checking account.

https://www.chexsystems.com/web/chexsystems/consumerdebit/page/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziDRxdHA1Ngg183AP83QwcXX39LIJDfYwM3M30wwkpiAJJ4wCOBkD9URAlMBP8PUKMgCa4-rgbG3kbugeaoCtAs8LAHKYAtyUFuREGmZ6OigAWLRKn/dz/d5/L2dBISEvZ0FBIS9nQSEh/

7.Ask each of your Credit Card companies for a new number/new card

8.Change all of your Online Bank Account Passwords now. Get and use Multi-Factor Authentication (MFA).

9.Increase your level of Phishing Awareness and Social Engineering Scams. Centre offers services and tools that can help you with this.

10.Don’t use the same password on multiple accounts and never reuse older passwords. As major breaches occur, the information stolen is collected in databases that are sold on the Black Market on the TOR Network. Go to Troy Hunt’s website, Have I been Pwned? https://haveibeenpwned.com/ to see if your information is on one of his lists containing hundreds of millions of stolen email accounts and passwords. Be aware that these lists represent only a sample of what is already out there for sale

11.Change your password to a passphrase and use at least 12 characters.

12.Use a service like KeePass or other similar utility of your choice to securely vault your passwords.

13.Consider Opting Out permanently from receiving offers of New Credit and Insurance sent via US Mail as this is an area that is ripe for Identity Thieves. Especially now that they are armed with all of the Equifax information. Go to https://www.optoutprescreen.com/?rf=t for the opt out pre-screen process.

14. Have a discussion with your Bank or Credit Card Companies who are still asking for parts of your SSN to verify your identity. You may not have any success convincing them to change their operating procedures, so you might have to consider banking somewhere else that takes security more seriously. You have to assume this data is already out there for sale to the highest bidder on the TOR Network. This breach must change the way all companies verify identity from here forward.

15.Periodically check your Credit Report at the government authorized https://www.annualcreditreport.com/index.action

Each of the 3 Credit Bureaus are required by law to provide a Free Report each year.

16.Have Centre re-evaluate your anti-phishing, anti-social engineering controls and all current security controls. Not all controls are expensive, and we might be able to improve your risk posture with minimal cost. Let us help you locate, evaluate and recommend the most cost effective controls to protect your critical assets at each of the cybersecurity defensive layers.

The following three paragraphs are from Clark Howard’s Credit Freeze Guide: The best way to protect yourself against identity theft posted on 9/11/2017. http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/

EQUIFAX CREDIT FREEZE – [Equifax Website]

• Credit freezes may be done online or by certified mail – return receipt requested.
• Check your state’s listing for the exact cost of your credit freeze and to see if there is a reduction in cost if you are a senior citizen.
• Request your credit freeze by certified mail using this sample letter. Please note the attachments you must include.
• If your PIN is late arriving, call 1-888-298-0045. They will ask you for some ID and arrange for your PIN to be sent to you in 4-7 days.
• Unfreeze: Do a temporary thaw of your Equifax credit freeze by snail mail, online or by calling 1-800-685-1111 (N.Y. residents dial 1-800-349-9960).
• Info on freezing a child’s credit with Equifax can be found here.
• If requesting a freeze by mail, use the following address:
• Equifax Security Freeze
  P.O. Box 105788
  Atlanta, GA. 30348

EXPERIAN CREDIT FREEZE – [Experian Website]

• Credit freezes may be done online; by certified mail – return receipt requested; or by calling 1-888-EXPERIAN (1-888-397-3742). When calling, press 2 then follow prompts for security freeze.
• Check your state’s listing for the exact cost of your credit freeze and to see if there is a reduction in cost if you are a senior citizen.
• Request your credit freeze by certified mail using this sample letter. Please note the attachments you must include.
• You can also freeze a child’s credit report. The information contained at this link is applicable for all three credit bureaus. You must first write a letter to each bureau to learn if your minor child has a credit report and if so, then you can proceed to freeze it.
• Unfreeze: Do a temporary thaw of your Experian credit freeze online or by calling 1-888-397-3742.
• Info on freezing a child’s credit with Experian can be found here.
• If requesting a freeze by mail, use the following address:
• Experian
  P.O. Box 9554
  Allen, TX. 75013

TRANSUNION CREDIT FREEZE – [TransUnion website]

• Credit freezes may be done online, by phone (1-888-909-8872) or by certified mail – return receipt requested. (Some users have reported difficulty with the online method. Please try one of the other options if you too experience difficulty.)
• Check your state’s listing for the exact cost of your credit freeze and to see if there is a reduction in cost if you are a senior citizen.
• Request your credit freeze by certified mail using this sample letter. Please note the attachments you must include.
• Unfreeze: Do a temporary thaw of your TransUnion credit freeze online or by calling 1-888-909-8872.
• Info on freezing a child’s credit with TransUnion can be found here.
• If requesting a freeze by mail, use the following address:
• TransUnion Protected Consumer Freeze
  P.O. Box 380
  Woodlyn, PA. 19094

 References:

Bernardo, R. (2015, May 26). ChexSystems: What It Is & How Long Info Stays In It. Retrieved from wallethub.com: https://wallethub.com/edu/what-is-chexsystems/13131/

Credit Karma. (2016, November 15). Terms of Service. San Francisco, CA, USA.

Emerson, S. (2017, September 8). Class Action Lawyers Say Equifax Can’t Prevent You From Suing Them. Retrieved from Motherboard.vice.com: https://motherboard.vice.com/en_us/article/wjjv99/class-action-lawyers-say-equifax-cant-prevent-you-from-suing-them

Federal Trade Commission. (2012, July). Consumer Information - Extended Fraud Alerts and Credit Freezes. Retrieved from consumer.ftc.gov: https://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes

Howard, C. (2017, September 11). Credit Freeze Guide: The best way to protect yourself against identity theft. Retrieved from Clark.com: http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/

Krebs, B. (2017, September 11). The Equifax Breach: What You Should Know. Retrieved from krebsonsecurity.com: https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/

Mott, N. (2017, September 11). Equifax Clarifies Arbitration Clause After Massive Hack. Retrieved from tomshardware.com: http://www.tomshardware.com/news/equifax-arbitration-clause-hack,35423.html

Sadler, A. T. (2017, September 11). Equifax breach: How to protect yourself from what’s coming next. Retrieved from clark..com: http://clark.com/personal-finance-credit/equifax-breach-how-to-protect-yourself-from-whats-coming-next/

Schneier, B. (2017, September 11). dont-complain-to-equifax-demand-government-act-opinion-schneier/index.html. Retrieved from http://www.cnn.com/2017/09/11/opinions/: http://www.cnn.com/2017/09/11/opinions/dont-complain-to-equifax-demand-government-act-opinion-schneier/index.html

Timmerman, M. (2017, September 11). Equifax changes fine print for TrustedID Premier free credit monitoring. Retrieved from Clark.com: http://clark.com/personal-finance-credit/equifax-arbitration-trustedid-terms-use-lawsuit/