Data breaches are, sadly, old hat these days. When Watchtower lets you know one of your passwords has been compromised, you sigh and mutter a few expletives, unlock 1Password, and start generating new ones. But what happens when the compromised information isn’t so easily changed, like your date of birth or social security number? That’s exactly what happened to me and 143 million of my fellow Americans just last week.
This is scary, in part because banks use this information to validate identities in the United States. Jeffrey Goldberg, our Chief Defender Against the Dark Arts, has written about this more in-depth, but in short, identifiers banks use for authentication (including SSNs) were not meant to be kept secret. This means the identifiers that were compromised are all criminals need to open accounts in our names, rack up bills, and leave us with the tab. There’s nothing to change this time around, but you can still protect yourself. Here are some steps you can take to do just that.
Keep it on ice
A security freeze is available to anyone — for a fee — and may be free for victims of identity theft. A credit freeze will prevent anyone from viewing your credit report and prevent any new accounts from being opened in your name until you lift the freeze (either permanently or temporarily). Here in Texas, fees are waived for victims of identity theft. Otherwise, it’s $10 to place the freeze on an account and $10 each time you lift it. These fees will vary by state, so be sure to check what fees apply in your state.
A fraud alert is less intrusive (and free), but it also provides less protection. With a fraud alert, businesses can still request and view your credit report, but must verify your identity before they issue new credit. This is usually done by contacting you directly, but some discretion is given to creditors to decide how they want to verify identities making a fraud alert less reliable than a security freeze. You can place a 90-day fraud alert for any reason and renew it when it expires. If you have already experienced identity theft and have filed a police report, you may be eligible for an extended fraud alert, which lasts seven years.
Whether or not you’ve been directly affected by this breach, monitoring your credit is important. Just like you monitor your online accounts for unauthorized access, you should always take advantage of resources available to you and keep an eye out for unrecognized activity on your credit report. All Americans are entitled to a free credit report from each credit reporting agency (CRA) every year. Many banks and credit card providers also offer free credit monitoring to their customers, which will alert you to any changes on your credit report. Although credit monitoring will not prevent identity theft or stop unauthorized accounts from being opened, these services will inform you of changes to your credit report allowing you to take appropriate action quickly.
Always be prepared
In essence, Experian, TransUnion and yes, Equifax, have control over our access to the standard-issue American Dream. Data held by these companies is used to determine if we qualify for a mortgage or a car loan. Employers and landlords may also perform credit checks to determine who to hire or rent to. CRAs are required to correct inaccurate information, but it’s up to us to monitor our credit reports for errors and take action to correct them. If you find an error on your credit report, Patrick McKenzie has some great advice in this Twitter thread:
It occurs to me that my hobby in writing letters about the Fair Credit Reporting Act is suddenly topical! So some quick opinionated advice:
— Patrick McKenzie (@patio11) September 9, 2017
He also published a blog post to help you set things right and, if you find yourself needing somewhere to store that paper trail Patrick helped you create, you can stash copies in 1Password for safe keeping. If everything looks fine now, don’t sit back. We know 1Password customers care deeply about data security and, though your credit report isn’t secret, it still contains important data and ensuring that data is accurate is how you protect it. Take the time to check it regularly and take action when needed, both in the wake of this breach and always.
If you’d like to learn more about protecting yourself from identity theft, both state and federal agencies offer free resources and services to American consumers: