How Should You Respond to the Massive Computer Hack of Equifax?

The massive computer hack of Equifax, one of the three largest US credit reporting agencies, exposed the Social Security numbers, names, and contact information for up to 143 million of us.

How should you respond?


A lot of conflicting advice is floating around; here is what I am doing and what I would recommend:

1. Go to EquifaxSecurity2017.com and enter your last name and the last six digits of your Social Security number to find out whether you are one of those potentially affected by the breach. There is a question on how accurate this is; one person entered their name as “test” and number as 123456, and was told they were affected by the breach.

2. Consider (also through EquifaxSecurity2017.com) enrolling in Equifax's free one-year credit monitoring service. Starting this process put me on a waiting list to actually sign up; I have until November 7 to complete the enrollment. I will wait to sign up until more is known. The fine print of that offer initially appeared to require waiving your right to join a class action lawsuit against the company. The website now reads: "In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."

3. Monitor your bank accounts, credit card statements, and other financial information carefully for the next year. Immediately report any suspicious transactions.

4. Do not rush out and buy identity theft insurance. The big winners out of this mess will be insurance companies that sell this protection, as millions will take out new policies. I do not plan to be one of them, as my opinion that identity theft insurance is of limited value has not changed.

5. If a check of your Social Security number through Equifax's website shows your information has potentially been compromised , you could consider canceling credit cards or closing bank accounts that may not protect you against fraud. However, most major credit cards and financial institutions will cover successful fraudulent attempts to use your account.

Related: Is the American Dream Slipping Away?

6. Consider placing a free fraud alert on your account with the three major credit bureaus to warn creditors to verify your identity before issuing credit in your name. If you contact one agency, it is required to notify the others. You can also put a freeze on your credit, which blocks anyone (including you) from accessing your credit reports without your permission.

7. Unfortunately, one of the best actions to take is one that none of us can easily do: change our Social Security numbers. It is possible to change one as a result of identity theft, but the application process requires evidence of serious ongoing problems.

8. Consider contacting your Senators and Representatives to raise the issue of whether it's time to discuss more flexibility around Social Security numbers. The good news is that elected officials may well be among the millions of us in this boat.

While Equifax has handled this debacle poorly (it took them a month to disclose it), they are not the only company that will suffer serious consequences. I see banks and credit card companies, who ultimately pay the tab for identity theft, as the biggest losers.

This data breach potentially involves many people who have followed recommended strategies, such as using strong online passwords and guarding credit cards and account numbers, to protect against identity theft. I recommend following the Equifax story as it unfolds in the media, as it may have an impact on how you should safeguard your data in the future.