How to protect your financial life from the fallout of the massive Equifax hack

September 16, 2017

 

More than half of Americans may be seriously compromised.

On September 7, Equifax announced that the most massive and severe hack of consumer data in American history had occurred from one of their websites.

For 1.5 - 2.5 months, hackers stole the most sensitive information of 62% of US citizens (209,000):Social Security numbers, birth dates, addresses and in some cases driver's license numbers. In addition, they stole even more personally identifying information from dispute documents belonging to 56% (182,00) of us. (UK and Canadian residents were also affected). The fallout from this looks like it will be historic and industry changing.

Why does this matter?

 

In the past, people with that kind of confidential information stolen have been subject to identity theft, credit card fraud and theft, medical fraud, tax fraud, financial fraud, stolen deeds to houses, cell phone theft, theft of online financial accounts, theft of social media accounts, theft of online storage accounts with confidential information, etc., etc.. If your information is compromised, this is a really big deal.

 

How did this happen?

 

In short: human error and poor security practice.

 

In March 6th 2017, a a patch for security vulnerability in an Equifax public facing website was made available by Apache struts. (CVE-2017-5638). Standard IT security practice is to apply patches ASAP, but for some reason Equifax didn't.

 

3 days later, the bug was being used by hackers in a mass attack on many sites, although Equifax appeared to be lucky and wasn't one of them. However, the company still did nothing. 2 months after they should have patched their system, one or more hackers penetrated their Web server on May 13. They continue to do so for over 2.5 months until July 30, 2017.

 

On September 15, heads rolled. Equifax announced that the chief information officer and chief security officer "retired".

 

How do I protect myself from hackers and theft?

 

1st let me tell you what not to do. In a band-aid move Equifax is offering a "solution" of credit monitoring for year. (At first they were even charging for this and making money from their own mistakes! After public outcry, at least it's now free).

Credit monitoring is nice to know if someone has stolen your identity and is opening up credit cards, bank accounts, buying a car, creating medical bills etc. in your name. However, it's a little bit like closing the barn door after the horses have already left. By that point, it's already too late, because now you have to try to prove to the institutions that you are the real person and the other one isn't. By the time you finally do, the hacker can do a lot of damage that may take you years to repair. In my opinion, credit monitoring is not the answer.

What's a better option?

You should immediately do a credit freeze on all 4 (not 3) credit bureaus and bank account approval bureau. What this does is prevent anyone from opening up new credit cards, bank accounts, buying a car, etc. in your name.

Then, if you ever need to access the credit report to do one of these things legitimately, you use a pin number that only you know to temporarily unfreeze it. It's important to keep your pin number secure (preferably off-line where no one can steal it).

A freeze is a little bit of a pain. There is (deliberately) no one click way to do it at all for bureaus: you have to go to each one individually. And in some states it's free, but others it cost $5 or $10 per bureau. (Currently Equifax has waived their fee, and Innovis is free). And it may cost the same every time you temporarily unfreeze it.

It's completely ridiculous to charge for something like this and Congress is pushing for these fees to be removed. But if you were victimized, then waiting for this to eventually or hopefully happen is not a great idea. Speed is essential, and it makes sense to just bite the bullet now and protect yourself now.

How do I do this?

  1. Freeze your credit:

    Visit https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/ and click on the 4 links to freeze your credit with the 4 bureaus: Equifax, Experian, Innovis and Trans Union (not just 3 as some people still believe).

    You may have to be patient.Some of them like Equifax are swamped because millions of other people are doing the same thing right now. If you get a timeout, try again, or try again later at night, etc.

    Also, don't be fooled. Some of them will do their best to steer you away from a credit freeze and convince you that all you need is a security alert or proprietary credit lock (like TransUnion). In my opinion, these are halfway measures, and the credit lock is bordering on a scam.

    A security alert relies on the viewing party to voluntarily comply with it. When you're dealing with criminals, relying on honor is not an effective strategy.

    And a credit lock exposes you to paid advertising with TransUnion (while a credit freeze protects you from it). So the company is making money off of supposedly protecting you. Also, the terms of service force you to give up your rights to sue the bureau for credit breaches and other issues! Pretty convenient after they have done some very lawsuit worthy things.

    Some bureaus even charge money for a credit lock.  And on all of them, the terms of service are very vague. So far none of the bureaus have confirmed to reporters that it has all of the protections of a true freeze (which is what they imply but don't come out and actually say when they are aggressively trying to steer you in that direction).

    In my opinion, they are just trying to save their business model, not your identity. In my opinion, the only way to go is with a full credit freeze.
     

  2. Freeze opening up new bank accounts:

    This is done through ChexSystems. Again, don't fall for doing just a security alert or anything less than a full freeze. https://www.consumerdebit.com/consumerinfo/us/en/chexsystems/theftaffidavit/index.htm
     

  3. Monitor your credit

    A freeze only protects you against new attempts. If someone has already initiated one, it's important to know. Equifax is offering a service that is free for a year. Personally, I'd rather not  reward the company that caused the problem in the 1st place. And there are many other sources of completely free credit monitoring. Check out: Credit Karma, Wallet Hub and others.
     

  4. (For some) Protect your tax refund with a pin number

    Hackers will often used a stolen Social Security numbers to commit tax fraud. This can put your own refund into limbo and is in general a huge mess to clean up.Residents of Florida, Georgia and the District of Columbia can get a pin number with the IRS to protect against this. (I don't know why this isn't allowed in every state, because it seems an ounce of prevention is worth a pound of cure). Check out: https://www.irs.gov/identity-theft-fraud-scams/the-identity-protection-pin-ip-pin

 

What's next?

That's a great start, but you may not be done.

After you've done that, make sure you also secured your cell phone from being stolen (which can lead to every online account being stolen as well).

 

See this article on cell phone porting for what this problem is and how to fix it.

 

Please reload

About Ian Ippolito

Ian Ippolito is an investor and serial entrepreneur. He has been interviewed by the Wall Street Journal, Business Week, Forbes, TIME, Fast Company, TechCrunch, CBS News, FOX News and more.

 

Ian was impressed by the potential of real estate crowdfunding, but frustrated by the lack of quality site reviews and investment analysis. He created The Real Estate Crowdfunding Review to fill that gap.

More information
join our mailing list

Related Articles

Please reload

Most Recent Articles

October 8, 2019

What's normal and what's out of line? Are there times when I should be willing to pay more? This article explains how I evaluate these things.

(Usual disclaimer: I'm just an investor expressing my personal opinion and not a financial advisor, attorney or accountant. Con...

June 13, 2019

Comprehensive review of Equity Multiple, extension to  club feeder and latest news on Prodigy Network, etc.

(Usual disclaimer: I'm just an investor expressing my personal opinion and not a financial advisor, attorney or accountant. Consult your own financ...

May 29, 2019

Investors allege a 40% loss on 84 William Street deal (and being asked to pony-up $9.3 million more to avoid a 100% loss). This, after other problematic deals and allegations that Prodigy misappropriated $2.5 million of investor money and is allegedly "broke"...
 

Capti...

May 20, 2019

Comprehensive review of Broadstone Real Estate Access (BDREX), updated non-accredited guide to choosing funds, new feeder and latest news.

(Usual disclaimer: I'm just an investor expressing my personal opinion and not a financial advisor, attorney or accountant. Consult...

May 15, 2019

A step-by-step guide for the every-day, non-accredited investor.

(Usual disclaimer: I'm an investor and not a financial advisor or attorney. Consult your own financial professional before making any financial decisions. Everything on this site is my personal opinion on...

Please reload

Older Articles
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2015-2018 By Exhedra Solutions, Inc. All rights reserved. Use of this site constitutes your acceptance of it's terms and conditions.
 

Code of Ethics: I do not receive any money from any sponsor or platform for anything including guides, tutorials, postings, reviews, referring investors, affiliate leads or advertising. Nor do I negotiate special terms for myself above what I negotiate for the benefit of members. For clarity: I do receive monetary compensation in 2 ways. Site members can send donations (and a $200 donation entitles them to access my personal low-level due diligence notes on investments I've put money into). And if the club chooses to create a feeder, I take a fee as manager (and keep the excess beyond expenses). Additionally I receive the same non-monetary compensation all club members do: access to otherwise inaccessible sponsors, millions of dollars of special deals and discounts, the satisfaction of giving back and helping others, and more.

We are just investors expressing our opinion, and are not licensed financial advisors, nor attorneys nor accountants. Always consult with your own licensed professional before making any investment decision. All information provided is personal opinion only, and does not constitute professional, financial, tax, legal or other advice.