THE BLOG

The Equifax Breach Is Bad, But There Are Steps That Can Help

09/21/2017 18:34 EDT | Updated 09/21/2017 22:54 EDT

ByKathleen Krumpter, Senior Financial Counselor, New York Legal Assistance Group

When I first saw the news that Equifax had a data breach, my initial thought was, “This is very bad.” In the days since then, the news has not gotten much better. The ramifications are essentially permanent. Since the breach affected 143 million Americans – more than half of all the adults who live in the United States – I think we need to assume that our most private data is no longer secure.

According to the U.S. Department of Justice, the vast majority (86 percent) of instances of identity theft have been related to misuse of existing accounts – credit cards or bank accounts (Victims of Identity Theft, 2014). This means that people with higher annual incomes were more at risk than households with lower incomes. Now that social security numbers, dates of birth and addresses are out there, I believe that there may be an increased risk of identity theft involving new accounts and/or misuse of personal information (including income tax identity theft). This could mean that lower income households will face a higher risk than they have historically as they are less likely to keep an eye on their credit reports and may not file a tax return at all.

There are a number of precautions that we can take to protect ourselves against identity theft.

Think about placing a credit freeze on your accounts. This will make it harder for someone to open new credit in your name. This will only work if you place the freeze with all three credit reporting agencies (Equifax, Transunion and Experian). If, in the future, you want new credit, you can temporarily lift the freeze at one or all of the agencies by providing the PIN that they will assign to you when you request the freeze. It is imperative that you not lose this PIN and that you secure it. Depending on what state you live in, there are different fees associated with placing, temporarily lifting or permanently removing a credit freeze. Equifax has temporarily waived their fee for any freezes placed before November 21. If you live in New York, it is free to place a credit freeze. You can check your state and the costs associated at Guide to Security Freeze Protection

If you are not going to place a credit freeze on your accounts, place a fraud alert. Unlike with credit freezes, if you place a fraud alert with one agency, they are required to notify the other two agencies. A fraud alert lets creditors know that you may be a victim of identity theft and requires that they take additional steps to ensure that the person requesting the credit is you.

Check your credit reports. Everyone is allowed to request a credit report from each reporting agency once a year. You can do this online at annualcreditreport.com. I suggest that you check one agency every four months. Review the report for accuracy and make sure all of the accounts listed are accounts that you opened. If any of the accounts are not yours, dispute it with the credit reporting agency and begin the process for reporting identity theft on identitytheft.gov.

Use a password manager. There are many, but two good ones are Last Pass and 1Password. You should also change all of your passwords for all of your financial accounts to something less hackable. These password managers can generate a password that is a random assortment of letters, numbers and special characters, which security experts agree are more difficult to crack.

Anywhere that allows for it, use two factor authentication. Yes, this is a pain. Yes it makes logging in places for the first time difficult. However, it is one more thing that can make it more difficult for someone to steal your identity.

Lastly, file your tax return as early as possible. To date, income tax identity theft has been a relatively small percentage of all instances of identity theft (and has been going down). With the Equifax breach, however, that trend could change.

The Equifax breach is scary and will reverberate for years because we can’t just change our social security numbers like we can a password. With vigilance and taking the above steps, however, we can mitigate any damage and reduce our risk.