Equifax Breach, Identity Theft and Credit Freezes, Oh, My!

The Equifax data breach has involved 40 percent of the entire US population in this latest and unprecedented Cyber Attack. The company revealed, 40 days after discovering it, a Cyber Security breach that has put 140+ million people at risk of identity theft. It’s bad and getting worse by the minute. Whatever the details of the breach, how it went down, how the attackers were successful, why top Equifax execs sold stock before the public was alerted to the breach and the rest of the shabby situation surrounding it, that’s a lot of social security numbers, bank accounts, drivers license numbers, birth dates and more that will be valuable to those-so-inclined to commit what is arguably the most insidious Cyber Crime of them all – identity theft.

Most commonly, identity theft is successful via phishing attacks, email and text messages that are designed to be appealing to us on a personal level. These attacks will try anything to get us to click on the link. Don’t click on the link. Whenever we click on links designed to phish us, identity thieves will steal our identities faster than greased lighting. Don’t click on the link.

When someone is a victim of straight-up Cyber Crime or physical crime, the evidence and impact is often self-evident, meaning it’s often noticed right away. Someone steals something, it’s missed, it’s reported and authorities act accordingly. These kinds of things are often quite easy to prove because the evidence is obtainable and clear. Reports are filed, phone calls are made, interviews are completed and insurance covers the loss, whenever applicable. These are known scenarios and, while inconvenient, are forgotten in the months and years that follow.

Identity theft is insidious because it impacts victims in ways that are less quantifiable. First of all, it’s often very difficult to prove and resolve the issues that arise from it. Plus, this kind of crime is new and evolving. Criminals are creative and are finding new ways to exploit identity crimes. Authorities and governing bodies don’t have generations of experience and knowledge of how to deal with these things. The laws governing how we use, protect and resolve identity issues are new, too, and continue to evolve with every breach as new cases come to the bench each and every day.

Years and years after someone is the victim of identity theft, the ramifications of it are still there and rear their ugly heads in ways we cannot predict. For example, how inopportune would it be to get stranded at a border while the rest of your travel-mates are allowed safe passage? There we sit, alone, stripped of our power to move at will, not permitted to pass due to our passport being flagged for some elusive and bureaucratic reason. Or, how awesome would it be to try to close on that house we’ve worked so hard to buy only to find out the bank won’t approve our loan request based on our social security number being flagged because it was reissued too recently? How about trying to rent a car, apply for a credit card or even a job and find out there is some problem with our identity credentials? Victims of identity theft experience the weirdest and most frustrating of these kinds of things even years after they thought it was resolved.

This is why it’s important for us to understand the implications of the Equifax breach and ways to protect more than just our financial lives. Let the FDIC worry about that. Identity theft can impact us in more ways than that.

I’ll be honest: I don’t recommend using Equifax’s site to check if your information was included in the breach. It’s giving out false positives and generally incorrect answers.

And, while some people are actually considering Equifax’s own, free (gee, thanks!) credit monitoring service, I don’t recommend it. Agreeing to its terms of service comes with some pretty big strings attached – controversial legalese embedded in the terms of service that makes those who agree to use it exempt from any class action against the company. Not to mention, the truth is that credit monitoring services do not protect us from identity theft.

What credit monitoring services do do well is alert us after our identity has been stolen. Then, we can begin the massively complex process of sorting that all out. So, while it can’t hurt to sign up for these free services, it also doesn’t help that much, either.

What’s a better solution? What options exist to help prevent identity theft in the first place? Experts on the subject suggest freezing our credit. What does that mean? What does it involve and what do we need to know?

Freezing our credit means placing restrictions on who can access our credit reports from the various credit bureaus. How does this help? Anytime we apply for a line of credit, a banking account or a loan, those requests need access to our credit reports in order to be approved. If we prevent those kinds of requests from having access to our credit standing, would-be identity thieves will need to find another way to steal our identity. They won’t be able to get approval to open fake financial accounts using our identity.

What do we do once our credit is frozen and we need to open a new line of credit and therefore need to give a bank or other financial institution access to our credit? We can lift or “thaw” the freeze using a PIN number that the credit bureaus give us when we initiated the freeze. Only the credit bureaus we approve will put the thaw into effect no more than three business days after we submit the request. We can also lift the freeze for a specified length of time, if we choose.

Freezing our credit comes with marginal fees, typically $5 to $10 per credit bureau. For more information, visit the major credit bureau websites: Equifax, Experian and TransUnion. Or call ’em: Equifax (1-800-349-9960), Experian (1-888-397-3742), TransUnion (1-888-909-8872).

Thanks for reading. Good luck out there. Remember – when in doubt, don’t click on the link!