In July 2017 credit reporting giant Equifax suffered a data breach of epic proportions. Data breaches happen every day but usually not on this scale, magnitude and impact. This breach is very big deal. The data involved in this breach was highly sensitive personally identifiable information such as:
- Social Security numbers
- Date of Birth
- License number
*Note* that your Social Security number, DOB, are the keys to your financial identity and are NOT easily changed. Recall that this information is the key to your identity and your financial well being. We use it to prove our identity when we get a loan, buy a car or a home. It can be used by criminals to open illegitimate bank accounts, purchase property, apply for insurance. In the hands of cybercriminals its a treasure trove of opportunities to commit cybercrime of all sorts. Criminal actors, nation-states and other malicious actors will have this data in perpetuity to abuse law abiding innocent citizens caught in the crossfire.
Worse yet, the scale of this breach was overwhelming. It effects a total of 143 MILLION Americans or 44 percent of the US population. Acknowledging the magnitude of this breach most Americans can assume that they were involved here or in the supernumerary other breaches in recent years. To this end we should all take efforts to protect ourselves.
How to Protect Yourself
In light of the reality of dangerous nature of this data being in unknown hands it is best to take proactive precautions before any identity theft scenarios arise. Although Equifax does offer a site to lookup whether you were effected, but I’ve little faith in the organization. Additionally they are offering a paltry “free” credit monitoring for one year after which its $30/mth. I’d recommend neither option from Equifax. When considering the supernumerary breaches happening today I think it’s wiser to assume that our data is out there and take a proactive approach to defending its misuse. To that end I recommend the following:
Freeze Your Credit
A credit freeze (AKA security freeze) restricts access to your credit report which makes it more difficult for identity thieves to open new accounts in your name. This should be done in all 4 credit reporting agencies — Equifax, Experian, TransUnion, Innovis. At the end of the process of freezing your credit remember to save in a secure encrypted form the PIN you get to unfreeze your account in the future. Keep in mind it will not protect you from having fraudulent charges to your existing accounts, for this you should get credit monitoring. The FTC website offers more details on setting up a credit freeze.
Setup Credit Monitoring
Modern credit monitoring from companies like LifeLock & Identity Guard provide detailed monitoring of credit and identity. Although credit monitoring will not magically prevent fraud on existing accounts it does help to notify you early of abuse and help you recover.
Get Your Credit Report
Getting your current credit report will offer you insight into if you have been a victim of identity theft or financial fraud. US citizens are able to get a single annual credit report for free from https://www.annualcreditreport.com/ which is the only official source for a free credit report. Most other ‘free’ credit report services are data miners themselves. Additionally, most of the credit monitoring services offer an annual credit report as part of their services.
Turn on Alerts
All credit card, banks and other financial companies offer alerts via SMS and email for transactions. It is wise to turn these all on so you have consistent alerts on ongoing transactions. Get in the habit of reviewing all of your statements on a monthly basis to look for anomalous actives.
Use MFA(Multi Factor Authentication)
Your banking, credit card and other financial websites offer more secure authentication options beyond a simple password. If you have a Google Gmail account you’ll be familiar with Google’s 2 Step Authentication which is an example of such MFA (Multifactor Authentication). Turn MFA on everywhere.
Regulation & Legislation
Economists often claim that industries will self-regulate and outcomes for consumers will always be generally positive. Real world experience shows the opposite effect in this marketplace. These credit reporting agencies have shown no desire to invest in technologies that will safeguard this sensitive information. Data is the new oil or capital (think asset), that generates huge profits for data aggregators like these while dramatically expanding the risks to citizens. In this case, (like all of this industry) they unfairly transfer all the risk to the consumer and keep all the profits for themselves. These industry players should face regulatory censure and real financial penalties from any future breaches. Only the threat of such real financial losses from regulation will force the hand of industry to properly secure this data. Only then will they innovate ways to protect our information in any way that we can have confidence in. We must acknowledge that the breaches will not stop and if we don’t force the hand of the data aggregators such as these the consequences (and cost) for us all will only get worse. Legislation and regulation must be forthcoming to protect us from ever expanding unmanageable costs (and risks) misappropriated to us as consumers.
Better Security/Privacy Options
In the future we as consumers need to demand more secure options if we are to allow companies like this to warehouse our sensitive personal data. We need stronger authentication and encryption options as consumers to protect ourselves. Individual authentication codes, biometrics, physical tokens and even blockchain-based technologies should be the norm in the very near future. We live in an age where data breaches are the norm. If we do nothing – we only exacerbate a problem that will only continue if we rely on technology that isn’t doing the job. Technology is only a part of answer, regulation/legislation is an immediate imperative.