Post Equifax Breach: Still dazed /confused about your next steps? Then read this.

If you’re like many clients with whom I’ve talked since the Equifax data breach news first surfaced, you are still processing how all of this may affect you and your family now and for the long term. Before diving into the steps, pat yourself on the back for your gumption for tackling your share of the unwieldy mess that Equifax has handed half this country. Also, while you take steps to protect your financial health, please remain on high alert for vultures. Most of you are likely exercising healthy skepticism when you see ads, unsolicited emails, bogus news stories, etc. that tell you that you need to sign up with them or click on a link. (Yes – this even happened on Equifax’s consumer site post-breach.) But note that the breach has brought out many bad actors to the fore, who are salivating at the thought of preying on the fear borne out of the Equifax debacle(s). *DISCLAIMER: NOTHING ON THIS PAGE OR WEBSITE CREATES AN ATTORNEY-CLIENT RELATIONSHIP.  Please contact an attorney, if you seek counsel. I’m providing these steps as general guidance and NOT as your attorney. Feel free to email me, if you want to seek legal representation.

Step 1: Assume that your information was breached. The likelihood is great that your personally identifiable information (PII) is included in the 145+ millions of individual files compromised because of the Equifax breach.

Step 2:  Place a freeze (a.k.a. “credit freeze” or “security freeze”). No – it’s not difficult or “cumbersome” (as former Equifax CEO, Smith, claimed in hearings earlier this month). It’s not an absolute protection, but will serve as a significant barrier for fraudsters to use your PII. And yes – there is typically a charge (if you reside in Washington State, for example, unless you’re an ID theft victim already). For “how to’s,” see the second bullet point.

  • Please remember your children. While they probably don’t yet have a credit file (although some of my clients were surprised to find that their minors do have credit files), you want to protect against many ways that they can experience identity theft.  If your child has a credit file, then you as a parent may request a security freeze.  If your child doesn’t have a credit file, then the credit reporting agency (e.g., TransUnion, Equifax, etc.) is required to create a record for the child and is prohibited from releasing any PII about the child until the freeze is lifted.  Prepare to provide proof that you are a parent and have authority as a legal guardian to act on behalf of the child. You’ll also need to provide proof of your child’s identification.
  • How to freeze credit reports – You can call, if you’re not keen on entering your PII online (who can blame you?) You do need to contact each one of credit reporting agencies:

Experian — 1‑888‑397‑3742 or visit this page of Experian’s site

TransUnion — 1-888-909-8872 or visit this page of TransUnion’s site

Equifax — 1-800-349-9960 or visit this page of Equifax’s site

  • NOTE: If you can show that you’re a victim of a data breach (hello, Equifax breach victims), you can request a free freeze with Equifax and TransUnion if you go online. But, I remain extremely cautious around any of these CRAs for good reason.

Step 3: 

  • Get a free annual credit report and scour it for anything that looks out of place.  Beware of bogus websites that entice you with offers of free credit reports in exchange for your PII. Don’t do it. Go to AnnualCreditReport.com and no where else.

Step 4: Address potential/existing fraudulently opened utilities, pay TV or phone accounts. Again, it sounds incredible, but fraudsters have found that this is one of the best ways to use stolen PII.

Time to think about the ways that bad actors can use your stolen PII. Please don’t dismiss these possibilities because my clients have experienced all of these forms of ID fraud.

  • Contact the National Consumer Telecom and Utilities Exchange and request your NCTUE Data Report. Again , scour it for anything that looks out of place.www.nctue.com or 1-866-349-5185 (The NCTUE data report is a record of all telecommunication, pay TV and utility accounts reported by exchange members, including information about your account history, unpaid accounts and customer service applications.)
    NOTE: If the service provider doesn’t resolve the problem, file a complaint with the Federal Communications Commission at 1-888-225-5322 or TTY 1-888-835-5322.  Or, if you have an data privacy attorney, s/he can do this on your behalf.

Step 5: Guard against the real possibility that someone has or might have already created fake checking accounts. Order a free copy of your ChexSystems report, which compiles information about all of your checking accounts.

  • Get your report from ChexSystems via 1-800-428-9623  or ChexSystems’ website consumerdebit.com.
  • (If you find that individuals have already opened fraudulent checking accounts with your PII, you’ll need to contact every financial institution where a new account was opened. Ask them to close the accounts in writing.) Write down who you contacted and when. Keep copies of any letters you send.

Step 6: If you receive government benefits, contact that government agency and provide a written request for a report and a fraud alert. 

Lather, rinse, and repeat. Please consider this part of your regular regimen to preserve financial good health. The aforementioned are not a “once and done” list of actions.

Finally, a word about “identity theft protection” services like LifeLock, TrustedId, ProtectMyId, AllClear, blah blah blah. Instead of going with any of these services/products, watch this entertaining yet informative clip from John Oliver’s show. There was a time not too long ago, when I would have said go for it if you don’t want to do it yourself. But, I’ve since revised my opinion and would advise you to take charge of your own identity and PII, by doing all of the above on your own. Why trust some third party who only stands to profit from identity theft and data breaches.