How to defend yourself against identity theft after the Equifax data breach

To lower the risk of becoming a victim of identity theft and financial fraud after the data breach at Equifax, Americans should place a security "freeze" on their credit reports and delete any suspicious emails that could dupe them into releasing personal data to cyber thieves.

That's the advice from identity-theft experts after the credit-reporting company said hackers broke into its computers and stole key personal data — including social security numbers, names, addresses and dates of birth — from an estimated 143 million Americans.

Following the breach, which was made public last week, hackers now have four of the most important pieces of identification data — dubbed the "crown jewels" — for nearly half the nation, says John Ulzheimer, a credit expert who formerly worked at Equifax and credit-score company FICO.

That's why Ulzheimer and other cyber-security analysts urge consumers to place a "freeze" on their credit reports at the nation's three leading credit-monitoring firms — Equifax, TransUnion and Experian.

"It's the Fort Knox of credit protection," says Ulzheimer. "A freeze takes your credit report out of circulation."


Nearly half of all Americans are affected by a cyber security breach at Equifax, one of the nation's three major credit-reporting agencies. Here's how to avoid being a victim. (Video: USA TODAY)

Using a freeze to place restrictions on who can gain access to your credit report is critical because banks, mortgage lenders, credit card companies and other financial institutions won't extend credit to new applicants without first viewing a credit report, says Keith Snyder an analyst at Wall Street firm CFRA Research.

The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent, Snyder says. This form of protection prevents that from happening by barring credit bureaus from releasing your information in response to a new credit inquiry.

That shuts down the all-important credit-check process.

And makes it harder for a cyber thief to gain approval to rent a new apartment, obtain a home loan or open a new credit card in your name using identification obtained illegally.

"When a financial institution goes to pull your credit report, they simply won't be able to get it," says Snyder. Once a freeze is in effect, he adds, only existing creditors that already have a financial relationship with you can access your credit report.

Credit alerts are less effective

In contrast, signing up for a credit "alert" with credit bureaus is less effective in protecting you, because the alert notifies you only after someone has accessed or tried to access your account without your permission. "The problem with a credit alert is it alerts you after the fact," says Snyder. And by that time, a hacker might already have succeeded in profiting by using your stolen data.

Credit freezes, which remain in effect as long as a consumer wants, aren't free, however. Each state has its own sign-up procedures and fees. Freezing one's credit isn't expensive. They cost anywhere from $5 to $10 per credit bureau.

But it's worth every penny and the time required to put the freeze in place, says Ulzheimer. "It's the best $15 you'll ever spend," he says.

A consumer who places a freeze on his credit can also request a "thaw," or short-term removal of the freeze, for a small fee. To do so, the consumer must contact the credit bureau, provide the personal PIN received at the time the freeze was put in force, verify identity and specify a specific person or financial institution authorized to view your credit report. The credit agency has three days to unfreeze your account.

After major data breaches, consumers must also be vigilant and avoid falling victim to online scams.

So-called "phishing" scams, for example, typically target potential victims using fraudulent email messages that appear to come from legitimate enterprises, such as your bank, employer or company you do business with. These scams try to lure you into providing personal data that the cyber thief can later use to rip you off.

"Don't fall for any phishing attacks," says Avivah Litan, a security analyst at Gartner. "You can't trust anyone on the phone or anyone that emails you. Make sure you don't give your life away."

►Make it easy to keep up to date with more stories like this. Download the WZZM 13 app now.

Have a news tip? Email news@wzzm13.com, visit our Facebook page or Twitter.

© 2017 USA TODAY Network


JOIN THE CONVERSATION

To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment