Social Security accounts and Equifax Breach

Why might the Equifax Breach pose a danger to Social Security accounts?

The recent Equifax breach exposed names, addresses, birth dates and the social security numbers of 143 million Americans. This is exactly the information a criminal needs to take advantage of a social security recipient – who hasn’t yet set up their own “My Social Security Account”.

Any Social Security recipient who has not already set up their own “My Social Security Account” is advised to do so immediately!

Social Security Accounts

In case you are not aware, the Social Security Administration (SSA) provides an online service that enables a Social Security recipient to set up their own personal Social Security accounts with the SSA.

Once your personal Social Security account is set up, it enables you to do a variety of tasks. You can view your earnings history and estimates of benefits. You can also manage your benefits online, such as changing your address or changing your direct deposit information.

In light of the Equifax breach, criminals will seek to take full advantage of this Social Security Administration online service.

Therefore, Social Security recipient who hasn’t already set up their own social security accounts, should do so ASAP. Otherwise, they may discover that an Imposter has already beat them to the punch and set one up, in your name.

Once an Imposter sets up a “My Social Security Account” (using the victim’s personal information), they have the ability to make changes to the victim’s account. They can and will make changes to the direct deposit info and have the money sent to a bank account – controlled by the Imposter.

Be sure to use a long and strong password when you set up your account by using the first letters of a sentence or phrase and mix it up with numbers and symbols. Use a mix of upper and lower case letters too and make it at least 10-12 characters long. The longer the password, the better.

UPDATE: If you have a credit freeze in place, you CANNOT set up your account online because the SSA cannot verify your identity once a freeze is in place. You will need to call them instead at 800-772-1213. Ask for the Help Desk. The SSA help desk phone line is available between 7 am and 12 am – Eastern Standard Time. 

For more information about how to set up an account – visit the SSA website. The website address is:

Most importantly, you can also require that any changes to the bank account (into which your check is electronically deposited), can only be done at a Social Security branch office instead of your online account.

Read a previous article I wrote about the Equifax Data Breach to find out what to do to protect yourself.


Why is the Equifax breach extremely damaging? Because the typical information required to prove your identity is now in the hands of the bad guys!


An identity thief will go to great lengths to dig up your personal identifying information (PII) so they can impersonate you and then commit ID theft. This Equifax breach has already completed that part of the job for them.

Remember that 145.5 million Americans (over ½ the U.S. population) have had their PII stolen! Your information will likely be auctioned off on underground websites to opportunistic criminals, across the planet. Armed with your PII, a criminal can do a lot of damage to your identity, your good name and your financial records!

equifax breach extremely damaging

How is the Equifax breach extremely damaging? Let’s count the ways… 

  1. Pretexting – Criminals will use your PII to convince your bank, credit card company, utility or phone service to make changes to your accounts. Your PII gives them the ability to change your email address, PINS, passwords, direct deposit info, phone # and home address. They’ll even change the answers to your secret questions – all in their quest to gain access to private information or to lock you out of your own
  2. Tax ID Theft: File fake tax returns to get large refunds.
  3. Credit Fraud: Open new lines of credit in your name (personal loans, auto loans, mortgages, new credit cards).
  4. Counterfeiting: Create fake ID’s like driver’s licenses, passports, insurance cards, etc.
  5. Criminal ID Theft: Use your ID to give to police if they get arrested.
  6. Medical ID Theft: Create medical insurance cards to get medical services or commit insurance fraud.
  7. Employment ID Theft: Use your PII to get a job and collect a paycheck.
  8. Financial ID Theft: Open bank accounts in your name and pass around bad checks.
  9. Malware/SPAM: Infect your devices with Malware by sending SPAM emails or texts, purported to be from Equifax. SPAM emails and texts are designed to lure you to click on links or open attachments that infect your devices and turn them into ‘bots’.
  10. Spoofing/Phishing: Imposter phone calls from Equifax employees or clickable links that lure you onto a fake Equifax website. Offers of free credit monitoring services or class action lawsuits, designed to phish for additional info, like your credit card number






Equifax announced last week that they suffered a data breach that may have affected 143 million (Updated to 145.5 million) of its customers. Social Security numbers, names, addresses and even some Driver’s Licenses and credit card numbers were breached.

If you add this Equifax breach to the other 700+ data breaches this year, (as of June 2017), chances are that your personal information has already been exposed.

The sheer size of this recent breach is so large and the potential harm so great, it makes sense to assume the worst!

Equifax Breach Update
143 Million Records Exposed!

Equifax has launched a tool to let you know if you’ve been affected by this breach. Go here:  You’ll need to provide your last name and the last six numbers of your Social Security number. Alternatively, you can call them at 888-548-7878.

If you were impacted, Equifax is offering free credit monitoring via its own company – TrustedID Premier.  However, you won’t be able to enroll in it immediately.  You will be given a date when you can return to the site to enroll.  Equifax will NOT send you a reminder, so mark the date on your calendar to enroll. The deadline to sign up for credit monitoring expires November 21st.

Under pressure from N.Y. Attorney Eric Schneiderman and others, Equifax has now removed the waiver of your rights to participate in a class action suit as a condition of accepting their free credit monitoring.  Because they have now removed this clause, in their terms of agreement, I now advise that you sign up for the free credit monitoring service, ASAP!

A reminder that you have a right to a free copy of your credit report, once a year, from each of the 3 credit bureaus. There is the only federally authorized website to get your free report. Go here to get your free report:

What you should do is stagger those requests among the three credit bureaus, by only requesting one of them every 4 months. That way you will have viewed your credit report, for free, 3X during the year.

TIPS:  The advice from my previous article is much the same.

  • Place a credit freeze with all 3 credit bureaus, ASAP. Equifax has now offered to waive the fee to place a credit freeze on their site. You’ll still have to pay the small fee to place a freeze with the other two.
  • In addition, get copies of your credit reports to see if there’s anything on them that might be an indication that you have already been a victim. Remember although this breach was announced last week, the breach actually happened a few months ago.
  • Be sure to monitor ALL of your financial accounts for any signs of trouble or inaccuracies.
  • Use two-factor authentication and set up spending alerts on your credit cards.
  • Watch out for Phishing Spam emails from Equifax Imposters trying to lure you into clicking on links regarding this breach. DON’T fall for it!

You can learn how to report and recover from identity theft by visiting FTC’s website:  or by calling them at 1-877-438-4338.  The FTC provides information on how to protect yourself after a data breach.

Here are the online links and phone numbers of each of the 3 credit bureaus to place a credit freeze.



The recent Equifax Data Breach is Epic. It ranks among the largest and most intrusive cybersecurity breaches in history!  

Equifax Inc. said its systems were struck by a cyberattack that may have affected about 143 million U.S. customers of the credit reporting agency. 

UPDATE:: This figure has now been increased to 148 million customers affected

The credit-reporting service discovered the intrusion between May and July of this year. This latest Equifax Data Breach intrusion has jeopardized names, addresses, Social Security numbers, birth dates and even some driver’s license numbers and credit cards.

The CEO said in a statement that “it strikes at the heart of who we are and what we do”.  But apparently, talk is cheap – as this is the third time Equifax has had a breach in less than two years. Additionally, another major credit bureau Experian, had also suffered a large data breach that impacted and exposed millions of records of Americans.

Equifax Data Breach

Credit Bureaus make piles of money by compiling incredible amounts of sensitive detailed dossiers on consumers and then selling that information to marketers.


Therefore, it is unfathomable why a company like Equifax, who is responsible for compiling and safeguarding so much sensitive data, have shown themselves to be such terrible stewards of that data.

Regardless of whether your information was compromised, Equifax is offering everyone the option to enroll in their in-house credit monitoring service – TrustID Premier –  owned by Equifax.



Typically, the way these ID Theft Protection Service arrangements work is the credit monitoring is free for a period of time (usually one year) and then, consumers are pitched to purchase additional protection once their free coverage expires.


  • Place a Security Freeze (aka Credit Freeze) with all 3 credit bureaus instead. Do this ASAP for all family members!
  • Be sure to check and monitor your credit report often. To do so – go to  for your free federally authorized credit report.
  • Monitor all financial accounts and billing statements for any suspicious activity.
  • Watch out for SPAM Phishing emails in which scammers will entice you to click on tainted links or open attachments in emails regarding this data breach.

P.S. There was a news story in Bloomberg yesterday indicating that three top Equifax executives sold millions of dollars worth of stock during the time between when the company says it discovered the breach and when it notified the public and its investors. The executives reportedly told Bloomberg they didn’t know about the breach when they sold their shares. A law firm in NY has already announced it is investigating potential insider trading claims against Equifax. To be continued…


Donors Beware of Hurricane Harvey Charity Scams!

While natural disasters such as Hurricane Harvey brings out the best in people, it also brings out the worst in Scammers, who are quick to take advantage.

As people see the visuals of the hurricane’s devastation, they are moved to want to help the survivors and families of the victims. Naturally they’ll seek out a charity they can donate to. But you must beware of fake charity scams!


Scammers take full advantage of people’s generosity by posing as fake charities. But instead of collecting money to help victims, they keep the money for themselves.

Charity Scams
Beware of Fake Charity Scams

These evil-doers are already sending emails, text messages, mail solicitations, and will soon appear at your door asking for money, under false pretenses.  They will also create fake charity scams via websites that use similar or familiar sounding charity names. These fake websites capture unsuspecting victims who innocently enter their credit card info to make a donation.


You can never be sure whether the person contacting you is legitimate or not!



1.) Go directly to the charity yourself. You can find the address of a charity’s website and either mail a check or go directly to the charity’s website (by typing in the website address yourself) and make your donation online.

2.) Look for the padlock symbol and the website address should begin with https, not just http.  The “s” stands for a secure website. Also, realize that most charity websites will end in “.org”, not “.com”!  Be careful of making typos when entering web addresses too.

3.) Never ever click on links in an email, no matter how legitimate the email looks! The US Computer Emergency Readiness Team (US-CERT) is reminding everyone that malware purveyors frequently use natural disasters and breaking news stories to trick people into clicking on malicious links or opening up booby-trapped email attachments. Fake charity scams always include links & attachments in unsolicited emails that look authentic.

4.) Be careful of what you see on your ‘Caller ID’. Most phone numbers are “spoofed” to look like the call is coming from a charity, when in fact, it’s a scammer calling.

5.)Telemarketers who call you, representing a charity, receive a commission for each donation they receive. So only about half of your donation actually goes to help the charity.  Besides, how can you be sure that the person calling you is from a legitimate charity?  You can’t!

6.)To check out a charity, you should go to  Their website helps you determine if a charity is legitimate. You can also learn how much of the money a charity collects, actually goes to the people they are supposed to be helping.

Here are the names of a few charities that are providing assistance in the wake of Hurricane Harvey: Americares, International Relief Teams, Direct Relief, Global Giving, Save the Children and the American Red Cross. also provides a list of local organizations, located in the most affected areas, who are providing support to people and animals.