Equifax Settlement after Massive Data Breach

An Equifax settlement has finally been reached – nearly two years after their massive data breach. The company has agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau. The settlement includes a Consumer Restitution Fund totaling up to $425 million to help people affected by the data breach and another $175 million going to all 50 U.S. states and territories.

Padlock with Identity Theft Theme
Nearly 148 Million Records Exposed!

TOTAL INEPTNESS

It was in September of 2017 that Equifax, one of the largest consumer reporting agencies in the world, suffered a data breach that affected roughly 148 million consumers – nearly half the U.S. population.

Equifax’s failure to maintain and update their security system is what caused this preventable breach. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The breach went unnoticed for 76 days.

This epic breach enabled hackers to penetrate Equifax’s systems and exposed the private data of 56% of American adults. Breached information included Social Security numbers, names, addresses, birthdates, credit card numbers and some driver’s license numbers too.  It was, and still is, the largest and most damaging breach of highly sensitive consumer data.

RESTITUTION FUND – JUST A MERE $2.87 – PER VICTIM!
Equifax Settlement
Barely A Slap On The Wrist!

The Equifax Settlement includes a Consumer Restitution Fund totaling up to $425 million that will go to consumers who can demonstrate that they were financially harmed by the breach.  $300 million is dedicated to addressing consumer redress. However, if the $300 million is exhausted, the fund can increase by up to an additional $125 million. The company must also offer up to 10 years of credit monitoring services to those affected by the breach. If you don’t want the credit monitoring service, you may be able to opt for a $125 cash payment, unless they run out of funds. You can’t get both!

Furthermore, Equifax has agreed to take several additional steps to assist consumers who are either facing ID Theft issues, or who have already had their identities stolen. It includes making it easier for consumers to freeze and thaw their credit and making it easier for consumers to dispute inaccurate information contained in their credit reports.

Additionally, the Equifax settlement requires the company to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft. For at least seven years, Equifax will provide free assistance to victims via their Identity Restoration Services. In other words, if you discover there was misuse of your personal information, call the settlement administrator at 1-833-759-2982 and you will be given instructions for how to access Equifax’s free Identity Restoration Services.

WHAT DO I NEED TO DO NOW?

Equifax is offering FREE Credit Reports for ALL U.S. Consumers. Starting in January 2020, all U.S. consumers can get 6 free credit reports per year for 7 years from the Equifax website. That is in addition to the mandatory free credit report everyone is entitled to each year from each of the three credit bureaus that you get from going to www.AnnualCreditReport.com

To find out if you were one of the over 147 million victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or you can click here

*NOTE: If you wish to file a claim, you must file your claim by January 22, 2020.

Visit the Federal Trade Commission’s website for info on How to File a Claim

Read a previous article I wrote about the Equifax Breach to learn how it all came about. And Here for Part Two of that article.

DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here

SYNTHETIC IDENTITY THEFT

According to the Federal Trade Commission, 80 to 85% of all identity fraud stems from Synthetic Identity Theft. Fictitious identities are created when an Identity thief creates a fresh new identity using elements of valid and/or fabricated forms of personal information.

As an example – a thief with a stolen valid Social Security number will combine it with a fake name, address and date of birth to create a brand new identity.  Because a valid Social Security # is used, there is no actual victim or true identity behind this false combination of identity elements.

Synthetic Identity Theft

 

Once Created – The Mischief Begins!

The merger of this real and fake personal data is then used to commit criminal, medical or financial fraud. Once an ID thief creates a new synthetic identity, they will attempt to apply for loans, credit or a job; get medical services, obtain cellphone service or even use the synthetic ID if they get arrested.

Remember that this newly created identity still contains your social security # as the main component and source of reference. Therefore, it becomes part of a fragmented or sub-file to your main credit file.

Additionally, fraud alerts, credit freezes and credit monitoring services will not indicate that anything is amiss. These usual protective measures do not stop Synthetic Identity Theft.

Unfortunately, the massive Equifax data breach, reported in September of 2017, exposed the valid social security numbers of nearly 148 million Americans. Realize also that those stolen social security numbers have already been purchased by criminals on the dark web – in underground black markets. Unfortunately, you cannot change your social security number!

 

What are Banks and Credit Card Companies Doing to Combat This?

Financial institutions understand the need to use any and all tools available to stop synthetic identity theft. They’re using advanced analytics, device intelligence and monitoring of underground websites. Credit Bureaus utilize tools that are able to detect when identity elements appear to be used inconsistently. They have developed analytical scores that help them determine whether a Social security # and identity belong to the right person.

A new federal law should also make it easier for creditors to verify ownership of a Social Security # with the Social Security Administration – which should help them verify that credit applicants actually exist.

 

THERE’S NO SILVER BULLET – BUT THESE STEPS MAY HELP

  • Only use an identity theft monitoring service that includes dark web monitoring. The service will check for personal identity elements, such as a SSN, that may have been exposed in a recent data breach.
  • It’s still worth placing a credit freeze with all three of the credit bureaus. Credit Freezes are now FREE in all 50 States as of September, 2018. Here’s is a previous article of mine explaining how to place a freeze
  • Get your free credit report at annualcreditreport.com from one of the three credit bureaus and check to see that there hasn’t been any unauthorized accounts opened.
  • A child’s SSN is often used to create Synthetic ID Theft. So, be sure to also place a credit freeze for your minor children as well.
  • National databases hold the key to discovery of Synthetic ID Theft. The DMV, insurance companies, data brokers, employers, prison or police records may all contain synthetic identities that include your social security number. Use a credit monitoring service that checks national databases.

 

Synthetic identity theft is a complicated and growing problem because it’s hard to detect and prevent this type of fraud. Once these synthetic identities are created, they become ‘verifiable’ identities and can therefore pass traditional security checks.

Unfortunately, it’s going to be up to you to be ever diligent if you want to protect yourself in the age of rampant fraud and deception.

EQUIFAX BREACH AFTERMATH

Aftermath of the Equifax Breach    (PART TWO)

It’s barely been a year since the Equifax Breach became one of the largest data breaches in U.S. history. Equifax’s gross negligence resulted in hackers stealing the social security numbers and other sensitive information of 148 million Americans.

Equifax Breach
Guard your identity with everything you’ve got

As a result of the Equifax breach, the company offered one full year of free credit monitoring. Knowing this, criminals are just biding their time, waiting for the year to expire. They know that once the free credit monitoring expires, the public will feel safe again. They expect consumers  will become more lax about protecting and monitoring their personal information. This would be a big mistake for consumers. Since you can’t change your SS#, you must remain ever vigilant.

YOUR DATA WAS ALREADY OUT THERE!

News Flash! Although the Equifax breach was massive, much of the consumer data exposed in that breach was already available to criminals. The majority of American’s most sensitive personal data has already been compromised for several years. It is then sold on the cyber-underground to the highest bidder. If you have any doubt, realize there were 1579 separate data breaches in 2017 alone. Millions of records are exposed in those breaches.

Therefore, even if you were not a party to the Equifax breach, you need to assume that your personal info is already out there for sale. So you need to continue to protect your data for the rest of your life. One of the best ways to protect yourself is to place a freeze on your credit file.

 

EEquifax Breach Credit Freeze
Credit Freezes keep the bad guys out!

Credit Freezes – will soon be FREE

Starting September 21, 2018 you can place, temporarily lift, or remove a Credit Freeze for FREE.  Because each person has their own credit file, each individual should lock down their credit report by placing a freeze on their file.

Once the freeze is in place, only you, (the person who placed the freeze), can view your credit file. Everyone else would be locked out, unless you choose to grant them access to it. Access to your credit file is granted by either placing a temporary lift or by removing the freeze.

According to the U.S. Federal Trade Commission, all three credit bureaus must set up a web page to assist consumers with placing a credit freeze.

A WORD OF CAUTION!

Once you begin the process of freezing your credit, you may be enticed to place a Credit “Lock” instead of a Credit “Freeze”. Do NOT be fooled into placing a Credit “Lock”. These are being pushed as an alternative to a Credit “Freeze” by all 3 credit bureaus. Credit Locks do not offer the same legal protections to consumers as a Credit Freeze. So, don’t be fooled!

You should also be sure to place a credit freeze for your minor children. Child ID theft is a criminal’s dream. The theft of a child’s identity is usually not discovered until years later. By that time, the damage is done, and the thief is long gone.

Additionally, all 3 credit bureaus are now required to offer FREE electronic credit monitoring services to all active duty personnel.

CONTINUE TO MONITOR REPORTS

As a habit, consumers should obtain a free credit report from each of the 3 credit bureaus by visiting www.annualcreditreport.com  This is the only federally authorized website to get your free credit report. Each of the credit bureaus must provide consumers with a free credit report, once a year. The smartest way to accomplish this is to stagger your requests during the year.

Here’s How:

In January, go to the website and request only one free report from Equifax. Then again in May, request one free report from Trans Union. Lastly in September, request your free report from Experian. This method gives you the opportunity to review your credit report for free over the entire year.

THAT’S NOT ALL FOLKS

To further protect yourself, it’s also important to request a report, monitor or lock down four other lesser-known consumer reporting agencies such as:

ChexSystems: provides account verification services for banks & financial institutions.

Innnovis: provides ID verification data to assist with fraud detection and prevention.

(NCTUE) National Consumer Telecommunications & Utilities Exchange.  NCTUE is a credit checking clearinghouse used by mobile phone providers and utility companies.

Lexis-Nexis: Collects info from public records & data sources such as real estate ownership, liens, judgments, bankruptcies.

 

NEVER HEARD OF THEM

There are dozens of other companies you never heard of that provide consumer reports to specific industries. The Consumer Financial Protection Bureau (CFPB) produced a list of all the known entities that maintain, sell and share tons of data on U.S. citizens. The link to the pdf document is here

The pdf document provides information and the links to the websites of 46 different entities. It also provides information about your legal rights to obtain the data in your reports and dispute any inaccuracies contained in them.

Remember that your data is only as safe as the companies and organizations that are tasked to protect that data. The vast majority of them are doing an abysmal job. So, it is up to you to protect your data and to remain vigilant at all times.

ONE MORE REASON

If I haven’t yet convinced you to freeze your credit file, here’s one more reason to do so. All 3 credit bureaus make a nice profit from selling copies of your file to others. Thus, freezing your credit file will deny them a steady revenue stream. Why should they be allowed to profit from selling your personal info; especially when they do such a lousy job at protecting it. What a perfect way to hit them where it hurts – their corporate bottom line!

You can learn more about credit freezes by reading a prior article of mine HERE

EQUIFAX BREACH UPDATE

HERE’S AN EQUIFAX BREACH UPDATE

Equifax announced last week that they suffered a data breach that may have affected 143 million (Updated to 145.5 million) of its customers. Social Security numbers, names, addresses and even some Driver’s Licenses and credit card numbers were breached.

If you add this Equifax breach to the other 700+ data breaches this year, (as of June 2017), chances are that your personal information has already been exposed.

The sheer size of this recent breach is so large and the potential harm so great, it makes sense to assume the worst!

Equifax Breach Update
143 Million Records Exposed!

Equifax has launched a tool to let you know if you’ve been affected by this breach. Go here: https://www.equifaxsecurity2017.com/potential-impact/  You’ll need to provide your last name and the last six numbers of your Social Security number. Alternatively, you can call them at 888-548-7878.

If you were impacted, Equifax is offering free credit monitoring via its own company – TrustedID Premier.  However, you won’t be able to enroll in it immediately.  You will be given a date when you can return to the site to enroll.  Equifax will NOT send you a reminder, so mark the date on your calendar to enroll. The deadline to sign up for credit monitoring expires November 21st.

Under pressure from N.Y. Attorney Eric Schneiderman and others, Equifax has now removed the waiver of your rights to participate in a class action suit as a condition of accepting their free credit monitoring.  Because they have now removed this clause, in their terms of agreement, I now advise that you sign up for the free credit monitoring service, ASAP!

A reminder that you have a right to a free copy of your credit report, once a year, from each of the 3 credit bureaus. There is the only federally authorized website to get your free report. Go here to get your free report: https://www.annualcreditreport.com/index.action

What you should do is stagger those requests among the three credit bureaus, by only requesting one of them every 4 months. That way you will have viewed your credit report, for free, 3X during the year.

TIPS:  The advice from my previous article is much the same.

  • Place a credit freeze with all 3 credit bureaus, ASAP. Equifax has now offered to waive the fee to place a credit freeze on their site. You’ll still have to pay the small fee to place a freeze with the other two.
  • In addition, get copies of your credit reports to see if there’s anything on them that might be an indication that you have already been a victim. Remember although this breach was announced last week, the breach actually happened a few months ago.
  • Be sure to monitor ALL of your financial accounts for any signs of trouble or inaccuracies.
  • Use two-factor authentication and set up spending alerts on your credit cards.
  • Watch out for Phishing Spam emails from Equifax Imposters trying to lure you into clicking on links regarding this breach. DON’T fall for it!

You can learn how to report and recover from identity theft by visiting FTC’s website:  http://www.identitytheft.gov  or by calling them at 1-877-438-4338.  The FTC provides information on how to protect yourself after a data breach.

Here are the online links and phone numbers of each of the 3 credit bureaus to place a credit freeze.