Equifax Data Breach And 5 Things You Should Do To Protect Yourself
As I was still digesting the news of Equifax data breach where social security numbers, driver licenses, birthdates, addresses and other personal information for roughly half of U.S. population showed up in hands of hackers, I began to wonder if there is anything I can do about it.
Personal information of 143 million people had been compromised and the company sat on it for full 2 months before disclosing it to the public. Class action lawsuits have already been filed and company stock fell by over 13% on the news. This is all fine but my immediate concern was to check if I was impacted and how to protect myself from this and future frauds. Chances were that I was impacted because 44% of U.S. consumers were impacted. So, here are the steps I took and I believe that all of us should take a few of these steps.
First, I wanted to check if my information was compromised, I used a link provided by Equifax. You can also use the link https://www.equifaxsecurity2017.com/enroll/ and enter your last name and last 6 digits of your SSN. This link is provided by Equifax as a courtesy after this breach, Equifax is also offering an option to enroll in complimentary identity theft protection and credit file monitoring services (more on that later). After entering my SSN, I found that my personal information was indeed compromised - disappointing but not surprising given that I had 1 in 2 odds of being one of the unfortunate ones whose information got compromised. This meant that I needed to take some more steps to feel safe.
Secondly, I wanted to see if my information was already misused by someone. Since Equifax waited full 2 months before reporting it to the public, chances were that some of the information was already being used. This particular data breach provided enough information to hackers that they could open up new lines of credit in my name without any of my knowledge. Best way to check is to review your personal credit report at https://www.annualcreditreport.com/ and see if any new accounts in your name have been opened. I went ahead and requested my free credit reports and luckily found that there were no new accounts. A small sigh of relief but the information in this report was eye opening for me. There were a few addresses on my report where I have never lived before. They provide an option to dispute those records and I did. But in the process, I learned that it is probably useful to periodically check what is on your credit report and catch any suspicious activity.
My third step was to sign up for credit monitoring service. Equifax is offering complimentary monitoring services and some 3rd party paid options from LifeLock and IDSheild are also there. I am no expert in recommending which monitoring service is best but I went ahead by enrolling in services offered by Equifax knowing that I can always sign up for a different service once I do more research about which one is best.
Now the next major step I took was to freeze my accounts with Equifax, Experian and Transunion altogether. This is a rather drastic step because this also means that I can’t apply for new credit cards or get new lines of credit without first lifting a freeze. This is highly inconvenient and may not even be an option for some but for me, I felt that I didn’t really need any new credit for foreseeable future and precaution was better than convenience.
This brings me to my fifth and last point about trading off security for convenience. See, companies are playing gamble with our personal information in the name of making our lives more convenient. Multiple sensors on our phone are reporting our coordinates all the time. Devices are listening to our voice commands and soon they may even be capturing video of our surroundings just so they can suggest better products and services for us. Bots are reading our emails and suggesting that it is time to leave for the airport because the bot found flight confirmation details in our inbox. Convenient - yes, but it does come at a hefty price of compromising my information especially when we can’t be so sure that companies can or will really safeguard our personal information. They probably have good intentions to keep our information secure (at least some of them do) but can they be hacked in the same manner as Equifax or Yahoo or Dropbox or many others did? Absolutely Yes. Now, we will all make different tradeoffs when it comes to security and convenience but I think that we at least need to be aware of what sensitive information about us is being used and by whom and for what purpose.
So, I started the discovery process of my own by looking for my personally identifiable information stored on my computer and in my cloud storage services by using a software program called QuikFynd Desktop Search (Full disclosure - I am also founder of QuikFynd, a search and data organization solution, so it's all but natural that I would trust my own software). QuikFynd indexes files on my desktop and all of my cloud storage accounts and I can search for files based on their content easily. I have files in about a dozen or so cloud accounts and most of the files are still on my laptop. Curious to find if all of my information is safe, I typed my SSN in the search box of QuikFynd Desktop Search and whoa, in the fraction of a second I found 3 documents that had my SSN number. One file was on my desktop and two more in Dropbox. How did my SSN number show up in Dropbox? Ok, so I use my phone connected to Dropbox and all content from my phone automatically gets synched up with cloud storage. I remember sharing my SSN for getting insurance for our cars last year and I used a note-taking program on my phone to type it up. This document got automatically synched with my cloud storage service. Convenient - Yes, but did I intend to put my SSN on a file in Dropbox? Absolutely No. They too were hacked just a few years ago. Now the important thing to note here is that I didn’t have slightest of the idea that a file with my SSN exists in my Dropbox. By using QuikFynd Desktop Search, I was able to quickly find it and remove this file from cloud storage. I also found a few other files in Google Drive that had my personally identifiable information, one file was a photo copy of my driver license and I removed those also.
When it comes to securing and protecting our own personal data, there is no better person than you. By taking some of the steps I took after Equifax data breach, I feel a little bit safer. These hacks will continue but by doing periodic checks of your own credit report and by periodically searching for personally identifiable information using products such as QuikFynd Desktop Search, I believe we can be a bit more in control.
Did you do anything about learning about this data breach? Do you have tips for others that you would like to share? Please use the comment box to share your thoughts.