The Equifax hack is “red alert” level bad – and you should take notice. It is the worst disclosed data hack in history when you factor in the privacy, amount, and legacy use value of the information that was hacked. The personal data of 145.5 million Americans with credit information was breached, and it includes names, addresses, Social Security Numbers, date of births, credit card numbers, and personal documents (i.e. driver’s licenses) – even if you were never an Equifax customer. That information doesn’t go away. And due to its nature, this private information could be used, sold, and re-sold for decades.
Equifax has been hacked twice already over the last 2 years, and apparently didn’t take enough measures to beef up their security to proper levels. This new hack continuously occurred between May and the end of July, when it was finally noticed. Since then, it’s taken at least 5 weeks for Equifax to disclose that they were hacked – but don’t worry – that was plenty of time for executives to unload nearly $2 million of Equifax stock shares and hire crisis PR agencies and legal teams first, before informing vulnerable consumers of the breach.
But it gets better.
Equifax created a website for you to check if you’ve been hacked. I’m not going to link to it here, because it’s been proven to be fraudulent. If you put in ANY information, even bogus information, it will give you the screenshot response I’ve added in this post (I’ve tested it myself to verify). In reality, if you have any credit at all, you were likely hacked. The only question is how bad, and Equifax isn’t disclosing that.
But it gets even better!
In order to even check for fraudulent information and get on the waiting list (!) for their TrustedID credit monitoring (which looks like a crappier version of LifeLock), one of the hidden terms of doing so is that you will waive your rights to sue Equifax or take part in a class action lawsuit through the use of an arbitration clause.
“AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.”
In related news, Republicans recently voted to scrap a CFPB rule that blocked companies from using arbitration clauses like this in order to avoid consumer lawsuits. (If Republicans allow us) my hope is that everyone takes part in the Equifax class action lawsuit, and selects the “cash payout” option versus signing up for Equifax’s TrustedID credit monitoring service, which lasts only one year, and has free alternatives.
Besides, if a dog continuously shits in your yard, you don’t call the dog to come and clean it up. So, in this post, I’m going to share with you how you can avoid dealing with Equifax and their corrupt business altogether and protect yourself in the immediate future and far beyond the next year.
1. Submit an Initial Fraud Alert (for Free)
Initial fraud alerts last for 90 days and require businesses to take extra steps to verify your identity before issuing credit (i.e. approving a new application or increased credit limits). When your Social Security Number is used to apply for something, i.e. a credit card or loan, that requires a credit check, and credit reporting agencies have to send your phone number to the creditor, and the bank has to call to confirm the authenticity of your application.
When you submit an initial fraud alert, the credit bureau you submit it with is required to notify the other two credit bureaus that they also should activate an initial fraud alert. So you only need one (and you should probably avoid the hacked Equifax). Here are the other 2 options:
- Experian initial fraud alert site, or 1-888-397-3742
- TransUnion initial fraud alert site (requires account), or 1-800-680-7289
Initial fraud alerts are free.
2. Monitor your Credit Reports Closely (for Free)
Look for any damage already done and in the future. I highly recommend using Credit Karma (free) for this, as they have free continuous access to Equifax and TransUnion credit reports. In particular, look at all open accounts and look for any recent credit inquiries that you did not initiate. Credit Sesame and Credit Karma also offers free credit monitoring – a service the credit bureaus all charge $15+ for per month.
If you believe information in your file results from identity theft, you have the right to ask that consumer reporting agency to block that information from your file. And a creditor or other business must give you copies of applications and other business records relating to transactions and accounts that resulted from the theft of your identity, if you ask for them in writing.
3. Give Yourself a Calendar reminder to Renew your Initial Fraud Alert Every 90 Days OR Submit an Extended Fraud Alert
The initial fraud alert does only last for 90 days. So, you have two options:
- remind yourself to renew the initial fraud alert every 90 days
- submit an extended fraud alert, which lasts 7 years
If you choose the extended fraud alert, you will also have to provide an identity theft report. An identity theft report includes a copy of a report you have filed with a federal, state, or local law enforcement agency, and additional information a consumer reporting agency may require you to submit.
Extended fraud alerts are free, and when you place with one, you are also placing it with all three:
4. Continuously Monitor your Bank, Credit Card, and Other Financial Account Statements for Unusual Activity
5. Watch Out for Tax Fraud and Submit your Tax Return Early
If a thief has your Social Security Number, it makes it easy for them to submit a tax refund request in your name. You must protect yourself from e-file identity theft fraud. Submit your return as early as you can to beat them to it and request an E-File PIN.
6. Submit a Credit Freeze, if you Have Been Targeted
A credit freeze puts a freeze on your credit report so the bureaus are forbidden from releasing it without your express consent. The freeze must be filed with each credit bureau individually. This means that before applying for a job or credit card, buying insurance, obtaining a mortgage or giving anyone access to your credit report, you must ask the bureau to lift the freeze. It’s a pain, but if you have for sure been targeted, it might be worth the peace of mind.
As of September 21, 2018, free credit freezes (and thaws) are available to all Americans. Here’s where you can place them:
Note, a credit freeze is similar to a credit lock, but with more consumer protections.
7. For More Info.