Update#1 : the Equifax Class Action settlement details have finally been released and you have until January of 2020 to sign-up!
Update #2: there was an Equifax claim email that went out in mid-September to those who submitted claims. It is a legit email that you should take action on.
The Equifax hack is “red alert” level bad – and you should take notice. It is the worst disclosed data hack in history when you factor in the privacy, amount, and legacy use value of the information that was hacked. The personal data of 147 million Americans with credit information was breached, and it includes names, addresses, Social Security Numbers, date of births, credit card numbers, and personal documents (i.e. driver’s licenses) – even if you were never an Equifax customer. That information doesn’t go away. And due to its nature, this private information could be used, sold, and re-sold for decades.
Equifax has been hacked twice already over the last 2 years, and apparently didn’t take enough measures to beef up their security to proper levels. This new hack continuously occurred between May and the end of July, when it was finally noticed. Since then, it’s taken at least 5 weeks for Equifax to disclose that they were hacked – but don’t worry – that was plenty of time for executives to unload nearly $2 million of Equifax stock shares and hire crisis PR agencies and legal teams first, before informing vulnerable consumers of the breach.
But, it gets better.
Equifax created a website for you to check if you’ve been hacked. I’m not going to link to it here, because it’s been proven to be fraudulent. If you put in ANY information, even bogus information, it will give you the screenshot response I’ve added in this post (I’ve tested it myself to verify). In reality, if you have any credit at all, you were likely hacked. The only question is how bad, and Equifax isn’t disclosing that.
But, it gets even better!
In order to even check for fraudulent information and get on the waiting list (!) for their TrustedID credit monitoring (which looks like a crappier version of LifeLock), one of the hidden terms of doing so is that you will waive your rights to sue Equifax or take part in a class action lawsuit through the use of an arbitration clause.
“AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.”
In related news, Republicans recently voted to scrap a CFPB rule that blocked companies from using arbitration clauses like this in order to avoid consumer lawsuits. (If Republicans allow us) my hope is that everyone takes part in the Equifax class action lawsuit, and selects the “cash payout” option versus signing up for Equifax’s TrustedID credit monitoring service, which lasts only one year, and has free alternatives.
Besides, if a dog continuously shits in your yard, you don’t call the dog to come and clean it up. So, in this post, I’m going to share with you how you can avoid dealing with Equifax and their corrupt business altogether and protect yourself in the immediate future and far beyond the next year.
1. Submit an Initial Fraud Alert (for Free)
Initial fraud alerts last for 90 days and require businesses to take extra steps to verify your identity before issuing credit (i.e. approving a new application or increased credit limits). When your Social Security Number is used to apply for something, i.e. a credit card or loan, that requires a credit check, and credit reporting agencies have to send your phone number to the creditor, and the bank has to call to confirm the authenticity of your application.
When you submit an initial fraud alert, the credit bureau you submit it with is required to notify the other two credit bureaus that they also should activate an initial fraud alert. So you only need one (and you should probably avoid the hacked Equifax). Here are the other 2 options:
- Experian initial fraud alert site, or 1-888-397-3742
- TransUnion initial fraud alert site (requires account), or 1-800-680-7289
Initial fraud alerts are free.
2. Monitor your Credit Reports Closely (for Free)
Look for any damage already done and in the future. I highly recommend using Credit Karma (free) for this, as they have free continuous access to Equifax and TransUnion credit reports. In particular, look at all open accounts and look for any recent credit inquiries that you did not initiate. Credit Sesame and Credit Karma also offers free credit monitoring – a service the credit bureaus all charge $15+ for per month.
If you believe information in your file results from identity theft, you have the right to ask that consumer reporting agency to block that information from your file. And a creditor or other business must give you copies of applications and other business records relating to transactions and accounts that resulted from the theft of your identity, if you ask for them in writing.
3. Give Yourself a Calendar reminder to Renew your Initial Fraud Alert Every 90 Days OR Submit an Extended Fraud Alert
The initial fraud alert does only last for 90 days. So, you have two options:
- remind yourself to renew the initial fraud alert every 90 days
- submit an extended fraud alert, which lasts 7 years
If you choose the extended fraud alert, you will also have to provide an identity theft report. An identity theft report includes a copy of a report you have filed with a federal, state, or local law enforcement agency, and additional information a consumer reporting agency may require you to submit.
Extended fraud alerts are free, and when you place with one, you are also placing it with all three:
4. Continuously Monitor your Bank, Credit Card, and Other Financial Account Statements for Unusual Activity
5. Watch Out for Tax Fraud and Submit your Tax Return Early
If a thief has your Social Security Number, it makes it easy for them to submit a tax refund request in your name. You must protect yourself from e-file identity theft fraud. Submit your return as early as you can to beat them to it and request an E-File PIN. Also, sign up for USPS Informed Delivery ASAP to monitor what is on the way to your mail box (and what doesn’t make it there).
6. Submit a Credit Freeze, if you Have Been Targeted
A credit freeze puts a freeze on your credit report so the bureaus are forbidden from releasing it without your express consent. The freeze must be filed with each credit bureau individually. This means that before applying for a job or credit card, buying insurance, obtaining a mortgage or giving anyone access to your credit report, you must ask the bureau to lift the freeze. It’s a pain, but if you have for sure been targeted, it might be worth the peace of mind.
As of September 21, 2018, free credit freezes (and thaws) are available to all Americans. Here’s where you can place them:
Note, a credit freeze is similar to a credit lock, but with more consumer protections.
7. For More Info.
Check out my prior post on the Anthem hack, and how to protect your identity. Also, the FTC’s website on identity theft has some valuable information.
While Equifax’s verification site may be fraudulent, signing up for their credit monitoring service will not prevent you from joining a class action suit. Their FAQs for Consumers page (https://www.equifaxsecurity2017.com/frequently-asked-questions/) on the website addresses this after concerns were expressed, including by the New York Attorney General.
It looks as though they’ve caved to pressure and updated some of the language on their site. However, do you trust these jerks? I don’t.
I can’t believe Equifax aren’t taking this more seriously…taking away your right to sue if you use the offered identity protection?!
Hopefully nothing bad will come of this, but that is doubtful. :(
Without thinking too much about it, I entered my info into the EquifaxSecurity2017.com site, and clicked the Enroll button. Now all this stuff is coming out about it being a fraudulent site, like you mentioned. I feel like a real dummy now. What happens now? Are there any other drawbacks to doing that other than not being able to participate in the class action? Someone said that entering 6 digits of your SSN is never a good idea and that it’s not even clear that EquifaxSecurity2017.com is directly owned by Equifax, or that it’s a secure website, so now it almost feels like they set me up to be even more vulnerable to ID theft. What can I do?
Equifaxsecurity2017.com is legitimately owned by Equifax (they link to it from the Equifax site). My use of the word “fraudulent” was in relation to the fact that the site doesn’t actually look up whether or not you were affected. It’s basically a useless site that directs you to sign up for their credit monitoring service. Is it secure? Who knows, but I certainly don’t trust Equifax. You can use all of the tools I’ve suggested in this article to protect yourself.
Mint provides a free copy of your Equifax credit report monthly. Just another way, in addition to Credit Karma, to keep an eye on what’s going on with your information. This is the stuff of nightmares!
Thank you for your advice. Just signed up using your directions.
As an additional precaution, we have removed your name and address from prescreened offer mailing lists for two years. As a convenience to you and to further protect your credit information, we shared your request with the other nationwide consumer credit reporting companies, Equifax and TransUnion, and you should receive confirmation directly from them. For more information on fraud alerts and how you can protect yourself, please visit experian.com/fraud.
As always……your timely blog on this subject along with the various ways you describe to go about this subsequent breach is greatly appreciated. Glad to be a subscriber!
Just so your readers aren’t ring fed information that’s slightly out of date – due to pushback, Equifax has now removed the verbiage that those who sign up for the credit monitoring are waiving their right to any class action lawsuit. It still may not be the best tool to use, but it’s still a resource that can be utilized without any negative affects.