In case you missed it (if you did: hello! Have you been on vacation somewhere exciting?): Equifax announced a massive data breach. There are many questions that fall out of this.
Was my data breached?
Well, maybe. Equifax has a service where you can see if your data was included in the breach. But it may be random. Even more distressingly, the page itself is a security nightmare. It originally used an unpatched version of Wordpress that exposed a user database publicly. Should you even put your information in there to check? No. Assume your data was included in the breach. There isn’t anything else you can do safely.
Having said that, what does that do for you? In the short run, nothing. There’s no way to tell that your information will actually be used to set up fraudulent accounts. This is a deeply unsatisfying answer, but the most important thing to do with this is to take some deep breaths, be patient, and move forward cautiously.
Ok, what do I do now?
I recommend a three-pronged approach:
- Use Credit Karma or a similar service offered by your bank to keep an eye on your accounts and monitor your score
- Pray no one opens an account in your identity 🙏🏽
- If someone does, follow the directions in Patrick McKenzie’s article
Monitoring Your Credit
I use Credit Karma. It’s pretty great! Their company is pretty transparent about their business and security practices, and they seem trustworthy. They also offer a credit monitoring service, where they will notify you on large changes to your score. Of course, no one is going to be able to guarantee perfection. But I like Credit Karma because having your score at your fingertips on your phone is a lower point of friction than getting it through your bank. But that is still a great option! If your bank or credit card provider offers free reports (as an acquisition/retention strategy), and you’d prefer going through them, take it! More important is that you have the option available.
Wait, I shouldn’t sign up for Equifax’s monitoring program?
I think it’s been pretty well demonstrated that Equifax doesn’t deserve more leverage over your wallet than it already has. This is undoubtedly a great revenue source for them, but it feels a lot like a protection racket. “Oops, I lost your data! Pay me some money to make sure nothing bad happens to it.”
More pressing, though, it’s just not a great purchase. With a bit of time investment on your part, you can accomplish the same thing. And for the time investment: Equifax has shown that it doesn’t deserve your trust. Why would you pay them to take the time off your hands in this case when you can’t trust them anyway?
Ok, I’ve been monitoring my credit reports, and there’s a credit card on it I didn’t open!
Go read Patrick McKenzie’s article on this, start to finish. No, seriously, the whole thing. I’m not going to add to it because he covers what to do extremely well.
This whole thing is freaking me out! I can barely sleep!
Take a breath. If you still can’t sleep, put a freeze on your credit. Brian Krebs has a good article on it here.