Funny about Money

The only thing necessary for the triumph of evil is for good men to do nothing. ―Edmund Burke

Fun & Games with Equifax

Amazing. A hundred and forty-three million people get all their private financial information stolen from Equifax, an organization that snoops into your business and accrues data about you without your permission — without encrypting said data. Adding to this latest entry in the Annals of the Floored and Flabbergasted, Equifax executives knew what was coming down the pike, so sold their stock in the company before the news hit the street.

So. If your personal information hasn’t already been stolen, chances are pretty good it’s gone now: 143 million is one in two Americans who may be a victim of this latest heist. What can you do?

You’re not helpless, interestingly enough: there are several strategies that will help protect against the effects of identity theft.

Freeze your credit bureau accounts. You have to call all three credit bureaus to have each one apply a freeze. It ensures that no one — including you — can set up a new bank account, credit card, mortgage, or the like without your knowing about it.

This is probably the best move you can make. It does add some hassle to your life. Any time you want to take out a loan or open a new bank account, you have to un-freeze at least one account — usually Experian. This is made slightly less inconvenient by the fact that you can limit the period that it’s unfrozen, having it refreeze after x number of days. Which sounds good until you realize that you have no way of getting the people your dealing with off the dime: invariably, they don’t get around to asking for a credit report until after the un-frozen period ends.

Monitor your credit card and bank account statements. You should be doing this anyway, but now that’s even more true. Check each statement promptly after it arrives for any transactions you don’t recognize, and if you suspect fraud, call the card issuer or bank immediately.

Set up fraud monitoring on your accounts. Equifax proposes to give its victims a year of free fraud monitoring — conveniently, through its own subsidiary.

This is problematic. First, one year of monitoring ain’t much. If bad guys have your Social Security number, you don’t have a year-long problem: your problem is going to last the rest of your life. After that year, you’re going to have to pay for the privilege. And second, if you sign up for the service offered by Equifax, you have to give up your right to sue the bastards — or to be part of a class action suit.

There is some wrong-doing here: they knew about this on July 29, plenty of time for the higher-ups to unload stock. We proles didn’t learn that our personal data was on the way to the Dark Web until yesterday. So no: you do not want to forego your right to sue, and no: you do not want to agree to accept arbitration.

Paid identity fraud monitoring is probably unnecessary. You can accomplish the same thing for free or for very little by freezing your credit bureau accounts, keeping a sharp eye on your financial statements, and also checking the EOB (explanation of benefits) statements that come from your health insurer for any treatments you didn’t receive.

For free, you can monitor your credit reports. By law, credit bureaus are required to give you one free credit report a year. Since three credit bureaus dominate the privacy-invasion landscape, you can arrange to stagger requests for reports, so that one comes in every four months, giving you a recurring view of activities reported to the credit bureaus.

The federal government has a free identity theft recovery program for people who believe they’ve been victimized. When you review the complicated, time-consuming steps required to respond to an attack on your identity, you realize exactly how serious this vast breach is. It is, in a word, a fiasco.

Be Sociable, Share!

Author: funny

This post may be a paid guest contribution.

8 Comments

  1. It’s a CREDIT BUREAU, you’d think that have the best safety measures available to guard information. They waited SIX DAMN WEEKS to say something. Those Equifax execs need to pay through their noses as well as lose their jobs. Can they go to prison for this? Sure hope so!

    • Exactly. They won’t go to prison because they have enough money (from the sale of Equifax stocks alone, no doubt) to buy their way out. But they should have their asses sued from here to the far side of Outer Mongolia.

      Do NOT accidentally opt out of being party to a class action suit by signing up for their credit monitoring service!!!!!

  2. Holy mackerel! Over dinner tonight, I talked with a woman whose daughter worked for a credit union for some years. Daughter says that this breach is so serious that the perps can use your data to get into your bank accounts and your investment accounts. She (daughter) had her mother sign up for “oral passwords” at all her banking institutions: this means if you or anyone else goes into the bank to make a transaction, you (or they) have to produce a spoken password to proceed.

    More to come: Monday I’ll go out to the CU and ask about this, and also contact Fidelity to see what they recommend.

    This may be much worse than we imagine…

    • At this point the only way to protect account access is to use multi-factor authentication (aka two-factor or two-step authentication) based on something you know (eg password/pin) and something you have (eg token, called/texted single use pin code, biometric data). I know Fidelity uses this, as do Capital One, Facebook, and Google.

      Some places will try to claim they are using multi-factor authentication, but are using a system based only on things you know. For example, they may ask for your password, and then prompt you to answer security questions. Don’t be fooled by those, they’re not really providing much additional security. How hard is it really to find out what someone’s mother’s maiden name was, or the first car they drove, or the high school they attended? A lot of the answers to those types of questions can be found by looking through someone’s social media.

      • This is good to know. And your observation brings up a related issue: DON’T REVEAL PERSONAL INFORMATION ON FACEBOOK or other social media. You don’t have to give Facebook your birth date — nor should you. If you’re pushed to it, write in a fake date, something like 1/1/1980. This will make you look old enough to be an adult but will not match your SS number’s or driver’s license DoB.

        I emit disinformation whenever I can.

        Remember back in the day when we used to write checks for practically everything? Merchants would ask for your phone number, ostensibly for ID confirmation purposes but in reality so they could sell the number to marketers or use it to pester you on the phone themselves. I had a fake phone number printed on all my checks. It was a number I made up…turns out to have belonged to some small nonprofit. Oh well… wonder how many phone solicitations that outfit got as a result of that alt-fact?

        My Safeway card is in the name of a now-deceased dog, and the phone number they made me fill in was the number of Safeway’s Arizona corporate offices. If you’re not under oath — and not dealing with the IRS — you do NOT have to answer nosy questions with the truth. Lie, lie, lie, and then lie some more.

  3. I already had a credit freeze at all 3 major credit bureaus. There are actually 2 more – Innovis and ChexSystems (used by banks when you open accounts). I put a freeze on my accounts with them today as well

    Problem is – with the information that resides in the Equifax database that has been stolen – they have enough information to RELEASE the freeze at that bureau, if not the other 4.

    Still worth doing, in my opinion.

    I’ll have to see if my banks offer oral passwords – I do have that at my investment accounts already.

    • Yes. That is exactly the concern: that if they have every bit of your information, they’ll have no problem getting past the freeze. Monday morning I’m going to kill the morning jumping through punch-a-button phone hoops trying to change my passwords at all the major credit bureaus.

      You can also put a fraud alert on your files at the three major credit bureaus.

      Really…you have to wonder why there are no laws prohibiting companies from gathering all this information in one place — or from snooping into your private life at all.

      I also will call Innovis. ChexSystems…godlmighty. There’s just a LIMIT…now we’re talking about endless hoop-jumping through not one, not two, not three, not four, but FIVE of these faceless outfits????? What an effing horror show.