The announcement this week that Equifax was hacked is infuriating. Equifax and its competitors TransUnion and Experian are the plumbing of today’s financial system. If we want to participate in the economy with a credit card, most cell phone service plans, a mortgage to buy a home, or any number of other financial transactions that require credit, then we’ve likely relied on these agencies to convey our credit worthiness to a third party.
We don’t really have a choice here, and it’s incumbent on Equifax and its peers to be security zealots that lose sleep every night working to protect our data. If you’re like me or 143 million other Americans, they didn’t do enough: our social security numbers and other privileged information are now in the hands of hackers.
After unclenching my jaw and fists at the enormous reach of this hack, my next question is: what can we all do to protect ourselves from here? Fortunately, there are a few options.
1. Keep a defensive posture
Even if you were not one of the 143 million Americans in this hack, your data may be out there from some other hack. A good security posture is to presume your data is out there and that you need to take some simple defensive measures.
2. Monitor your credit
Each of the big three credit agencies is required to provide you with a free credit report each year. The FTC has a website that explains your rights to a free credit report, and they will refer you to annualcreditreport.com to request those credit reports. Your credit report will detail all of the current and many past accounts in your credit history. For most people this is a confirmation of the accounts you’d expect to see. When things go wrong, it’s also the best place to spot accounts that may have been opened by thieves.
3. Consider a credit freeze
If you are not regularly using your credit to open new accounts you can consider a credit freeze. This is the gold standard for securing your credit. When you order a freeze you are restricting access to your credit reports. This makes it hard for thieves (or you) to open new credit (mortgages, bank loans, credit cards) without unlocking your credit file. A credit freeze does not impact your credit score, nor does it prevent you from getting your free annual credit report mentioned above.
To initiate a freeze, you will need to contact each credit agency.
Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
Each credit agency will confirm your name, address, date of birth, Social Security number, and other personal information. Fees vary by state but range from $5 to $10. In most states a credit freeze doesn’t expire until you choose to lift it. In some states, including Kentucky, Nebraska, and Pennsylvania, the credit freeze will expire in seven years.
After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
If you are regularly opening credit, then the hassle may outweigh the benefit. A credit freeze is one way to provide significant protection against a thief opening an unauthorized account in your name.
4. File early to reduce the chances of tax fraud
Thieves can file a fraudulent refund in your name, with your social security number, and provide incorrect information justifying a generous tax refund, which they then route to their own accounts. You will not know someone has already filed a tax return in your name until you attempt to file and find that your Social Security number is already being used in a prior return for this year.
You can reduce the chances of tax fraud by being the first to file with your Social Security Number in late January or early February. Even if you file early, you don’t need to make a payment until April 17, 2018, which is the filing deadline this coming spring.
5. Ignore incriminating emails or calls from the IRS
I recently received a hoax call from someone purporting to be IRS alerting me to a tax crime I’d committed. It was a ruse. The IRS does not initiate contact with taxpayers by email or social media to request personal or financial information. Also, any unexpected phone call from someone claiming to be an IRS agent, either threatening you with arrest or deportation if you fail to pay immediately, is a scam. Similarly, the IRS will not call you to initiate a refund. Read more on the IRS website.
6. Watch your account activity
In addition to our core checking and credit card accounts, many of us have numerous other accounts. A mortgage here. A car loan there. A few credit cards. A 401k from a past job. A student loan.
It’s critical to keep an eye on these accounts to make sure the transactions are ones you’ve initiated. A friend who is an Assistant United States Attorney sees a lot of discouraging things in her work, and she knows enough to know that bad stuff can happen. Every morning she takes a review of all of her accounts to make sure there are no surprises.
Tiller makes this easy. You can create one or more spreadsheets with your accounts from all of your financial institutions. We support thousands of banks and institutions of all varieties, so if you have an account, there’s a good chance we can securely connect to it and provide an automated daily feed or your latest transactions to your Google Sheet. The optional daily email from Tiller is another tool to quickly review your transactions for unexpected charges.
Knowing the role we play in our customers lives, we do lose sleep over security and privacy at Tiller. We don’t ever see or store your bank usernames and passwords. We use Yodlee to securely access your bank data because it’s a trusted name in online banking, and most of the major U.S. banks use Yodlee too. Furthermore, we have policies in place to prevent the humans on the Tiller team from seeing customer transaction and balance data. We work hard to keep your data private and secure.
Visit your Tiller Console to add accounts and get started.
7. Skip the free credit monitoring from Equifax.
Equifax is offering free credit monitoring for a year, and then you can pay them for the privilege of protecting the data they lost. This rattles me, and they owe consumers much more than a free year of their own fraud-prevention service. I’ve tried credit monitoring, and it doesn’t give me peace of mind (and the experience is kludgy to boot).
Equifax also has a site where you can check if you’ve been exposed in this hack by entering your name and social security details. However, this site also doesn’t elicit trust. A New York Times reporter shared his story about entering bogus name and social security data, and Equifax still gave him the message that his information was impacted. Equifax, it would appear, doesn’t yet have a grasp on the situation.
Taking matters into your own hands
The bottom line with many of the recent hacks is that we can’t assume we’re safe from thieves, but with a few careful steps, we can make ourselves a difficult target. Furthermore, we can be alert so if something is amiss we catch it quickly before much damage can be done.
Tiller Founder, Peter Polson
Peter loves designing great products and creating tools and systems that help people live better lives. He was a founder and president of Junxion (acquired by Sierra Wireless) and later CEO at Dashwire (acquired by HTC). He enjoys most activities around mountains and water, especially skiing and hiking with his family. His kids gasp in amazement at the pennies he can magically pull out of their ears.