Consumer Alert: Equifax Data Breach

Article updated October 6, 2017. Originally published on Sept. 12, 2017.

Equifax recently suffered a cybersecurity breach affecting an estimated 145.5 million U.S. consumers. The Equifax breach occurred via unauthorized access to its computer/technology systems and did not involve Arsenal Credit Union or any of its systems/records.

Even though we have no association with this breach, we want to help our members because we understand that incidents like this create stress and anxiety about the safety of your account information and personal identity. We’ve gathered and condensed a lot of information to help you know what to do – and what not to do – to safeguard your information and avoid being scammed.

About Equifax

The Atlanta-based firm is one of the nation’s three largest credit-reporting and monitoring firms, along with Experian and TransUnion.

Equifax organizes and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide. The company’s databases hold employee data submitted by more than 7,100 employers.

What you should know

You are at risk for fraud if your personally identifiable information was stolen from Equifax. Information that was accessed includes consumers’ names, Social Security numbers, birth dates, addresses and driver’s license numbers, as well as 209,000 stolen card numbers and private data from 182,000 stolen dispute documents. This data breach gives thieves everything they could possibly need to steal identities. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.

What you should do

A LendEDU survey finds that despite the fact that 84 percent of people have heard about the Equifax hack, a whopping 55 percent have not checked their credit or taken any action to remediate the issue.

To see if your personal information may have been impacted by this incident, use this online resource provided by Equifax.

The company is also offering a deluxe version of its ID theft protection and credit monitoring service covering all three credit bureaus for one year to all U.S. consumers at no cost. You will not be asked to provide any payment information when you sign up for this product (called TrustedID Premier), and you will not be automatically enrolled or charged after the conclusion of the complimentary year. If you were impacted by the breach and decide to enroll, click here.

Because the thieves have your Social Security number, they could wait and use it a year or five or 10 years from now – unless America totally rethinks the system it uses to identify everyone, that still leaves you vulnerable.

Consider placing a credit (security) freeze on your files with not only Equifax but the two other credit bureaus for the most complete protection. Equifax is offering free credit freezes for life with a service currently under development that will begin on Jan. 31, 2018; it will enable consumers to easily lock and unlock access to their Equifax credit files.

If you also want to place a credit freeze with Experian and TransUnion, the cost is $5.00 for each if you are a Missouri resident or $10.000 if you live in Illinois. The same amount is charged whenever you temporarily “thaw” the report, but there’s no cost if and when you decide you no longer want a credit freeze. For a list of costs for residents of other states, click here.

To freeze your credit, contact the credit bureaus online or by phone:

About credit freezes & fraud alerts

A credit freeze means potential creditors can’t get your credit report, making it less likely for new accounts (loans, credit cards, etc.) to be opened in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts. When you place a credit freeze, you can still use your credit card and online bill pay.

If you are looking to buy a home, car or apply for any other type of loan or credit card, you must remove this freeze. To “thaw” your credit report, each credit bureau will give you a PIN that you must enter when you call them. They will ask you the name of the company that you’d like to be given access to your credit report.

If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.

  • Fraud alert or credit freeze – which is right for you? Learn which form of protection is right for you with this article from the Federal Trade Commission.
  • If your credit information has been compromised, ask the three credit bureaus to place a free fraud alert on your credit report file. Unless you qualify for an extended fraud alert, you’ll need to renew this every 90 days. A fraud alert notifies lenders that they should take extra steps to confirm your ID, such as calling you at a preset phone number, before issuing new credit.
  • Consider signing up for an account with Credit Karma to get free credit monitoring and notifications of suspicious activity. If you do this, please be aware that the company makes money by collecting data and using its own financial models by sending qualified referrals to financial institutions.

The following actions are advised

  • Closely monitor your existing credit card and credit union/bank accounts for charges you don’t recognize and immediately report any suspicious activity on any one of those accounts to the appropriate financial institution. People who monitor their financial accounts and transactions online lose significantly less per fraud than those who rely on paper statements. Use Arsenal’s free online banking service to regularly review your accounts.
  • Keep your Arsenal Visa® credit card and Arsenal debit card secure by signing up for free text or email alerts for any activity. Sign up for credit card alerts here and debit card alerts here.
  • Check your credit reports from all three credit bureaus by visiting AnnualCreditReport.com. You can check each once a year for free. Space them out in four- month intervals, so you’re regularly getting up-to-date information. Accounts or activity that you don’t recognize could indicate identity theft. If you see evidence of identity theft, visit IdentityTheft.gov to find out what to do. The Consumer Financial Protection Bureau also provides solid advice on what to do if your identity is stolen. (The member education section on our website also provides a wealth of educational resources on fraud and scams.)
  • File your taxes as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Never do these things

  • Never log into your financial accounts or enter your personal or credit card information on websites while connected to a wireless hot spot that’s not secure. Using a hot spot in a public area that does not require any authentication exposes your computer to the risk of being hacked into by thieves who can look on the hot spot and then hack into your email accounts.
  • Never give discretion to your financial firms and advisers over your financial accounts without requiring additional security procedures in return. Require your financial firm to speak with you and request a verbal password (which is unique to your online password) when transfers are requested from your accounts. Of course, written instructions should also be required in addition to the verbal confirmations.
  • Never use your email address as your login ID for any financial accounts. In some of the fraudulent transfers reported recently, the thief could use the victim’s email address as the ID and then request a new password to be sent to their compromised email account.

Some additional dont’s

  • Don’t use your debit card to make online purchases. Only credit cards come with the strongest protections, including not being directly connected to your cash in a credit union or bank account and the legal right to dispute illegitimate charges immediately.
  • Don’t fall for emails or phone calls that you might receive which claim to be from Equifax, your credit union or bank that tell you there is a problem with a credit card, your credit record, etc., and request your personal information. Don’t provide any personal or financial information unless you have initiated the call, and it’s a phone number you know is correct.
  • Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a particular company, even when they’re not. If you get a robocall, hang up.
  • Don’t press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.

There is no need for you to close your account at Arsenal or other financial institutions.

Questions

Updates are being provided by Equifax at its data breach response site. Equifax also has established a dedicated call center that is open every day, including weekends, from 6 a.m. – midnight (Central Standard Time). The number to call is 866.447.7559.