The Equifax Breach – And What You Can Do About It!
They had one job to do. And look what happened when they didn’t do it…
They had one job
On September 7, 2017, Equifax announced a cybersecurity breach that affected about 143 million American consumers, as well as an undisclosed number (at the time) of people in Canada.
More recently, on September 19, 2017, Equifax Canada announced:
“While our investigation is ongoing and this information may change, at this point, we believe that the incident involves potential access to the personal information of approximately 100,000 Canadian consumers, and that the information that may have been breached includes name, address, Social Insurance Number and, in limited cases, credit card numbers.”
Geez. The hits just keep on coming…
Equifax said criminals “exploited a U.S. website application vulnerability” to gain access to certain files of consumers.
It’s their job to protect credit files.
So now what?
Since that announcement, it’s difficult to assess whether we as consumers can trust Equifax again, one of two credit agencies in Canada (TransUnion) is the other. We probably know the answer…so now what?
Now what the heck do we do if we assume our names, addresses, Social Insurance Numbers and credit card information is now available to the masses?
Here’s what we’re continuing to do, going to do, and just as importantly what we’re not going to do:
Do
- Continue to remain vigilant. This is our number #1 defence tactic. This means we’ll continue to review all credit card statements, bank statements, investing statements and mortgage files for any potential breaches – frequently. We’ll continue to keep statements and reports in a secure location. We’ll continue to follow-up directly with any company or any financial institution if/when we have any questions or concerns. We’ll continue to make sure we’re watching those companies just as close as the evil criminals do…
- Continue to request our FREE credit reports – annually. Regardless if we’re a victim now, or later, we’ll request these reports to review all credit histories. If you want to know how to obtain your FREE credit report from either credit agency – click here on this Government of Canada page. (In fact, we just ordered ours.)
- Continue to use this site “https://haveibeenpwned.com/” shows if your e-mail or username has been affected by past breaches. I wouldn’t trust this site fully (just like anything else online) however it is an indicator.
- Continue to watch our credit score. Volatility on this could be an indication that someone has access to our credit, increasing our utilization rate, that shouldn’t. You can read about your credit score 101 here.
- Continue to report theft and fraud. If you identify anything suspicious, report it! Consider reporting any scams or fraudulent activity to the Canadian Anti-Fraud Centre. Tell your bank and credit card companies about any suspicious activity and then close any accounts or cards that have been compromised ASAP. Here are my tips to protect yourself online for any day of the month.
- Continue to change passwords. Security “experts” (including the ones at Equifax) recommend changing online passwords regularly and avoid using the same passwords for multiple accounts. We do this. Mind you these so-called experts also say they can keep your data safe – so when in doubt go back to your ongoing vigilance tactics.
Don’t
- Obsess over this. Welcome to our digital age and these things will happen. My advice is to plan for the worst when it comes to your digital life – don’t assume anyone can or will fully take care of your online life. Expect your online life to stolen, transparent, and used by someone else (sadly) at any point in time.
- Sign-up for Equifax credit monitoring. I mean really, they had one job. Do you really think paying $19.95 per month is going to make your credit life more secure?
- Sign-up for text alerts. In doing so you’re opening yourself up to more vulnerabilities. What happens if your phone is stolen or lost? Ignore this advice from the financial media.
- Sign-up for “credit freezes” or fraud alerts. For one, credit/security freezes are only applicable to the U.S., so even if you wanted to do so in Canada this isn’t going to happen for you. Second, I wouldn’t bother with alerts because your time is precious – you’ll be a long-time working through all the false alarms or alerts or email notifications. Simply be mindful who you give your information to online. Recognize your digital life is a product to one or more companies.
Given our ever-evolving digital age, most of us have no choice but to provide some level of personal information to companies online – from paying your taxes online to credit check associated with buying the latest cell phone. Regardless of this Equifax mess-up (and future security breaches from other companies that are inevitable to occur) the best defense against personal attacks has always been and will always be – the vigilant you.
Thoughts? What advice do you have for me or for others?
Mark
My name is Mark Seed - the founder, editor and owner of My Own Advisor. As my own DIY financial advisor, I've surpassed my goal and now investing beyond the 7-figure portfolio to start semi-retirement with. Find out how, what I did, and what you can learn to tailor your own financial independence path. Join the newsletter read by thousands each day, always FREE.
Mark,
RBC has a FREE service in their on-line account site that sends me to my personal TransUnion on-line account and it provides my current FICO score and I can look at my personal info with them plus all of my Revolving accounts, Installment accounts & Other accounts that report to them. TransUnion shows the Institution Name but not the account #, the reported balance, date of reported balance, minimum payment & term.
You can access this once a month for FREE.
I have been accessing my Transunion & Equifax reports for years. Back when mail in request were the only option and then when phone in request were available. (The Tansunion phone in system is HORRIBLE. They use this computer voice called “TERRY” & it talks so fast and the voice quality is horrible. I think they do this to frustrate you and to get you to go on-line to get their paid report.) But now that I get access to their info through RBC I don’t think I will bother getting their written report. I will still use the phone system to get one from Equifax. With all this bad press on Equifax I wish Market Place(CBC) would do a segment on the poor quality of the TransUnion phone in system. I defy anyone to use it and get through in less than 3 tries. They are deliberately making it difficult to use because it is free. Equifax’s phone in system is very easy to use.
Thanks for the information.
Great comment Lawrence and good tips and reminders for all.
All the best and stay vigilant!
Mark
Lawrence thanks for that information. I can’t believe I missed that link on the RBC home page although there is a lot of stuff there.
Didn’t check mine there since I had already done it online directly with transunion. I did check my wife’s score and report (with her permission of course!) for the first time. All good. The proces is simple and user friendly with the RBC link- no inputting needed at all, click link, agree, score is shown and tab over to read the report under nicely done subtitles.
Yes, this cybersecurity issue is troubling. With an increasingly digital world more will be at stake and the war between corporations/governments/public and cyber thieves will increase. I know I have had 3 attempts on me in the past several weeks with fake stuff from “itunes” , an “etransfer” from CRA, and an “etransfer” from someone I’ve never heard of. Naturally I think they all wanted personal info first. Fat chance.
Good tips for people Mark. I went over 40 years without checking my credit record and never had any issues. About 2 years ago I requested my report and also checked my credit score free with your partner. No surprises, but numerous inacurracies however nothing affecting credit worth correcting. We are careful with our data/security, but are vulnerable like most people when it comes to all the places where our personal information is available. BTW, with Transunion you can get your report online easily.
Interesting the Equifax CEO stepped down over this.
Good of the CEO to step down. I mean, what else could he do?
Yeah, we all need to be vigilant. Easier said than done I think RBull. I get the same fake iTunes and Apple emails all the time. Annoying as heck…
It will be interesting to see what our reports come back with.
Mark, I agree on the easier said than done. Yes, it certainly was the right thing for the CEO to do given the breach scale and nature of the business.
When I sold my business in 2009 the guy buying it had his personal identity stolen a week or so before closing date. What a nightmare. It messed up timing of our transaction but I worked with him on it.
G/L with your reports.
There are websites that you can sign up like credit Kama or rate hub that will allow you to check your credit score/report anytime you want for free. I check my credit report from these sites once in a while. It’s better than paying for the credit monitoring service.
On top of that, checking your accounts and statements is not a bad thing. Not only are you monitoring for unauthorized activities, you also want to know if you’re not being charged excessive fees.
Credit score is not the same as a credit report though. Totally different things.
Always monitoring your accounts is a good thing in my book.
Great post Mark! Just make sure you request your credit report from both Equifax and Trans Union. It appears Royal Bank uses Trans Union more (and also gives them your phone number). If you see something wrong on your credit file you can ask that they correct it (for free). They then will contact the creditor to verify the poor rating (and request that they provide proof) and in most cases the creditor never replies – so they remove the poor rating. Also – you are allowed to add a line to any credit score. For example – you can add “my wallet was stolen”. One last thing: If you have a R-9, I-9 or other poor credit score and Equifax will not remove it – take them to small claims court. They never defend these actions because they can’t get the creditor to appear in court. So you win – without it ever going to court. (default).
“They never defend these actions because they can’t get the creditor to appear in court.”
Absolutely. Looking forward to my next report to see if anything funny is going on. Hopefully not but if you don’t ask, you don’t know!