The Equifax Breach – And What You Can Do About It!
They had one job to do. And look what happened when they didn’t do it…
They had one job
On September 7, 2017, Equifax announced a cybersecurity breach that affected about 143 million American consumers, as well as an undisclosed number (at the time) of people in Canada.
More recently, on September 19, 2017, Equifax Canada announced:
“While our investigation is ongoing and this information may change, at this point, we believe that the incident involves potential access to the personal information of approximately 100,000 Canadian consumers, and that the information that may have been breached includes name, address, Social Insurance Number and, in limited cases, credit card numbers.”
Geez. The hits just keep on coming…
Equifax said criminals “exploited a U.S. website application vulnerability” to gain access to certain files of consumers.
It’s their job to protect credit files.
So now what?
Since that announcement, it’s difficult to assess whether we as consumers can trust Equifax again, one of two credit agencies in Canada (TransUnion) is the other. We probably know the answer…so now what?
Now what the heck do we do if we assume our names, addresses, Social Insurance Numbers and credit card information is now available to the masses?
Here’s what we’re continuing to do, going to do, and just as importantly what we’re not going to do:
- Continue to remain vigilant. This is our number #1 defence tactic. This means we’ll continue to review all credit card statements, bank statements, investing statements and mortgage files for any potential breaches – frequently. We’ll continue to keep statements and reports in a secure location. We’ll continue to follow-up directly with any company or any financial institution if/when we have any questions or concerns. We’ll continue to make sure we’re watching those companies just as close as the evil criminals do…
- Continue to request our FREE credit reports – annually. Regardless if we’re a victim now, or later, we’ll request these reports to review all credit histories. If you want to know how to obtain your FREE credit report from either credit agency – click here on this Government of Canada page. (In fact, we just ordered ours.)
- Continue to use this site “https://haveibeenpwned.com/” shows if your e-mail or username has been affected by past breaches. I wouldn’t trust this site fully (just like anything else online) however it is an indicator.
- Continue to watch our credit score. Volatility on this could be an indication that someone has access to our credit, increasing our utilization rate, that shouldn’t. You can read about your credit score 101 here.
- Continue to report theft and fraud. If you identify anything suspicious, report it! Consider reporting any scams or fraudulent activity to the Canadian Anti-Fraud Centre. Tell your bank and credit card companies about any suspicious activity and then close any accounts or cards that have been compromised ASAP. Here are my tips to protect yourself online for any day of the month.
- Continue to change passwords. Security “experts” (including the ones at Equifax) recommend changing online passwords regularly and avoid using the same passwords for multiple accounts. We do this. Mind you these so-called experts also say they can keep your data safe – so when in doubt go back to your ongoing vigilance tactics.
- Obsess over this. Welcome to our digital age and these things will happen. My advice is to plan for the worst when it comes to your digital life – don’t assume anyone can or will fully take care of your online life. Expect your online life to stolen, transparent, and used by someone else (sadly) at any point in time.
- Sign-up for Equifax credit monitoring. I mean really, they had one job. Do you really think paying $19.95 per month is going to make your credit life more secure?
- Sign-up for text alerts. In doing so you’re opening yourself up to more vulnerabilities. What happens if your phone is stolen or lost? Ignore this advice from the financial media.
- Sign-up for “credit freezes” or fraud alerts. For one, credit/security freezes are only applicable to the U.S., so even if you wanted to do so in Canada this isn’t going to happen for you. Second, I wouldn’t bother with alerts because your time is precious – you’ll be a long-time working through all the false alarms or alerts or email notifications. Simply be mindful who you give your information to online. Recognize your digital life is a product to one or more companies.
Given our ever-evolving digital age, most of us have no choice but to provide some level of personal information to companies online – from paying your taxes online to credit check associated with buying the latest cell phone. Regardless of this Equifax mess-up (and future security breaches from other companies that are inevitable to occur) the best defense against personal attacks has always been and will always be – the vigilant you.
Thoughts? What advice do you have for me or for others?