While most of us have been watching the path of Hurricane Irma, another big news story this past week warrants your attention. Last week, Equifax announced that a “Cybersecurity Incident” had exposed names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license and credit card numbers, from a whopping 143 million Americans. We have already received e-mails from clients who have been affected, and expect to receive more since this will likely affect about half of the country.
In fact, this is another massive data breach reminding us how vulnerable we are to thieves seeking our personal information and identity. “Incident” sounds a bit tepid for the magnitude of this particular breach.
Are You Impacted?
To find out if your information has been compromised, check the potential impact on the Equifax website: https://www.equifaxsecurity2017.com/potential-impact/
You should do so for all of your household members, including your underage kids. In the event that you or one of your family members are affected, Equifax offers to enroll you for free credit monitoring, which they will provide for one year. I’m generally not a fan of paying for identity theft insurance or credit monitoring services, but there’s no reason not to take advantage of Equifax’s free offer. A credit monitoring service won’t prevent fraud from happening, but WILL alert you when your personal information is being used or requested. The service includes identity theft insurance, and it will also scan the Internet for use of your Social Security number—assuming you trust Equifax with this information after the breach.
It may take a few weeks before the service becomes effective. In the meantime, I recommend you plan to monitor transactions on your bank accounts and credit cards. The credit card companies typically do a pretty good job of catching fraudulent activity quickly and shutting it down, but your own diligence is essential.
Unfortunately, the free credit monitoring service has issues. According to credit expert John Ulzheimer “You’re only going to get it free for one year” and chances are, your liability is going to last longer. Additionally, it “only applies to your Equifax credit report, and not your credit reports at Experian and TransUnion. That’s like locking one of the three doors to your house.”
I suspect that once the extent of the breach is ultimately revealed, Equifax will highly likely extend the free credit monitoring service period.
How Are YDFS Clients Protected?
Withdrawing funds from a custodian (such as Charles Schwab) account is not possible simply with your login. This set-up provides higher security than a retail bank or other brokerage account, where a thief could hack your username/password and access your funds.
Without signed documentation and verbal confirmation, funds withdrawn from custodian accounts can only be sent via check to the address of record on the account, or via an electronic transfer to a bank account that has been authorized with previously signed documentation. All wire transfer requests require verbal confirmation before any funds leave your account.
Also, all withdrawals from custodian accounts are seen on the same or next business day by your YDFS team so we can be on the lookout for unusual activity.
If You’re a Victim of Identity Theft
If you’re a victim of this (or any) breach, here’s what to do. The whole process takes about an hour to complete:
- Contact one of the three credit bureaus Equifax (800-766-0008), Experian (888-397-3742) and TransUnion (800-680-7289) to put a free fraud alert on your credit report. Under Federal law, each is obligated to notify the other two. The alert makes it harder for an identity thief to open more accounts in your name, but experts note that alerts usually just slow down the process of criminals opening accounts in your name; they don’t prevent it. The alert lasts 90 days, but you can renew it, and the alert entitles you to a free credit report from each of the three companies.
- File a complaint with the Federal Trade Commission and print your Identity Theft Affidavit. Use that to file a police report and create your Identity Theft Report.
- Place a credit-freeze on your credit file, which generally stops all access to your credit report. Unfortunately, you need to contact all three companies to freeze your file. Here are the links: Equifax; Experian; TransUnion. Important note about a freeze: If you need to access credit, you have to unfreeze your records, which can take a few days. The availability of a credit freeze depends on state law or a consumer reporting company’s policies. Some states charge a fee for placing or removing a credit freeze, but it’s free to place or remove a fraud alert. You can sometimes get this service for free if you supply a copy of a police report (which you can probably file and obtain online) or affidavit stating that you believe you are likely to be the victim of identity theft.
Another advantage: each credit inquiry from a creditor has the potential to lower your credit score, so a freeze helps to protect your score from scammers who file inquiries.
Best Practices to Employ
According to pros like Ulzheimer and professional hacker Kevin Mitnick, the question is not if your information will be compromised, but when. Criminals are actively stealing your passwords, buying and selling your data and reading your emails. There is no single way to protect your coveted identity, but here are eight best practices to employ to keep the criminals at bay.
1) Protect your information:
- Refrain from providing businesses with your social security number (SSN) just because they ask for it. Give it only when required. In an antiquated practice, doctors, dentists and some lawyers routinely request your social security number for billing (and collection) purposes. Refuse to do business with professionals who insist on supplying your social security number without a true need to know. Medicare recipients take note: your SSN is printed on your current Medicare card, so be careful with it! The process of changing the cards will take some time, but it is in the works.
- Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you know with whom you are dealing. This is especially important to communicate to older relatives or friends, who are prime targets of fraudsters.
- Beware of over-sharing on social media, where criminals are finding treasure troves of information. Because they are explicitly targeting children under the age of 18, it’s important for parents to talk to their kids and explain why it is so dangerous to share too much personal information online. Share your vacation photos & experiences AFTER you’ve returned home.
- Update your passwords so they are difficult to hack. NY Daily News found the top ten worst passwords to include: 123456, password, baseball, football, etc. Others have started to use encrypted password managers where you enter one login/password and they manage all your other passwords for you.
- Review your banking transactions online or on your statements to look for transactions you didn’t make. Report any suspicious activity to your bank promptly.
2) Protect your Password: You know the drill; you should be changing logins and passwords every few months, and sign up for two-factor authentication (where your cell phone is your 2nd device used to authorize access) for those sites that are used frequently.
3) Shop carefully: Stop sending your credit card information over unsecured wireless networks, and when making purchases, use a credit card, which has more fraud protections under federal law than debit cards or online payment services. Free (public) Wi-Fi hotspots are prime targets for banking and credit card information theft. Never do your personal or business banking over these hotspots.
4) Review credit card statements: Before you pay, be sure to spend a few minutes to verify that there are no fraudulent charges. While you’re at it, enroll in your credit card’s notification program, where the company alerts you to charges over a set amount.
5) Review your (and your kids’, for reasons mentioned above) credit report (free) every 12 months at annualcreditreport.com. You want to make sure that nothing fishy has cropped up. If you find an error, report it immediately and stay on top of the process.
6) Protect your Social Security account from identity theft by claiming your record at https://www.ssa.gov/myaccount/. Two-factor authentication will prevent others from attempting to steal your social security identity and records. Do it before they do.
7) Avoid maintaining large balances in checking or savings accounts with a debit card attached: Keep larger account balances in brokerage accounts or accounts without debit and/or check writing features.
8) Opt out of pre-approved credit card offers: ID thieves like to intercept offers of new credit sent via postal mail. If you don’t want to receive pre-screened offers of credit and insurance, you have two choices: You can opt out of receiving them for five years by calling toll-free 1-888-5-OPT-OUT (1-888-567-8688) or visiting www.optoutprescreen.com. Or you can opt out permanently online at www.optoutprescreen.com. To complete your request, you must return a signed Permanent Opt-Out Election form, which will be provided after you initiate your online request.
It’s important to remember that breaches like these have happened before and will happen again. Taking preventative measures like those listed above limit the potential damage of such events. Please contact us if you have any further questions or concerns regarding this topic.
If you would like to review your current investment portfolio or discuss any other financial planning matters, please don’t hesitate to contact us or visit our website at http://www.ydfs.com. We are a fee-only fiduciary financial planning firm that always puts your interests first. If you are not a client yet, an initial consultation is complimentary and there is never any pressure or hidden sales pitch. We start with a specific assessment of your personal situation. There is no rush and no cookie-cutter approach. Each client is different, and so is your financial plan and investment objectives.