What happened? From May to July 2017, hackers breached data security at Equifax, one of the three major credit bureaus. The hackers got names, Social Security numbers, birth dates, addresses, and driver’s license numbers. They also credit card numbers of 209,000 consumers and dispute documents with personal identifying information of 182,000 consumers. Equifax estimates this data breach affects 143,000,000 American consumers – over 40% of American adults. Texas Attorney General, Ken Paxton, estimates 12 million Texans are affected. Equifax learned about the breach on July 29 and failed to disclose the breach publicly until September 7.
Was my information stolen? Equifax has set up a website for consumers to find out if they are affected. Visit: https://www.equifaxsecurity2017.com/potential-impact/ and click the maroon box. You’ll be taken to a form where you type in your last name and the last 6 digits of your Social Security number. You’ll also have to answer a question to prove you are a human and not a robot. The site will tell you simply whether or not Equifax believes your information was impacted and will allow you to sign up for a year of free credit monitoring.
What is being done to help victims? Not a lot. Equifax is offering victims one year of free credit monitoring through its TrustedID service. The service includes one year of identity theft insurance. So far, 30 class action lawsuits have been filed against Equifax as a result of the breach; a couple are in Texas. The Senate Finance Committee is asking questions of Equifax, and that could lead to a Congressional investigation. The Federal Trade Commission has put up an information website: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.
What should I do? Here’s a checklist:
- It is safest to assume you are affected.
- Place a 90 day fraud alert on your credit report by calling 1-888-766-0008.
- Consider placing a credit freeze. A credit freeze is more effective than a fraud alert, but unless you have made a police report, you must pay a nominal fee to each credit bureau to freeze your credit, and to use your credit you must unfreeze your reports. To place a credit freeze, you must contact each credit bureau separately at the links or phone numbers listed below:
- Visit annualcreditreport.com and get a free credit report from Transunion or Experian. Look through the report carefully. If there is any information on it that does not belong to you, dispute it immediately. Check again with the other company in November.
- Carefully check all of your bank statements and credit card statements from May forward. If you find transactions that you did not authorize, report them. Note that the financial institution is not required to investigate the items you report from May, June, or July.
- Make plans to review all of your statements each month and immediately dispute any transactions that you did not authorize.
- Be alert to scammers trying to profit off your misery. If you did not initiate a phone call, email, or text message, treat it like a scam!
- Plan to file your federal income tax return as early as possible – before identity thieves do it.
- Visit our identity theft information page: ppiercelaw.com/identity-theft.
With Thanksgiving behind us, the Holiday Season is in full swing, and so are scams. There may be nothing you can do to prevent the early morning call from your credit card’s fraud department asking if you are buying athletic shoes in London, however there are ways to protect yourself from scams and identity theft.
Here are a few tips for minimizing your risk during the holiday season.
- Surf smart. When shopping online make sure you are using a safe site. Take a moment to look for the lock symbol on the screen or “https” in the URL (website’s address). Type in the URL line; don’t click on a link from an email. And, Google has a free service that monitors malware attacks. Type http://google.com/safebrowsing/diagnostic?site= and the website you want to check. You will see a report whether the site has been attacked by malware in the last 90 days.
- Shop smart. Be aware of your surroundings especially at ATMs and in stores. In the past, pickpockets were the main concern. Someone may still try to snatch your purse or wallet by hand, but now digital pickpockets use technology to steal your credit card information remotely. For a modest investment in equipment, thieves can wirelessly read the information on your credit card’s magnetic strip from a short distance and place the information on a fake card. If your card has one of the new EMV chips in it, you are still vulnerable. The magnetic strip is still hackable, and last summer fraud experts in Mexico found a device on ATMs intended to hack EMV chips. So, how can you minimize your risk? Carry only what you need. If you are going to use one credit card on a shopping trip, leave the rest at home. Most devices work within a short distance – six inches or so. If someone is standing too close to you, move away.
- Don’t fall for phone or email scams. All phone and email scams follow a pattern: unsolicited contact, with either a sad story or a fabulous deal, followed by an “Aask.” The Aask takes one of two forms: money or the victim’s personal information. A scammer seeking money will usually request a wire transfer because once started, a wire transfer is extremely difficult to stop. Once completed, a consumer has little hope of recovering the money. Here are a few tips for avoiding scams:
- If you didn’t initiate the call or email, treat it like a scam. Be cautious, and don’t give out any personal information.
- If a phone call, don’t guess who it is. Ask, “What is your name?” A common scam begins with a caller saying, “Grandma?” This scammer is betting the recipient will guess a grandchild’s name instead of saying, “Which grandkid are you?”
- Don’t give out personal information over the phone if you didn’t initiate the call. If you call your bank, they need to verify your identity by asking for information. If you don’t give them information, they cannot help you. A scammer pretending to be your bank, will ask for your account number. Don’t give it.
- Don’t fall for a fake deal. If you didn’t enter a lottery, you didn’t win a lottery. If you don’t have any relatives in Michigan, it’s unlikely you’d inherit anything from a Michigan resident.
- Don’t use a phone number or email address given by a scammer. It just goes right back to the scammer. Instead, if you are unsure whether a call is genuine, look up the phone number independently and call back. If a credit card, call the number on the back of the card and ask for the fraud department. If a financial institution, call the number on your statement.
- Verify email addresses. If you get a suspicious email that looks like someone you know, look closely at the email address. Scammers fake email addresses by changing one or two letters.
- Don’t wire money to another country without independent verification. You don’t have the same consumer protections when you send money to another country. A common scam involves an imposter who pretends to be a friend or relative who is stranded in another country. Hang up. Call the person who is supposedly asking for the money. Ask whether they just called you.
- It’s okay to hang up on a scammer. Scammers are masters of human behavior. They rely on victims to be polite and helpful. The best way to avoid the scam is to simply hang up the phone or delete the email.
Stay safe, and enjoy the holiday season!