Liz Weston: Equifax hack isn’t over _ more risks ahead
Long after the Equifax breach was announced, people were still struggling to freeze their credit reports as credit bureau websites failed, lured people to look-alike products or even redirected visitors to download malicious software.
But that’s just the start of the gauntlet people may have to run to protect their financial lives.
The Equifax hack exposed the names, addresses, birthdates and Social Security numbers of up to 145.5 million Americans. Drivers license information for 10.9 million people was also exposed, according to a Wall Street Journal report.
This is the sensitive, private information that’s used to establish your identity, which is why freezing your credit reports — as important as that is — won’t be enough.
Credit freezes won’t prevent criminals from taking over credit, bank, retirement and investment accounts, says security expert Avivah Litan with Gartner Research. Thieves also could use the purloined information to snatch your tax refund or mess with your Social Security benefits. Your email, phone, shopping and cloud-based storage accounts aren’t safe, either.
Here are the cybersecurity steps you should take now:
MAKE SURE ALL OF YOUR FREEZES ARE IN PLACE
You need to set up credit freezes separately at each of the three major credit bureaus (Equifax, Experian and TransUnion) as well as with Innovis, a lesser-known bureau, and ChexSystems, a database that banks use to track people who mishandle their accounts. Banks and lenders that can’t access your reports are much less likely to allow criminals to set up phony accounts in your name. Keep track of the personal identification numbers you’re issued, since you’ll need those to lift the freezes if you apply for credit or financial accounts.
SET UP TWO-FACTOR AUTHENTICATION IF YOU CAN
Two-factor security requires something you know, typically a password, along with something you have, such as a code texted to your phone or generated by an authentication app. (Security experts including Litan recommend using an app since criminals have started taking over cell phone accounts to circumvent two-factor verification by text.) Yes, two-factor authentication is a hassle, and no, it’s not foolproof, but it creates another barrier between your accounts and the criminally inclined. Typically, once you set it up, you’ll have to use it only if you try to sign in with an unrecognized device or after a set amount of time.
Two-factor security is a must for your password manager, your email and any cloud-based storage account including DropBox and Evernote. Consider setting it up for shopping sites, such as Amazon, and your social media accounts. Incredibly, not all financial institutions offer this (they should); consider whether you want to continue doing business with a company that refuses to take your security seriously.
The four big cell phone carriers don’t offer it, either, which is pretty horrifying. Phone numbers are often used as a security backup, so a criminal controlling yours could reset passwords on many of your accounts.
FILE YOUR TAXES EARLY
It’s pretty lame that the only thing you can do to thwart thieves from ginning up a phony tax return is to file your legitimate one as soon as possible after the IRS begins accepting them. Right now, that’s all you can do. People who have already been victims are issued a special code they can use in the future, but a pilot program offering codes to other taxpayers hasn’t been extended. The IRS will start processing returns Jan. 22. Employers don’t have to send out the W-2 forms most of us need until Jan. 31.
CREATE A ‘MY SOCIAL SECURITY’ ACCOUNT
Again, you’re trying to get there before the evildoers. Setting up online access to your Social Security records will help you monitor activity, such as attempts to take over your account or apply for benefits. If your credit files are frozen, you’ll need to lift the freeze with Equifax — yes, that’s the bureau Social Security uses to verify your identity — or set it up in person at a Social Security office. Equifax is waiving the fees to set up and lift freezes until January.
You can’t make your identity hack-proof, unfortunately, any more than you can keep a determined burglar from breaking into your home. Your goal is to make the bad guys work hard enough that they’ll decide to move on to an easier target.
This column was provided to The Associated Press by the personal finance website NerdWallet .
Liz Weston is a columnist at NerdWallet, a certified financial planner and author of “Your Credit Score.” Email: firstname.lastname@example.org . Twitter: @lizweston.
NerdWallet: Your guide to credit locks, freezes and alerts — https://nerd.me/cybersecurity-guide
Double security: Which banks and sites support two-factor authentication? — https://twofactorauth.org
Social Security: Set up a My Social Security account — https://www.ssa.gov/myaccount/