Tech Talk

Share |
E-Mail ArticleE-Mail Article Printer-FriendlyPrinter-Friendly

Security Breach!

Columnist: Michael E. Duffy
November, 2017 Issue
Columnist

Michael E. Duffy
All articles by columnist
Columnist's Blog

 

Last month, the names, addresses, birthdates, and Social Security numbers (SSNs) of 143 million Americans were revealed in a security breach at Equifax, one of the “big three’” credit bureaus (along with Experian and TransUnion).  Since this personal information is essentially your identity in the modern world, the breach is a Very Big Deal, and opens those affected to identity theft, especially as it relates to applying for credit.

If you haven’t already done so, you can see if your data was exposed by visiting www.equifaxsecurity2017.com.  The site asks for your last name and the last six digits of your SSN to check.  There’s irony in giving information to a company that has demonstrably failed to protect it, but it’s the price of knowing your status.  Better to know if your identity was compromised than to worry too much about that little detail.  In the small sample of my own family of four, two of us were affected, and two were not.

If your information is at risk, you can request a 90-day fraud alert on your credit report.  When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you. The upside of a 90-day fraud alert is you only need to do it at one of the big three credit bureaus since they share the information with the other two. The downside is that the onus is on the lender to verify that you are you, so it’s not guaranteed.  Still, it’s an obstacle to anyone intent on fraud.  And it’s completely free, renewable every 90 days.

The best answer—probably for everyone, but certainly for those whose data is affected—is simply to freeze your credit at each of the major credit bureaus.  This prevents anyone from pulling a credit report on you.  There are seven states where freezing your credit is free. Surprisingly, California is not one of them.  It will cost you $10 at each bureau to freeze your credit (as the cause of the breach, Equifax is waiving its fee through November 21st).  If you apply for credit or a loan, you will need to temporarily un-freeze your account, which also costs $10 at each bureau (if you know which bureau the lender uses, you can unfreeze just that one, saving $20). I don’t know about you, but I don’t apply for credit often, so spending $30 for basically permanent protection of my credit information seems completely reasonable, and I recommend it.  Unfreezing takes a day or three, so it has the added benefit of making you think before you apply for new credit.

Of course, identity-theft-protection companies such as LifeLock, TrustedID, and IDShield are doing land-office business since the breach, charging you $10 to $30 a month to “monitor” your identity.  The exact details of said monitoring are proprietary, but LifeLock offers to watch your credit, look for changes to your address, and see if your info is for sale on “the dark web.”  In the event of identify theft, they provide a “US-based identity restoration specialist” to resolve your problems, and insure you for any stolen funds (from $25,000 to $1 million, based on the plan you select).

While the specific threat of the Equifax breach is worth spending $30 to freeze your credit reports once (and some amount to unfreeze them when necessary, depending on your credit appetite), it’s harder to assess whether paying $120 to $360 a year to protect your identity is worth it.  If the monetary downside of having your identity stolen is large, then it may be worthwhile.  But even then, protection is never absolute.

To put things in perspective, the U.S. Department of Justice reports that an estimated 17.6 million persons, or about 7 percent of U.S. residents age 16 or older, were victims of at least one incident of identity theft in 2014. The most common forms of identity theft are fraudulent use of a credit card (about half) and unauthorized/attempted use of bank accounts.  It’s also useful to know that 45 percent of these identity theft victims discovered their situation when notified by a financial institution regarding suspicious activity, and 18 percent when they noticed fraudulent charges on an account—no special action required. Though having your information for sale on the “Dark Web!” sounds pretty scary, if you freeze your credit, reconcile your monthly bank statements, and check your credit report periodically, you’re reasonably safe.  Realize that your information is probably out there, whether you like it or not.  The question is whether it can be used in a way that causes damage to you.

By the way, according to the Fair Credit Reporting Act of 2003, you can get your credit report for free once a year from each bureau. Go to www.annualcreditreport.com (a site created by the credit bureaus themselves) to request yours. Pro tip: With three sites, you can request a report from a different one of them every four months for more frequent monitoring. It’s also useful to see how they differ.

In this Issue

24 Hours

On October 8, Loren Davis, fire chief at Mountain Volunteer Fire Department in Sonoma County, was sitting at a poker table at Graton Casino in Rohnert Park at around 9:30 p.m. when his pager went off....

After the Fire

Recovery is only the beginning as Sonoma County and the North Bay looks towards a long period of hazard removal and rebuilding....

Leaders of Tomorrow: Noah Block

 Noah Block knows what it’s like to feel helpless and disconnected. A victim of bullying that began when he was in fourth grade, Block, 18, developed emotional problems that left him a...

See all...