Protecting Your Identity in the Aftermath of the Equifax Breach

By Andrew Zashin*

By now you have probably heard that Equifax’s database was breached sometime this past summer. Announced only in September, cybercriminals gained access to about 145.5 million consumers’ personal data. Some consumers in the United Kingdom and Canada were affected as well. Data stolen included full names, Social Security numbers, birth dates, addresses and even driver license numbers. More than 200,000 credit card credentials were stolen as well. Obviously, breaches are not new news, and several other data breaches have been discovered and reported since that time. Your chance of becoming victim of identity theft is higher than ever before, and it’s becoming less a question of “if” your identity or financial information is compromised and more a matter of “when” it will happen.

Every breach presents a huge concern for those affected – and a public relations nightmare for the breached entity. The Equifax breach is particularly troubling. Not only was the sheer number of credit files impacted huge, but the breadth of the information obtained is particularly scary. And, unlike an insurance company, bank or other entity with which consumers choose to do business, any consumer wanting any type of consumer credit forms a relationship with Equifax by default – and never had an option to “opt out” in the first place.

What’s the average person to do? While it’s enough to make anyone want to switch back to cash, there are some common sense steps you can take to decrease your chances of becoming a victim:

• Specific to the Equifax breach, you can visit equifaxsecurity2017.com to determine whether your data was among that stolen. Follow the prompts and instructions on that website to sign up for their complimentary credit-monitoring service.

• Monitor all bank and credit accounts regularly for charges or withdrawals you don’t recognize. If you see something, call your bank or the number on the reverse of the credit card to report it immediately. There are laws on the books to protect consumers from fraud, and it is likely that you will get your money back, but they do require quick reporting – and you may be out of pocket for the money while it gets corrected.

• Check your credit reports regularly. You are entitled by law to get a free credit report from all three major credit reporting agencies each year via annualcreditreport.com. You can even maximize your coverage by staggering your requests and, say, getting a report from Equifax now, a report from TransUnion in four months or so, and a report from Experian a few months after that. If you see an unknown account or inquiry, contact that entity immediately to report possible fraud.

• You may want to consider the possibility of a credit freeze. You can accomplish this though each of the major agencies – Equifax, Experian and TransUnion – and you will want to contact each of them individually. In effect, a freeze locks down your credit file and prevents new lines of credit from being opened with your credentials without having the PIN number that you create. When you intend to open up a new line of credit, you simply call the agencies and ask for the freeze to be lifted temporarily.

• File your taxes well in advance of the filing deadline and make sure to read and respond timely to any communications from the IRS or other tax agencies. Surprisingly, tax fraud is a fairly common scam using stolen credentials. Filing early will make it more likely for a fraudulent filing to be caught before it creates a big headache for you.

• If making purchases online, consider using a trusted payment service such as PayPal, and if you can, use a credit card rather than a debit card. Another option is to use a temporary credit card number generated specifically for that purpose – a service which many banks are now offering – if you have any concerns about whether the site has adequate security protections.

The breaches are concerning, without a doubt. But the fact is it is pretty hard to exist in our modern world – with all of its technology and convenience – without some risk of data breach. While the typical consumer can’t do anything to impact how companies like Equifax protect their data, and while it is impossible to completely lock down everything, there are some common sense steps you can take to protect your information.

This article originally appeared as a column for the Cleveland Jewish News.

2023-11-10T13:38:12-05:00November 17th, 2017|Credit Reports, Identity Theft / Fraud|

Protect yourself in electronic-age banking

By Andrew Zashin*

This article originally appeared as a column for the Cleveland Jewish News.

During a mere 2½-week period around Thanksgiving 2013, as many as 40 million Target shoppers became victims of one of the largest data security breaches in history.

Debit and credit card numbers, PIN numbers, magnetic strip data, all stolen, using malware believed to have been written by a 17-year old. As many as 30 million more customers who shopped at Target even far outside of that window of time had other data stolen such as email and mailing addresses and phone numbers.

Not only Target, but Niemen Marcus, Michael’s, White Lodging – a company that maintains hotel franchises under brands such as Hilton, Marriott, Sheraton and Westin – and many others, may have been breached just over the last few months.

With all of these breaches – and the identity theft and credit/debit card fraud that often follow – making national news, it’s no wonder that people are starting to change the way they shop and pay for goods and services, sometimes even reverting to using good old cash.

The U.S. Department of Justice estimates that as many as 11.5 million Americans fall victim to some form of identity theft, credit card fraud, or bank fraud each year, resulting in more than $20 billion in total financial loss. How does this affect the consumer? Luckily for the average individual, laws have been put in place to put the losses on the financial institutions, and not the consumer.

Two federal laws, the Fair Credit Billing Act and the Electronic Fund Transfer Act offer the consumer protection if a credit, debit, or ATM card is lost or stolen.

Under the FCBA, consumer liability for unauthorized credit card use is limited to $50. If, however, the theft is reported before any unauthorized charges can be made, the consumer liability is zero. If a credit card number is stolen, but not the card, the consumer has no liability for its unauthorized use.

Protections for debit card theft also exist, but be aware they are less favorable. The consumer can be liable for anywhere between $0 and the total loss, depending on how quickly the theft is reported, which means it is important to report any theft as quickly as possible. But, fortunately, if the loss is as a result of a stolen card number, rather than a stolen card, the consumer liability for unauthorized transactions will typically be nothing so long it is reported timely.

Some common sense practices can minimize your risk. Check your bank and credit card statements regularly so that you may quickly report any discrepancies to your financial institution. Be wary of emails that appear to come from your financial institution. If an email that looks to be from your bank asks for personal information, consider calling the company directly at the telephone number on your statement or on the back of your card to verify the request is legitimate.

Determine if your credit card company will generate a one-time use credit card number to use for online purchases. Use a credit card instead of a debit card for regular purchases in order to minimize the chances of your bank account being cleared out by a thief. Set fraud controls on your account so that your institution will notify you of purchases outside of your normal use. Use PayPal to pay for online purchases whenever possible, to minimize the number of institutions given direct access to your credit card information. And, of course, consider using cash whenever practicable.

*Andrew Zashin writes about law for the Cleveland Jewish News. He is a co-managing partner with Zashin & Rich, with offices in Cleveland and Columbus.

2023-11-10T13:38:15-05:00February 20th, 2014|Identity Theft / Fraud, Online Banking|
Go to Top