You’ve Been Hacked – Now What?

You’ve Been Hacked – Now What?
10 Sep 2017

Several executives I work with have raised questions about the data breach at Equifax and the potential impact upon them and their employees.  It’s important to understand that this was not “just another” hack and it’s likely that you and your employees have been affected. Here are a few key facts to know and steps that everyone should take:

FACTS

  • 143 million data sets were stolen. (There are approximately 247 million adults in the U.S., which means that 58% of all U.S. adults have potentially had their personal information stolen).
  • Stolen information includes social security numbers, birth dates, driver’s license numbers, home addresses, credit and banking account information and more. In short, everything needed to steal your identity and generally wreak havoc with your personal finances.
  • The Equifax website that was designed to check whether you were affected is ineffective. Inputting both valid and fictitious information returns a message stating “Based on the information provided, we believe that your personal information was not impacted by this incident. Click the button below to continue your enrollment in TrustedID Premier.”)
  • Through the above site, Equifax is offering one complimentary year of their “TrustedID Premier” service – but it comes with strings attached. To secure your reservation for this service, run a check on yourself using Equifax Security 2017 and take note of the date when you may enroll. Consider this decision carefully, though, as the potential downside may outweigh the actual benefits.
  • There are three major, and one minor, credit reporting agencies. They are: Equifax, Transunion, Experian and Innovis.

STEPS YOU CAN TAKE

  1. Monitor your credit for free or consider enrolling in a credit monitoring service.
  2. Freeze your credit files. A credit freeze will remain in effect for seven (7) years and a minor fee may be charged by each credit agency. Additionally, please note that a freeze is not the same as a fraud alert.  To freeze your personal credit, visit each credit reporting agency online or phone them:
    1. Equifax @ 800.349.9960
    2. Experian @ 888.397.3742
    3. TransUnion @ 888.909.8872
    4. Innovis @ 800.540.2505
  3. Keep (or begin) using a password manager such as Lastpass or 1Password.
  4. Turn on two-factor authentication for key accounts. (Also known as multi-factor authentication).
  5. Monitor your bank and credit cards.
  6. File your taxes early. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond immediately to contact from the IRS.
  7. Never reply to emails, letters or phone calls with the link, address or number provided. Always go directly to the sender’s website to find the correct information for that organization and use that to reply.

FINAL THOUGHTS

  • Assume that your information was stolen during this hack but don’t panic or obsess over what you cannot control.
  • Information stolen during this breach will be bought and sold on the Dark Web for many years to come. You will need to maintain vigilance for many years as savvy identity thieves may hold your information for a long period of time before acting.
  • Be aware that “non-financial” attacks may occur as thieves may use this information to gain access to your medical records or other sensitive non-financial information.