Just when you thought you’d heard the worst, Equifax announced that another 2.5 million consumers had their personal information stolen from its database, bringing the total to 145.5 million folks left vulnerable to identity theft.
This week, a House Energy and Commerce subcommittee held a hearing that immediately turned into a grilling of the credit bureau’s former chief executive, Richard Smith.
“Equifax deserves to be shamed,” Rep. Jan Schakowsky (D-Ill.) said during the hearing, and just about every legislator in the room did just that.
Smith apologized numerous times for the company’s failure to protect people’s data. But no matter what the company does, consumers can’t be made whole. Equifax can’t yank back our data from the hackers, who stole it after the company failed to do its job of protecting our information.
Smith said that under his leadership, Equifax put together a cybersecurity team of 225 experts around the world. Yet not one of them moved to adequately heed a warning from the Department of Homeland Security that certain software Equifax was using was vulnerable. According to Smith’s testimony, they knew about a patch but failed to implement it.
Lots of readers are asking me what they should do.
Most of all, stay informed. This means regularly visiting the website Equifax set up to provide updates on this data breach: equifaxsecurity2017.com.
The company recently announced a few things you especially need to know.
— By the end of January 2018, Equifax will be offering a free credit lock for life. With this new service, you’ll be able to use your smartphone or computer to easily lock and unlock your Equifax credit file.
“It will be reliable, safe and simple,” said interim chief executive Paulino do Rego Barros Jr. in an op-ed for The Wall Street Journal.
I’d like to offer some advice to Equifax: Please stop telling us stuff is safe now. We still feel very unsafe from a breach that could have been avoided.
And if the lawmakers who blasted Smith at Tuesday’s hearing want to prove they care about the safety of our information, they should immediately pass legislation. Make credit freezes easy to place at all the credit bureaus through one portal, such as where you can go to get your free credit reports (annualcreditreport.com). Right now, state laws dictate the cost and ease of placing and removing a freeze.
Smith took pains to explain that a lock is different from a credit freeze because it’s easier to use. But lawmakers struggled to see why there is a difference.
— Equifax previously announced that people had until Nov. 21 to sign up for its free monitoring service, TrustedID Premier. The enrollment has now been extended until Jan. 31.
— The deadline to sign up for a free credit freeze — different from a lock — has also been extended to the end of January.
But consumers are still confused. For example, I recently received the following question: “I’ve gone to the Equifax security site several times to see if I was impacted by the breach. … Fortunately, if these numskulls are to be believed, my information was supposedly not breached. Other than continuing to regularly check my account statements and getting the free updates from the three major credit-reporting firms, should I do anything else (e.g., freeze and/or lock accounts, sign up for free monitoring with Equifax, etc.)?”
You may have checked the feature on equifaxsecurity2017.com to see if your information was stolen and found you were spared. But with the new disclosure, this may not be true anymore.
Equifax says that, to minimize confusion, it is mailing notices to the new folks. By Oct. 8, the website will be updated to reflect the additional impacted consumers.
But whether or not your personal information has been compromised, you can still enroll in the free monitoring service. I suggest you sign up.
If you go the route of a security freeze, to make it most effective you need to freeze all your accounts with all the credit bureaus, including the lesser-known Innovis. Placing a freeze on your files locks out potential new creditors from getting access to your financial information.
I’ve heard from a number of readers who are experiencing trouble with signing up for a freeze. Either they get error messages online or they are told to mail in their personal information to complete the freeze. All the bureaus tell me they are overloaded with freeze requests. So keep trying.
Make no mistake: The Equifax breach was an epic heist of data by hackers. And now it falls on you to be as proactive as possible in protecting your personal information.