Follow Up: Equifax Data Breach Q&A

Cyber and Information Security Services

Follow Up: Equifax Data Breach Q&A

Tweet Me
Share on LinkedIn
Share on Facebook
Subscribe to Withum News
Withum recently released a
Survival Guide for the Equifax Data Breach. We have received many questions around the article and the breach itself. Here are a number of the answers to the questions that you asked.

Question 1: 

I have heard from several sources NOT to register for Equifax’s free credit monitoring. As part of signing up for this service you waive all rights against Equifax if you suffer a major loss due to their security breach. Can you confirm this? And, what about the news that Equifax was going to require an individual to waive their right to sue them if they signed up for their service?

Answer:

The initial terms and conditions on the TrustedID enrollment page did have language concerning the arbitration and class-action waiver. However, since then Equifax has provided additional clarification as described below.

“Addressing confusion concerning the arbitration and class-action waiver clauses included in the Terms of Use applicable to the product:

  • The company never intended for these clauses to apply to this cybersecurity incident.
  • Because of consumer concern, the company clarified that those clauses do not apply to this cybersecurity incident or to the complimentary TrustedID Premier offering.
  • The company clarified that the clauses will not apply to consumers who signed up before the language was removed.”

As I am not a lawyer, I will render an opinion on whether the revised language will restrict the options a consumer might have against Equifax. If it is still a cause of concern for you, my suggestion would be to go with a paid credit monitoring service option with a different credit monitoring agency to get the benefit/coverage without restricting your options.

Question 2:

Please provide the steps to go through for notifying a bureau to place the fraud alert on your file? What are any or all of the 3 credit reporting company phone numbers. I would like to call and put a “Fraud Alert” on my accounts for them to monitor just to be safe. Should I also contact Innovis? I never heard of them but a friend suggested to include them in my alerts.

Answer:

While enabling a “Fraud Alert” with all credit reporting companies is a good step, the best and most effective step that you can take to protect yourself is to “Freeze” the credit with each of the credit monitoring agencies. Freezing your credit is a “preventive” step and will stop someone from misusing your identity information altogether. “Unfreezing” your credit may require a small fee to be paid. This is a small price to pay considering the alternative would require you to do damage control and take remedial actions to fix your report if someone got a new credit line in your name. Whether you decide to setup a “Fraud alert” or “Freeze” your credit, you can find the contact information for each of the credit monitoring agencies on FTC website at https://www.consumer.ftc.gov/articles/0275-place-fraud-alert#credit.

You can either call them on the phone numbers provided on the above page or complete the steps of setting up a fraud alert or freezing your credit online using their website. I did it online and it was pretty straightforward.

While most of us are only familiar with the 3 Credit monitoring agencies – Equifax, Experian and Transunion, there is a forth agency call “Innovis” too. It is prudent to go ahead and freeze your credit with them too.

Question 3:

Do you have the exact email address and phone number for Equifax? Do you have the exact email for Life Lock? What is the website url for verification? What website do I use for the 1 year protection?

Answer:

The contact information is as follows:

  • Equifax website for Cyber breach – https://www.equifaxsecurity2017.com/
  • Equifax phone numbers – 1 866-447-7559
  • Lifelock website – https://www.lifelock.com/

Question 4:

How do I know if all my personal information has been breached and how may I protect myself from Identity Theft? What are preventative measures against using personal information to commit fraud? My identity was stolen some months back. I have already frozen all 3 credit bureaus accounts. Am I safe to assume I should be ok? I have every possible alerts on all accounts both credit and banking. How I can go about making sure I was not affected by the Data Breach?

Answer:

In today’s day and age our SSN and other key personal information is in custody of so many different agencies (your employer, your health insurance company, your bank, your credit monitoring company, etc.) that you have to be really lucky not to have been a part of a breach already. So it is safe to assume that your SSN has either been stolen already or would get stolen in very near future.

As I mentioned earlier, the most prudent way to survive in a world like this would be to get accustomed to the process of “Freezing” your credit on a continuous basis and “thawing” it temporarily only when required. This has to be the new normal. The hope is that the credit agencies will make the process a little more user friendly as the demand for this increases. This small step can prevent a lot of headache which you might have to endure in case you don’t freeze your credit and your SSN is misused to get a new credit line or credit card in your name. The credit monitoring services and other services being offered will help you restore your history but you will still need to go through the whole process which can be a headache.

Question 5:

Some of our clients are concerned in giving Equifax the last 6 digits of their social security number to see if they were part of the breach. Should they be?

Answer:

It is definitely unusual for Equifax to confirm the last 6 digits of your SSN to see if you were a part of the breach. At this stage, I don’t see that we as a consumer have any other option. Let’s look at it from a risk point of view. They already know your entire SSN (which they lost!) so sharing the last 6 digits with them does not increase your risk. What you need to be extremely careful about is that you do so on the real Equifax website and not on a spoofed website claiming to be the Equifax website. The URL for the Equifax website to check if you were a part of the breach or not is https://www.equifaxsecurity2017.com/.

Question 6:

In your survival Guide, item 4 addresses existing bank accounts. The paragraph seems to speak only about online banking. Is that the case or should we be concerned about normal transactions, such as check writing and using the in-bank machines to access the accounts.

Answer:

Your SSN, Name, Address and date of birth can be misused by an individual to try and gain unauthorized access to your bank, stock trading, insurance, or any other accounts either using the website or over the phone as these institutions rely heavily on confirming the individual’s identity using these “supposedly” confidential pieces of data. So in general you may want to be more vigilant about all transactions in these accounts. I don’t think this increases the risk of ATM, check based transactions or any in-person transactions directly.

Do you have more questions pertaining to your security status? Withum’s Cyber Secure Services team is able to help you find the best approach to ensure your personal and business information is secured. They also are able to help you prepare yourself should a breach occur and assist with the aftermath of a breach. For more information please contact a member of our Cyber Services team by filling out the form below.

Ask Our Experts

Previous Post

Next Post

Read More
Photo of a lock.

Cyber and Information Security Services

Cybersecurity: Businesses Need the Right Protection Our Cyber threats continue to grow at an exponential rate. Additionally, the constantly changing technical landscape, including the introduction of disruptive technologies such as […]

Learn More