By now, everyone is aware of the Equifax data breach affecting up to 143m people in the USA, UK and Canada.
Sophos CISO Norm Laudermilch has put together four simple steps that you can take to make sure your family gets through this with identities and finances intact.
1. Check your credit report
Check your credit report immediately to make sure that you haven’t already been compromised.
In the USA everyone is entitled to one free credit report each year, from each of the major reporting agencies. Free report links can be found on each of their websites. You can go to the Annual Credit Report website to get reports from all three in one swoop instead of having to call them separately.
Unfortunately, the high volume of site visitors may cause delays. In that scenario, you can call 1-877-322-8228. Deaf and hard of hearing consumers can access the TTY service by calling 711 and referring the Relay Operator to 1-800-821-7232.
Instructions for checking your credit reports in the USA are available from the usa.gov’s Credit Reports and Scores page.
If you are in the UK, follow the instructions on how to check your credit reports on the gov.uk site.
Canadian citizens can order free credit reports from Equifax and TransUnion.
2. Ask Equifax if you’ve been affected
Equifax has provided a website dedicated to providing information about the breach and a tool for people in the USA to check if they have been affected by it. Equifax has not provided a similar facility for people in the UK and Canada yet. We will update this guidance when they do but in the meantime, it’s probably best to assume that you have been affected.
3. Consider ID theft protection
Consider using an identity theft protection service if you have been affected. Identity theft protection services LifeLock and IdentityGuard are both offering discounts and free months if you’ve been affected by a breach. Equifax is also offering its own TrustedID Premier service free for a year. Rumours that consumers waive their right to take part in future legal action if they sign up for the services are not true:
To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action … we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.
4. Freeze your credit file
Freeze your credit with all four reporting agencies. A credit freeze stops the agencies from releasing your information to new creditors without authorization. While this doesn’t solve the problem of our leaked personal data, it does limit the potential impact of an identity theft incident. Fees for this service vary from state to state.
There are drawbacks: you will have to “thaw” the freeze for valid purchases like buying a new car or home. It is not a slick process – but the advantages outweigh the annoyances.
The cost to freeze your credit varies by what state you’re in.
Here’s how you can freeze your credit file:
- Equifax: Enter all of your personal information, enter the code verification shown on the screen, accept the terms of use, and hit “Submit” at the bottom of the screen. Pay the fee using a credit card on the next screen. Make sure to write down the “thaw” PIN that is generated because you’ll need that to undo this process later.
- Experian: Enter all of your personal information, accept the terms of use, and hit “Submit” at the bottom of the screen, pay the fee on the next screen, and remember to write down your PIN.
- TransUnion: Click on “Register” to the right and create an account, then follow the directions on the screen, pay your fee, write down your PIN.
- Innovis: Click the button for “Request a Security Freeze”, fill out the personal information and click “Submit Request” at the bottom of the page.