Best way to respond to the Equifax credit hack?
September 8, 2017 12:23 PM   Subscribe

I know there aren't many details on the Equifax hack yet, but I'm wondering about some best practices to move forward with given what we do know.

My credit is pretty good and I do monitor my credit reports pretty regularly through the credit checking tools most credit cards seem to offer these days and I'm not noticing anything amiss just yet. I guess I'll sign up for whatever free tool is offered for additional monitoring but is it worth initiating a credit freeze as well? I'm not planning on opening any new credit for the foreseeable future, so it seems to make sense.

If a freeze is the right move what's the best way to do that? Just via each credit agency or is there a single place to lock or unlock all at the same time? Also, it feels I'd just keep everything permanently frozen now, if my info is out there, would I not? Would the new normal be just to keep everything frozen except when you want to unfreeze temporarily?
posted by jourman2 to Work & Money (23 answers total) 30 users marked this as a favorite
Have you seen this yet?
posted by ancient star at 12:26 PM on September 8, 2017

But don't enroll on that website.

Ugh, what a mess.
posted by ancient star at 12:28 PM on September 8, 2017

ancient star - yep I've seen that. I'm just trying to think more holistically beyond the year of Experian credit monitoring (I believe it's not even all agency monitoring) they say they'll offer (as I imagine this is a problem that'll persist for years if everyones info is just out there - as you can't really change your ss#).
posted by jourman2 at 12:28 PM on September 8, 2017 [1 favorite]

Sit tight. They are postal-mailing information. I am affected. I did not sign up for their offer because at this point I figure it doesn't matter, and I might lose class-action rights per the WaPo article. Call your Congressional Rep. and Senators and ask them to raise hell. This shit is out of control. Consumer Reports
posted by theora55 at 12:29 PM on September 8, 2017 [3 favorites]

I'd recommend not doing anything involved with . I've tried two completely bogus names and numbers and gotten:
Based on the information provided, we believe that your personal information may have been impacted by this incident.

Click the button below to continue your enrollment in TrustedID Premier.
Other people have pointed out that the "TrustedID Premier" terms of service include some nasty arbitration clauses that might cause problems when trying to recover damages from the data breach. In any case, giving your data again to some shoddy credit reporting company just seems like multiplying the chance of problems.
posted by straw at 12:30 PM on September 8, 2017 [5 favorites]

You can place freezes on accounts either online or by phone. Apparently if you do it by phone for one you can ask them to contact the other agencies to issue a freeze for you, but there's no such option online, plus I don't know that I'd trust it so I just did all three online. You can find the numbers to call or sites to visit here - that fact sheet is for New York but it's the same numbers/websites no matter where you are; the only thing that's different based on state is whether/how much they can charge you for a freeze.

You can issue or lift a freeze whenever you want, or lift it temporarily when you apply for credit, though note that in all cases it will need to be done with all three credit bureaus, though if you ask the credit issuer which of the three they use you can just lift the freeze for that one. Personally, I apply for credit rarely enough that I have no problem just leaving them frozen forever and unfreezing briefly them if/when I need to; I honestly kind of like the peace of mind.
posted by Itaxpica at 12:33 PM on September 8, 2017

FYI the company with the security breach is Equifax not Experian. Experian is a different company.
posted by matcha action at 12:37 PM on September 8, 2017

I'm trying to navigate the space between "I need to do this right now," and "this probably won't impact me, personally…" I'm aware my info IS out there, but so is the info of 140 million other people. My gut instinct says to wait and keep monitoring my credit report just in case. Is this a reasonable reaction??
posted by Alensin at 12:37 PM on September 8, 2017

I pull my free credit reports on a rolling basis throughout the year (so I get one of the agencies every 4 months) plus am enrolled in the free credit service with Mint and the free credit service with Chase that I stare at at least once a week through my normal banking habits. There is a low likelihood that shady activity would escape my notice.

I considering doing a credit freeze in the wake of this breach but have decided against it. I feel comfortable with my current system. Watch your shit early and often.
posted by phunniemee at 12:38 PM on September 8, 2017 [3 favorites]

matcha action - ugh you're right. I'll send a note to the mods. Guess I've been doing too much googling and got them mixed up.
posted by jourman2 at 12:41 PM on September 8, 2017 [1 favorite]

You have to do the freeze through each credit agency individually. I've had everything frozen for at least a decade, and it's been fine for me except in a couple instances, but I apply for credit pretty rarely. Probably less than once per year. It's $30 ($10 for each agency) every time you unfreeze your credit and can be done more or less instantly online. You can unfreeze for a time period, so you have some time to shop around. Each agency will send you a numeric code via mail when you freeze, and you'll need this to unfreeze your credit, so 100% don't lose it.

Issues I've seen:
* Occasionally, you unfreeze your credit and some company uses an agency that's not one of the big three. At least one of the credit agencies owns a separate agency with a different name, and it doesn't honor the unfreeze request. When this happens, you usually have to provide separate proof of your identity. (This happened to me with Barclaycard, and they ended up turning me down because they didn't know what to do about it. Dolts. It also happened with Scottrade.)
* I've also had trouble with one of the agencies while using a VPN service, where it would keep failing to verify my personal information. It was the VPN that was the problem, not the information. I disconnected and it was fine.
* When unfreezing your credit, you have to provide some personal information. My experience has been that the agencies are looking for specific past addresses, and they sometimes lag by years.

All in all, the freeze has been absolutely fine for me. I wouldn't go back, especially now. I can't see how I wouldn't have been included in the breach. It sounds like Equifax lost their entire database.

One more thing, and this is just me making stuff up, but I wouldn't be surprised if everyone who signs up for their "free" credit monitoring service ends up with a bill in a year. Their websites pretty much constantly try to scam you into signing up for expensive credit monitoring "services" that don't actually do anything, except protect you from their own ineptitude.
posted by cnc at 12:42 PM on September 8, 2017 [2 favorites]

Just FYI, the arbitration clause has been removed from the credit-monitoring service agreement.
posted by praemunire at 12:48 PM on September 8, 2017

posted by cortex (staff) at 12:48 PM on September 8, 2017

I'd be inclined to use anything on this list of free options from Wikipedia. Use one that gives Experian and one for Transunion and provides a score. Most will try to sell you things, but you can ignore that.
posted by soelo at 1:05 PM on September 8, 2017

According to this article at Popular Mechanics, you can put a fraud alert on your credit report:

Put a fraud alert on your credit report

If Equifax's check came back positive, or if you're still worried about your credit, you can ask one of the credit bureaus to put a fraud alert on your credit history. This will force banks, credit card companies, and others to perform additional screenings to verify your identity. Ideally, this will make it harder for anyone looking to impersonate you to affect your credit.

You can place a fraud alert on your credit report from any of the three credit bureaus, Experian, Equifax, or TransUnion. A fraud alert issued by one bureau affects reports obtained from all three.

A fraud alert lasts for 90 days, which is hopefully enough time for everyone to sort this mess out and determine the ramifications. If you need to keep the fraud alert on your credit report for longer, you can file an extension. That extension may or may not cost a fee depending on your situation.

posted by NoraCharles at 3:33 PM on September 8, 2017 [2 favorites]

Experian seems to be asking for mail in requests to freeze accounts. Not sure how that works when other two (TransUnion and Equifax) are frozen, but that's what I've done so far.
posted by bquarters at 5:30 PM on September 8, 2017

If you don't already have one, create yourself an online account with the Social Security Administration, This prevents others using stolen information from creating and using an account with your info.
posted by LowellLarson at 6:52 PM on September 8, 2017 [2 favorites]

Because my ID was stolen and because I discovered that the perps were able to successfully REMOVE my freeze, (outlined previously here at meta) I spent many months talking to representatives from the top three credit agencies trying to get something more secure than a freeze. I was eventually successful, but my years of dealing for ID theft have made it very clear that the only thing that will ever make a difference is a complete reform of a very broken, dysfunctional, antiquated system.

call your representatives NOW.
posted by silsurf at 10:10 PM on September 8, 2017 [1 favorite]

Slight derail - so I froze my credit online at the various credit agencies but unfortunately immediately lost my equifax pin # (they displayed it in a a pdf embedded within another page so when I saved the page to pdf it didn't print along with rest of the page - le sigh). Do you think they'll mail me the pin too? Or do I really need to go through this procedure where I send them a letter with a copy of my drivers license/passport?
posted by jourman2 at 10:26 AM on September 9, 2017

update on the derail. Signed my wife up for a credit freeze and realized equifax security pins are literally the date and time you signed up and was able to get back in. That's...concerning.
posted by jourman2 at 10:54 AM on September 9, 2017 [2 favorites]

There's an open MeFi thread about this also, if you haven't seen it yet -- lots of discussion in there as well (including some comments on the Equifax "security" pins, too).

create yourself an online account with the Social Security Administration,

I just made a comment in the MeFi thread that relates to this (will avoid reposting the whole thing) - it references this FAQ page, which says:
You cannot create a my Social Security account online if you have a security freeze, fraud alert, or both on your credit report. You first must ask the credit bureau to remove the freeze or alert.

To create a my Social Security account in person without removing the security freeze or fraud alert, visit your local Social Security office.
As I said there, I placed a fraud alert with Experian today and was still able to create an account (which uses Equifax for their ID checking (!)), probably because the fraud alert hadn't reached Equifax yet.
posted by rangefinder 1.4 at 6:24 PM on September 9, 2017

update on the derail. Signed my wife up for a credit freeze and realized equifax security pins are literally the date and time you signed up and was able to get back in. That's...concerning.

Well that's interesting. I just looked up my Equifax pin and I guess I signed up ~11 years ago.
posted by cnc at 9:07 PM on September 11, 2017

More incredibly insane open access to Equifax system. read with tears
posted by silsurf at 9:19 AM on September 13, 2017 [1 favorite]

« Older Punished at work for a false reason. Help?   |   Recommendations on Dark/black comedy literature Newer »
This thread is closed to new comments.