How Does the Equifax Breach Affect Me?

in Market Commentary by

Earlier this week, news of a significant data breach at Equifax, Inc. broke, affecting an estimated 143 million U.S. consumers. While this is not the largest breach of recent times, it may very well be the most damaging to American families due to the nature of the data that is now in the hands of cybercriminals. Only time will tell us what the true impact will be. Criminals usually need some time to parse through the information and organize their fraud strategies, so you may not see the effects until many months down the line.

When companies leak your credit card information, it is unfortunate – but then the big card brands re-issue you new numbers and largely absorb the fraudulent transactions costs. In other words, you are largely protected from the repercussions, provided you notify the card issuer when you see fraudulent activity. On the other hand, cybercriminals having such a rich data profile of your identity, such as what was made available by the Equifax breach, is a much greater risk to your digital safety. This information, (e.g. Social Security number, birth date, address, driver’s license, and other personal information) can empower full-fledged identity theft, as well as a takeover of your existing digital accounts, such as your bank, brokerage or email.

Think about the last time you forgot your password to your bank’s website. When you reset your password, your bank usually asks you for information like your date of birth, your address, and the last four digits of your Social Security numbers – all private information that may now be in the hands of criminals.

As your information trickles through the black markets with initial thieves selling it to fraudsters, we will see what is the full extent of the damage that comes.

Are my Personal Capital Accounts at Risk?

This breach does not affect Personal Capital in any direct way. Whether you are a user of our free financial tools or a client of our wealth management services, we make every effort to prevent your information being stolen, as security is a key priority for us. You can review key security measures we have in place on our Security Page and our security team can always engage directly with clients who have specific concerns.

What Should I Do?

In this day and age, the sad reality is that you need to expect assaults on your identity and cybersecurity. Identity theft can have lasting consequences on your financial health and here at Personal Capital, this is something that we care deeply about. Here are some of the things you can do right now to be in a strong defensive position to mitigate the risks associated with these types of events.

New credit account fraud – the risk that fraudsters will create new accounts in your name, damaging your credit and possibly leaving you accountable for debt.

  • Sign up for the free monitoring services – this should provide you with alerts when significant events happen. Monitor those closely. Equifax offers this for free now, but don’t forget that the free monitoring is for a limited time and if you do not want to pay for this, you will need to unsubscribe after a year. Do this before the next step as it may prevent you from subscribing to the monitoring if your file is frozen.
  • Freeze your credit file – Reach out to credit agencies (Equifax, Transunion, Experian and Innovis) and request your file be put on a “security freeze.” This is possibly the most effective option to prevent identity theft since it will prevent anyone from opening new accounts in your name (including yourself!). This is not usually widely publicized because the industry wants you to open more accounts. Should you need to open new credit accounts for your own benefit, you would need to unfreeze and refreeze your accounts. In some cases, unfreezing may take some time, so plan ahead if you need a new car, house or credit card. Some bureaus may ask you to pay a nominal fee for this; it is usually well worth it compared to the cost of recovering from identity theft and usually voided if you can demonstrate a legitimate risk of being subject to identity theft.
  • Monitor your credit file– You are entitled to at least one free credit report per year. Get this now and mark your calendar for next year. Dispute any anomalies. Use services or apps that will monitor this in real time – some free and reputable options exist such as Credit Karma or Credit Sesame.

Existing account fraud – the risk that your existing financial services account will be taken over, putting your current assets at risk.

  • Actively monitor your financial accounts – In many cases, if you spot fraudulent transactions quickly you may be able to stop or contest them. This is not convenient when you have to log into all your financial institutions accounts independently. This is an area where Personal Capital can help out. Using our dashboard, you can link all your important accounts and easily keep an eye on things. Review this every day or sign up for our daily review email. Respond quickly if you see suspicious activity by contacting the financial institution responsible for the account.
  • Change the way you do passwords – Most people will bore you with the usual “don’t reuse password” or “use super-complicated passwords” in the wake of such an event. While those are not bad advice, they are usually short on the how to make this practical. Here’s the how to effectively change how you do your passwords:
    • Get a password manager tool; there are many out there (see Lifehacker’s reviews for insight). Getting one for your phone is usually simpler and more secure versus software on your desktop computer.
    • Secure it with a very long passphrase that you will not forget. “Matt likes to dance in the rain” is better than “5ue@1s21%.”
    • Once that is done, change all your passwords for important accounts to the long passwords that you will store in your password manager (and update your Personal Capital dashboard!).

If you implement the action plan above, you should be able to reduce the potential impact to you and your family of this data breach. We hope this helps you and your loved ones and keeps everyone’s financial lives sound.

[For more tips on how to keep your financial account safe, click here.]

The following two tabs change content below.

Maxime Rousseau

Maxime Rousseau is Personal Capital's Chief Information Security Officer. He is a well-rounded and seasoned cybersecurity professional with over 15 years of experience helping technology, financial services and other organizations building and improving their cybersecurity programs as part of PwC's Advisory practice. Maxime also holds a CISSP certification and is active in the information security community.

Latest posts by Maxime Rousseau (see all)


One Response

  1. Kirk

    So if I have Transunion as my monitoring service I am not affected?

    I know that the three agencies share information.

    Reply

Leave a Reply

Your email address will not be published.

Disclaimer. This communication and all data are for informational purposes only and do not constitute a recommendation to buy or sell securities. You should not rely on this information as the primary basis of your investment, financial, or tax planning decisions. You should consult your legal or tax professional regarding your specific situation. Third party data is obtained from sources believed to be reliable. However, PCAC cannot guarantee that data's currency, accuracy, timeliness, completeness or fitness for any particular purpose. Certain sections of this commentary may contain forward-looking statements that are based on our reasonable expectations, estimate, projections and assumptions. Forward-looking statements are not guarantees of future performance and involve certain risks and uncertainties, which are difficult to predict. Past performance is not a guarantee of future return, nor is it necessarily indicative of future performance. Keep in mind investing involves risk. The value of your investment will fluctuate over time and you may gain or lose money.