Data Breaches

DIY Identity Theft Monitoring After Equifax Breach

Written for Symantec

In the wake of the Equifax data breach, potentially affecting 143 million U.S. consumers, you may be asking yourself, “What do I do now?”

It’s a good question. Equifax says the data exposed in the breach includes names, Social Security numbers, birth dates, and addresses. That’s the kind of information criminals can use to steal identities. And in doing so, the identity thieves can take out loans, file fraudulent tax returns, and even obtain medical treatment in victims’ names—leaving those victims to clean up the mess after the damage is done.

What do I do after the Equifax breach?

Should you take action or cross your fingers and hope for the best. We suggest action. As one expert said in the wake of the breach, not taking steps to actively protect your identity is “basically playing Russian roulette.”

While some consumers concerned about protecting their identities will opt to sign up for credit monitoring or identity theft protection services offered by a variety of private companies, others may take a do-it-yourself approach. Toward that end, here are some actions you may want to consider if this is how you decide to proceed.

Equifax, can you help me?

It might seem surprising, but the first step you’ll want to consider after the Equifax data breach is to turn to Equifax for help. The company established a website—www.equifaxsecurity2017.com—to help consumers determine if their personal information may have been impacted in the data breach.

Whether your information was involved or not, Equifax is offering one year of its credit file monitoring and identity theft protection service for free to all U.S. consumers. You may sign up at the same website referenced above.

If you sign up for the free offering, Equifax says you are not giving up your right to take legal action against the company for the breach incident, a concern that was initially raised by consumer advocates. The company also says you don’t have to provide a credit card number to sign up, nor will you be automatically renewed at the end of the free year of service.

Do credit report freezes make sense?

Another step to consider: freezes on your credit files at the three credit reporting agencies. A freeze makes it more difficult for criminals to open new accounts in your name because no one can access your credit file until you unfreeze it. Lenders typically look at an applicant’s credit file before deciding whether to open a new account for that person.

Equifax is currently offering free credit freezes—until Nov. 21, 2017. It’s also offering to refund fees to consumers who paid for a freeze since Sept. 7, when the company announced the data breach.

Problem is, Equifax is only one of the three major credit reporting agencies offering free credit freezes, and only until Nov. 21, 2017. You’ll have to pay Experian and TransUnion for such a freeze—at a cost of $5 to $10 per agency each time you freeze or "thaw" your credit file. If you take advantage of Equifax’s free offer, and an identity thief applies for credit in your name with a lender or business that uses Experian or TransUnion to check your credit files, your Equifax credit freeze doesn’t help you.

Monitoring your credit reports

Another DIY step you can take is to monitor your credit files to confirm that identity thieves haven’t opened accounts in your name. By law, you’re able to access one free credit report from each of the three credit reporting agencies each year. Visit AnnualCreditReport.com to do so. Some folks recommend staggering the three reports—obtaining one every four months. When you do, you have a snapshot of your credit file over the course of a year. Even if you plan to freeze your credit files, you may want to take a look at your credit reports before doing so. That way, you can confirm there are no surprises as you start the freezes. If you do spot unfamiliar activity, you need to notify the credit reporting agencies. Our article on disputing credit report errors may be helpful to you.

Not every ID theft incident ends up on your credit report

It’s also important to note that not all identity theft involves activity found on your credit report. From medical identity theft to fraudulent transactions on your existing accounts, identity thieves can cause havoc in a number of ways that credit monitoring may not reveal.

You’ll want to monitor your credit card and bank accounts, looking for unfamiliar transactions. If you spot something amiss, contact the financial institution where you have the account.

To keep an eye out for evidence of medical identity theft—in which someone may be using your personal information to obtain medical treatment—pay attention to the “Explanation of Benefits” documents you may receive after a doctor’s office or hospital visit. The documents explain the medical treatment and services covered by your insurance. You’re looking for evidence of services you didn’t receive. If you spot something, contact your insurance provider. In our article on medical theft, you’ll find 4 steps you can take as a victim.

An arresting kind of identity theft

Another crime that likely won’t show up on your credit report is criminal identity theft—when someone cited or arrested provides your name and personal identification instead of their own. It doesn’t happen a lot, according to the California Attorney General’s office, but when it does, it can be serious. If you’re a victim, you may not find out until you’re stopped for, say, a minor traffic incident. When the officer checks your information, if your impostor ignored a requirement to be in court, you could find yourself in trouble. There’s not much you can do about it until you become aware of the issue. Then you need to contact both the arresting law enforcement agency and, if different, your local agency. For more information, check out our article on criminal identity theft.

There’s work to be done

As you can see, there are a number of steps to the DIY approach to identity theft monitoring. It takes time and effort to stay on top of the situation. But if you spot evidence that you’re a victim and are able to take action to thwart further damage and start the restoration process, all that time and effort will have paid off.

It’s worth noting that even if you find yourself a victim of identity theft at some point, it may be difficult to tie it back to the Equifax breach. That’s because of the many other data breaches involving consumers’ personal information—including Social Security numbers—that have occurred in recent years. So, whether you blame it on Equifax or not, it can pay to monitor what’s going on with your identity. After all, no matter how your information gets out there, once it’s there, there may be no going back.

Editorial Disclosure: LifeLock provides consumers with identity theft protection services for a fee, but this article is editorial in nature and designed to educate consumers about identity theft, regardless of whether they choose to utilize LifeLock, another service, or take a do-it-yourself approach.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Start your protection,
enroll in minutes.