Sunday, October 22, 2017

Protecting Myself Against Data Breach #equifax

Yesterday, my wife received a letter from Equifax. Although we had thought she had not been affected, it appears she is now one of the affected. Check this paragraph out of the letter:
On September 7, 2017 Equifax notified U.S. consumers of the data security incident, including that approximately 143 million U.S. consumers were impacted. On October 2, 2017, following the completion of the forensic portion of the investigation of the incident, Equifax announced that the review determined that approximately 2.5 million additional U.S. consumers were potentially impacted.  
To minimize confusion, you are receiving this letter because you are one of the 2.5 million additionally potentially impacted U.S. consumers. Source: Letter received 10/21, mailed 10/13/17, "Notice of Data Breach" from Equifax.
Consider those tidbits. 143 million were impacted (I was included in that batch). Then, 2.5 million MORE people were potentially impacted.

Do you know what my favorite description of this event is? It's featured in this article by Liz Weston:
"Equifax just signed you up for a lifetime game of Whack-A-Mole," says Leslie Beck, a certified financial planner in Rutherford, New Jersey.

Whack-a-mole. Yes, that's an apt description. Here's what I've been doing in my free time.
  1. Switch from debit cards to protected credit cards. Make a decision to NOT use your debit card or write print checks with your routing and account # on them. I just went through this earlier this month and closed all my accounts at a credit union that didn't offer me better protection. This may also help you with gas station fraud due to skimmers. Even though there's an Android app to help you detect bluetooth badboys, that may not be helpful if you're on iOS. And, yes before you ask, on the way back from a workshop in Cotulla, Texas, I stopped to fill up my tank. Fraudulent charges appeared instantaneously. Good thing, my wife and I watch our accounts like hawks.
  2. Freeze your credit reports to prevent new accounts. Yes, I've been freezing my credit at all the Equifaxes I can find. It is supposed to prevent others from opening new accounts in my name unless they have my special PIN#. These approaches aren't foolproof but they do help. Credit Freeze sites:
    1. Equifax Credit Freeze Site
    2. TransUnion ($10)
    3. Experian ($10)
  3. Online Social Security account. Create the account before the bad guys do. Problem is, if you froze your credit reports, you'll have to go in person to the Social Security Admin building.
  4. File tax return early. If you don't do it, they will.
  5. Check your credit frequently. Annual Credit Reports provides a free service, but you may need to pay to get that more often.
  6. Sign up for Identity Theft Alert: Fill out this form to notify the credit agencies of potential identity theft.
Some additional tips
  • Setup an encrypted email (e.g. ProtonMail) for financial accounts. Don't just use your Yahoo/Gmail account. Keep that for common use, but rely on your encrypted account for financial transactions.
  • Setup 2-factor authentication for all email, cloud storage, digital accounts. You will need to have your smartphone with you to receive text messages or run a simple, easy authentication app that will give you a number for the digital account. The number changes every 60 seconds. This works, as I've had attacks on my accounts and seen it action.
  • Use secure passwords. I like to use secure password generator then add my own twist to it. I end up with a secure password that I keep track of using a password manager (e.g. Keepass, Lastpass).
  • Add a password or pin# to all bank account transactions. It takes an instant, but without it, it may be difficult for folks to access your accounts. And, of course, change these.
  • Get alerts via your bank mobile app for all transactions. I love knowing when funds come out of my bank account. Even if it's my wife buying me a gift for my birthday.
  • Get more than one form of ID, such as passport, passport card, and driver's license. You never know when you will have to prove you are who you say you are. I was at an airport traveling from WA to TX when I was stopped. Thank goodness, I had more than the minimum ID required.
  • Encrypt confidential data documents you have saved in cloud storage (e.g. Google Drive, OneDrive, Dropbox), as well as when they are "at rest" on your laptop or USB external drives. Read my tutorial on easy, free open source cross-platform solution.

Right now, this process is all about YOU doing all the work. The truth is, we need a better system that forces banks, credit unions, credit report agencies, and social security administration to revamp the system.

Yeah, that ain't gonna happen.

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

No comments:

The Courage to Lead