Equifax Breach Checklist

Christopher D. Flis |
Categories
Security

To the Friends of Resilient Asset Management:

This letter is to specifically address the security concerns related to the recent Equifax Data Breach. As I am sure you are aware there was a significant leak of Personally Identifiable Information (PII) with which nefarious actors could cause serious financial harm. After participating in the Shareholder Service Group (SSG) webinar, I wanted to pass along a few bits of advice. Undoubtedly, there is a plethora of literature out there of what to do…everyone’s needs are different. I encourage you to seek out all available sources and develop your own Action Plan if doing so is warranted.  This is just Resilient Asset Management’s view.

First, let’s talk about what we know.  The number of consumer records lost exceeded 143 million.  Of note, the US population is almost 333 million people, not all of whom have a credit record.  The hackers accessed the following:

  1. People’s names;
  2. Social Security numbers;
  3. Birth dates;
  4. Addresses;
  5. and, in some instances, Driver’s License Numbers.

They also stole credit card numbers for about 209,000 people and dispute documents with PII for about 182,000 people.

Second, let’s assess the threat.  Given the number of records stolen and the US population, there is probably a greater than 50% chance that your PII was compromised.  For planning purposes, because what’s at stake is so critical, that number might as well be 100%.  Therefore, my suggestion is that everyone reading this take action in response to this data breach.

Third, let’s look at what we can do:

1. Check with Equifax. You can go to https://www.equifaxsecurity2017.com/ to determine more accurately if you were impacted. Remember, nothing is fool proof, so I would not place full confidence in either a affirmative or negative response.

2. Analyze your Credit Report.  You can go to https://www.annualcreditreport.com/ to access a free copy of your Credit Report. You will want to be on the lookout for any suspicious activity.  Pay particular attention to new credit activity and inaccurate credit card balances.

3. Monitor your Credit Card and Bank accounts for suspicious activity.  Largely speaking, you are not liable for credit card fraud.  Bank accounts are a different matter and depend on your personal bank.  Nevertheless, you will want to address suspicious activity promptly.

4. Consider a Credit Freeze.  A credit freeze adds an additional step when you open a new credit account – new cell phone, new credit card, buy a car on credit, etc.  This makes it significantly harder for someone to open a new account in your name. Since most of us do not open credit that regularly, this may be a good idea for you.

5. Consider placing a Fraud Alert on your credit files.  This tactic triggers creditors to verify anyone seeking credit in your name really is you.  This is typically done with a phone call and questions to which only you should know the answers.

6. Change your passwords frequently.  It is a good practice to change any password frequently.  I recommend the use of an electronic password manager to both avoid lockouts for forgetting passwords and so you can make long, complicated passwords.  Passwords are one of those things we know we should do better though we put it off for another day.  Use this simple litmus test – if you are using the same password for more than one account you do not want compromised, I strongly recommend a password manager application and the immediate changing of all your passwords.

7. Secure your devices and update your software.  Every smartphone out there has developed some very good basic defense against hackers.  That said, we need to use the technology for these defenses to actually work.  You should definitely have a passcode lock for accessing your phone, be it a fingerprint or an alphanumeric code.  Make it difficult for others to “get in there”.  Also, I suggest you have a password for all your laptops and tablets.  And finally, it is a good idea to be able to remotely locate and wipe your phone.  And please remember, guard your cell phone as you would your wallet.

8. Backup your data.  The cost of backing up data has come down significantly, and in some cases, it is free.  One development recently in the bad actor space making headlines is “Ransomware” where you turn your computer on and a message comes on the screen demanding payment or your data will be either lost or encrypted and rendered useless.  With a recent backup, this is much less of a risk.  And note, the on-line backup services have very, very good security (like BOX, which we use).  The breaches your read about (think celebrities) are because the user’s password was hacked, not the on-line service.

9. Avoid clicking through links in email.  Despite all that is written about computer security, the bread-and-butter approach for the typical hacker is to send a spurious email with a link to a website embedded in the email.  In the computer security world, this is called “phishing”.  Simply put, don’t click through links from sources with whom you are unfamiliar.  Some of the email addresses will look legitimate, being only 1 or 2 letters off from a familiar name.  Don’t fall for this old, yet still widely-used trick.

10. Be careful who you speak to on the phone.  It is a very safe assumption that the IRS will never directly call you out of the blue.  A letter is almost always the initial contact you will receive from the IRS.  If someone calls claiming to be the IRS, simply hang up.  I actually had this one happen to me.

One last point about which I want you to be aware for those who use my custodian Shareholders Service Group (SSG).  SSG does not share any information with Equifax at all.  Moreover, they have control measures in-place to control the flow of money into and out of your accounts.  If you want to be as conservative as possible, we can place requirements on your account where all withdrawals must be verified over the telephone.  If you are interested in this level of security, please contact me directly.

And finally, while the Cyber Threat is ever-growing, so to are the defenses to combat them.  Moreover, if you take some or all the steps above, you will make yourself a “harder” target.  And most bad actors are looking for a “quick kill” on the ill-defended, so if you have an adequate defense, your chances of avoiding the hassle of identity and/or financial theft will be greatly increased.

I hope you found this helpful.  I admit this was a bit lengthy, though I felt the sensitivity of the topic necessitated a bit more explanation.  If you have any question, comments, or concerns regarding this or any other matter, please feel free to contact me directly.

Best Regards,
Christopher Flis
President