Published Tuesday, November 28, 2017 at: 7:00 AM EST
On September 7, 2017, one of the "big three" credit reporting agencies in the country dropped a bombshell. Equifax had been hacked, and almost 150 million Americans may have had their credit histories exposed. It was one of the largest cyber-breaches in history, and while it's difficult to get a handle on exact numbers, suffice to say that it's quite likely your information was compromised.
And it isn't just U.S. citizens who are at risk. The hackers also grabbed confidential data on residents of Canada and the United Kingdom. The other two major credit reporting agencies—Experian and TransUnion—weren't affected.
It took some time for Equifax to get the word out. According to media sources, unauthorized access to data occurred during a three-month stretch between May and July of 2017. The breach was reportedly discovered on July 29, 2017.
What were the hackers after? Again, details are spotty and Equifax has promised to follow up with additional information, but at the very least it's likely that names, addresses, dates of birth, Social Security numbers and in some cases, drivers' license numbers were exposed.
Equifax has claimed that there was no evidence of unauthorized activity on its core consumer or commercial credit reporting databases. But do you feel comfortable knowing that your personal information is in the hands of people who could do you considerable financial harm?
What's more, it's easy to be lulled into a false sense of security as time passes and you don't experience any problems related to the hack. But it could be many months or even years before criminals try to use your information, and it pays not to assume that you're immune.
Whether you believe your information was exposed or not, there are several steps you can take in the aftermath of the breach to protect your financial affairs. The Federal Trade Commission (FTC) has recommended the following actions:
1. Visit a special Equifax link at www.equifaxsecurity2017.com that the company set up to help consumers. (This link isn't monitored or controlled by the FTC.) To find out whether your information has been compromised, click on the "Potential Impact" tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you're on a secure computer and an encrypted network connection before you enter it. The site will tell you whether you're a victim of the breach.
2. Regardless of whether your information has been exposed or not, if you're a U.S. citizen you can get one year of free credit monitoring and other services. When you're ready to enroll, return to the site and click "Enroll." Currently, you have until January 31, 2018, to take advantage of this offer, but the deadline may be extended.
3. Check your credit reports from the big three credit reporting agencies by visiting annualcreditreport.com. Accounts or activity that you don't recognize may indicate identity theft. Another link provided at IdentityTheft.gov tells you what to do if you think there's a problem.
4. Consider a "freeze" on your credit files. With a freeze, it's hard for a criminal to open a new account in your name. However, a credit freeze won't prevent someone from making charges to your existing accounts.
5. Continue to monitor credit card and bank accounts closely for charges you don't recognize. Remember that it may take a while for such activity to occur.
6. If you decide against a credit freeze, you might instead place a "fraud alert" on your files. A fraud alert essentially warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
7. File your tax return early. If you're at risk, it helps to get your return into the IRS before a scammer has a chance to. Tax ID theft occurs when someone uses your Social Security number to seek a tax refund or a job. Also, be sure to respond immediately to any letters from the IRS.
Finally, visit Identitytheft.gov/data breach to learn more about protecting yourself after a data breach. In addition, your trusted financial advisors can provide you with more guidance.
This article was written by a professional financial journalist for Advisor Products and is not intended as legal or investment advice.
This site is only intended for clients and interested investors residing in states and countries in which Ball & Company, Inc. is qualified to conduct investment advisory services. Ball & Company, Inc. is an SEC registered investment adviser located in Thousand Oaks, CA. Ball & Company, Inc. may only transact business in those states or countries in which it is registered, or qualifies for an exemption or exclusion from registration requirements. For non-clients of the firm, Ball & Company, Inc.'s website is limited to the dissemination of general information pertaining to its investment advisory services. Please contact Ball & Company, Inc. at 805-376-2779 to find out if we may conduct advisory business in the state or country where you reside. Accordingly, Ball & Company, Inc. does not, and will not, effect or attempt to effect transactions in securities, or the rendering of personalized investment advice for compensation, through this website. Any subsequent, direct communication with a prospective client shall be conducted by a Ball & Company, Inc. representative who is either registered or qualifies for an exemption or exclusion from registration in the state or country where the prospective client resides.