The Equifax Crime

lp – As terrible as are the criminals that hacked into Equifax, and stole our personal information, EquiFax is arguably the bigger criminal. They established themselves as gatekeepers of our personal data and then were incompetent in its protection. There’s a lot more to be said about the credit industry and their behavior, but this post it to provide guidance about what to do and my personal experience in doing it.

Update: 20 Oct 2017

It appears that the best advice is to put a freeze on you credit reports. It can cost a bit to unlock the reports if you need credit, but a freeze is more secure than a lock.
Here’s freeze information provided by John Oliver’s Last Week Tonight TV program.
If you prefer information directly from the US government:

Check to see if your data has been stolen:

  • To to Equifax.
  • Click the button Enroll to Protect & Monitor Credit – Free

  • Enter your last name and last six digits of your Social Security Number.

  • Be sure to verify that you’re not a robot.
  • Click the “Continue” button.

If stolen, enroll in protection:

If your data was stolen, you’ll get a chance to “Enroll” in TrustedID credit monitoring. Equifax initially offered one-year of free credit monitoring. As of this post (30 Sep 2017), it’s now free for life. Update (7 Oct 2017): Equifax is offering a free lifetime service that allows consumers to easily lock and unlock access to their credit files – this is not the same as credit monitoring. It’s uncertain if a lock with Equifax will also lock the other credit reporting companies. If it doesn’t propagate through the entire credit reporting system, a lock on Equifax is of little use.
After you enroll, you’ll get an activation email from trustedid.com. It could take a few days for the email to arrive. Keep in mind that the emails may end up in your Junk or Spam.
Click the link in the activation email to complete the activation of your new TrustedID account.
Don’t forget to create a good password and keep it in a safe place. You may want to consider using a password manager like iPassword or LastPass.
Once your account is fully activated, you can lock your credit report to prevent any new credit accounts being created. This lock can take a couple of days to activate.
If you need to take out a loan or credit card, you’ll need to remove the lock on your credit.
The lock propagates to the other credit reporting agencies automatically.

My experience:

I’ve completed this process for three people.
  • The first (me) went pretty smoothly.
  • The second (wife) failed because I used the same email address as the first. EACH PERSON / APPLICATION MUST USE A UNIQUE EMAIL ADDRESS.  This requirement isn’t mentioned anywhere on the application.
  • The third (Mom) failed for no particular reason
    • The website claimed that the account had already been activated, even though they send the activation email.
    • I called the number in the activation email, 30 minutes on hold to be told that it was the wrong number.
    • Called the second number, hung up after waiting on hold for an hour.
    • I tried to reset the password and the reset email ended up in the Junk folder. Even though the activation email didn’t.
    • After resetting the password, I got a message that I must contact them by phone to continue.
    • The number provided got through fairly quickly – 10 minutes or so.
    • They wouldn’t fix the problem without a power-of-attorney since the account was for Mom.
    • The POA was to be faxed and would take up to a week to process.
    • I was pretty steamed and decided to try again when I could put Mom on the phone.
    • Later that day, just for grins, I tried to log on to her account and it worked(!?).

One last thing:

Establishing a lock on your credit is a good start, but your existing accounts may be an even bigger threat. With your personal information, a criminal may be able to bluff their way into gaining access to your account. Ensure that all accounts use significant passwords and multi-factor authentication whenever available. Don’t forget that a poorly managed website may be hacked and the criminals would then have your password for that site. Any other account that uses the same or similar password would be at serious risk.