Stop credit thieves
Freeze your credit after Equifax breach
To lower the risk of becoming a victim of identity theft and financial fraud after the data breach at Equifax, Americans should place a security “freeze” on their credit reports and delete any suspicious emails that could dupe them into releasing personal data to cyber thieves.
That’s the advice from identity-theft experts after the creditreporting company said hackers broke into its computers and stole key personal data — including Social Security numbers, names, addresses and dates of birth — from an estimated 143 million Americans.
Following the breach, which was made public last week, hackers now have four of the most important pieces of identification data — dubbed the “crown jewels” — for nearly half the nation, says John Ulzheimer, a credit expert who formerly worked at Equifax and credit-score company FICO.
That’s why Ulzheimer and other cyber-security analysts urge consumers to place a “freeze” on their credit reports at the nation’s three leading credit-monitoring firms — Equifax, TransUnion and Experian.
“It’s the Fort Knox of credit protection,” Ulzheimer says. “A freeze takes your credit report out of circulation.”
Using a freeze to place restrictions on who can gain access to your credit report is critical be- cause banks, mortgage lenders, credit-card companies and other financial institutions won’t extend credit to new applicants without first viewing a credit report, says Keith Snyder an analyst at Wall Street firm CFRA Research.
The security freeze is designed to prevent credit, loans and services from being approved in your name without your consent, Snyder says. This form of protection prevents that from happening by barring credit bureaus from releasing your information in response to a new credit inquiry.
That shuts down the all-important credit-check process.
And makes it harder for a cyber thief to gain approval to rent a new apartment, obtain a home loan or open a new credit card in your name using identification obtained illegally.
“When a financial institution goes to pull your credit report, they simply won’t be able to get it,” says Snyder.
Once a freeze is in effect, he adds, only existing creditors that already have a financial relationship with you can access your credit report.
In contrast, signing up for a credit “alert” with credit bureaus is less effective in protecting you, because the alert notifies you only after someone has accessed or tried to access your account without your permission.
“The problem with a credit alert is it alerts you after the fact,” Snyder says.
Credit freezes, which remain in effect as long as a consumer wants, aren’t free, however. Each state has its own sign-up procedures and fees. Freezing one’s credit isn’t expensive. They cost anywhere from $5 to $10 per credit bureau.
But it’s worth every penny and the time required to put the freeze in place, Ulzheimer says.
“It’s the best $15 you’ll ever spend,” he says.
A consumer who places a freeze on his credit can also request a “thaw,” or short-term removal of the freeze, for a small fee. To do so, the consumer must contact the credit bureau, provide the personal PIN received at the time the freeze was put in force, verify identity and specify a specific person or financial institution authorized to view your credit report. The credit agency has three days to unfreeze your account.
Snyder says given the fact that the stolen data will likely be sold in chunks on the black market, the risk of the data being used against you could drag on longer than usual.
That said, “keeping a freeze on permanently is not out of the question,” although realistically he says a year from now he would be “more confident” that thieves would have given up.
After major data breaches, consumers must also be vigilant and avoid falling victim to online scams.
So-called “phishing ” scams, for example, typically target potential victims using fraudulent email messages that appear to come from legitimate enterprises, such as your bank, employer or company you do business with. These scams try to lure you into providing personal data the cyber thief can later use to rip you off.