There is much we still don’t know about the massive data breach that occurred at Equifax, one of the three credit reporting bureaus. As of now, it appears that over half of the adult population of the United States – about 143 million people – had their personal identification information stolen. This data could include social security numbers, names, addresses and dates of birth. In other words, all that a fraudster would need to impersonate you and open new accounts, credit cards, etc. Other information like credit card numbers and drivers licenses also seems to have been stolen from a smaller number of people.
Given the scale of the breach, most of us need to assume that we have been affected by it. So the question becomes: what do you do now?
First, you can limit access to your credit by freezing it. You will need to contact the credit reporting agencies directly and put a block on your personal information (yes, you will have to give them your confidential information). This is something you may prefer to do directly, over the phone. Here is the contact information for each of the credit bureaus you will need to contact (click on each bureau for a link to its website):
Experian: (888) 397-3742
Equifax: (800) 349-9960
TransUnion: (888) 909-8872
Believe it or not, you may be charged for the freeze – typically $5 – $10 per bureau. While you are on the phone with the bureau, you may also want to place a fraud alert on your credit report: this will warn lenders to take more care in verifying your identity before granting credit on your information.
Second, you should increase personal cybersecurity. Read and implement the best practices post we sent around (click here), and pay special attention to dual factor authentication. This isn’t shutting the barn door after the horse has left. If everyone’s DOB and SSN is out there for sale, you could expect lenders and others to start requiring even more personal information in order to get credit. That information should get enhanced protection now.
Third, monitor your credit usage. Some of this you can do yourself by using the services that credit card providers offer, such as usage notices through text messages or apps, accessing your credit reports (see our post on how to do that), or simply by reviewing credit card statements. You may decide to use one of the many credit monitoring services, like the one that Equifax is offering (click here to enroll). We have not reviewed these services individually, but there are comparisons available elsewhere online.
Fourth, monitor your financial accounts. This is one of the reasons we offer account aggregation on our client statements: to increase security and make this kind of monitoring easier. The Capital Flows report in our new client portal can be useful here.
Finally, stay informed. We will continue to “curate” important articles and post them to the Newsroom and Blog sections of our website. Check back often for new information.
These are some of the steps you can take to protect yourself. Wealthspire Advisors has heightened our own cybersecurity, and we will be conducting a thorough review of existing policies in light of this data breach. In addition, our custodians such as Schwab, Fidelity and Pershing have all been increasingly focused on cybersecurity and have initiated a number of controls of their own. We will not be sending any of these new procedures out in writing to clients, as we do not want to leave a trail of breadcrumbs for the bad guys. We do expect, however, that all of us will need to expect and accept additional inconveniences in exchange for better security going forward.