Were you affected by the Equifax breach? Did you take action? Did you already forget about it? I urge you — don’t become complacent in a world of breaches, hacks, identity theft and cyber-attacks.
According to the Identity Theft Resource Center (ITRC), there have been over 1,000 data breaches recorded this year. That’s projected to exceed 2016’s total of 1,093. It’s no exaggeration to say that breaches are (on average, at least) a daily occurrence. The Equifax incident, affecting more than 140 million people, is simply the most high-profile of a rising trend of similar incidents involving companies of all types. And this incident is not even the company’s first.
As we enter this holiday season, consider everywhere your information lives: with your banks and credit card issuers, with the businesses where you use plastic and with online businesses that allow you to save card information to make future checkouts easier. Also consider the companies that are in the business of information. For example, an insurance company gathers health information to determine life insurance premiums, while credit bureaus compile credit information to create credit ratings. Other companies pay for that information to determine if you can get a loan and at what interest rate.
If a hacker gets your information, what can they do with it? Plenty. With sufficient information, that hacker may be able to access your current accounts. For example, it may be possible to file a tax return in your name and collect the tax refund. The FTC suggests you file your taxes early as a preventative measure in this case, but what about other accounts that store your information?
Your login is your first line of defense, so you should use strong passwords on any account that has sensitive information. Each of these accounts should also have a unique password, so that any password obtained from a hacked account can’t be used to gain access to your other accounts. Other advice? Treat passwords like underwear — keep them out of sight, don’t share them and change them often. If you can, go beyond passwords. Many companies now offer two-factor authentication (2FA) which requires a second piece of information for account access. This is typically a fingerprint or a code sent to you by cellphone.
It is also possible that someone could use your information to steal your identity and obtain new accounts in your name. This new information will show up in your credit report — so make sure to know what goes on with your credit. Which brings us back to Equifax.
Fortunately, companies are required by law to notify affected customers, so eventually, you’ll know if you need to act. The companies will typically set up dedicated web sites to provide explanations, including guidelines to determine if you are in the affected group.
For those affected by the Equifax breach, the company offers five complimentary services: copies of your Equifax credit report, credit file monitoring of Equifax as well as Experian and TransUnion, the ability to lock your credit file to most outside access, monitoring suspicious websites for use of your Social Security Number (SSN) and $1 million identity theft insurance to reimburse certain out-of-pocket expenses.
And if you weren’t affected by this one, chances are you’ll be affected by the next one. The question isn’t if, but when. And because such incidents are the new norm, our new norm must be to be prepared.
Nolan Taylor, Ph.D., is clinical assistant professor of information systems at the Indiana University Kelley School of Business at IUPUI in Indianapolis.