Credit Suite Blog

Get current information on getting credit and loans to grow your business

CLICK HERE TO LEARN MORE

Starting a Credit Freeze Due to the Equifax Data Breach

Published By Janet Gershen-Siegel at September 12th, 2017

Starting a Credit Freeze Due to the Equifax Data Breach

Starting a Credit Freeze is Not Hard – We Show You How

As the news continues to come out from the Equifax data breach, one thing is for certain in a sea of uncertainty – it will affect a lot of people. You may want to think about starting a credit freeze.

The Scope of the Problem and Why You Want to Be Starting a Credit Freeze

There are about 255 million adults in the United States, as of the date of updating this blog post (January 5, 2021). Equifax estimates their 2017 data breach affected some 143 million persons, although some of those people were citizens of the UK and Canada.

In addition, it is possible that a fraction of those affected are under the age of 18. But that figure is probably not too high. For example, consider that a 17-year-old girl might get her first gas card. But it’s highly, highly unlikely that a 5-year-old even knows what credit is.

Therefore, if we operate under the assumption that about 140 million of the affected people are American adults, then the breach is affecting over half of all of the adults in the United States. Hence the prudent assumption is that you are in that group.

Starting a Credit Freeze Because the Equifax Site Seems Untrustworthy

Furthermore, the Equifax site itself seems unreliable. Security news and investigation website Krebs on Security reported that initially some people got different answers from the Equifax website (with respect to whether they were on the affected list of people or not) if they switched from a desktop to the mobile version of that site.

Still others did not get a yes or no answer at all. Instead, they just got an offer of credit monitoring. Plus many sites reported that you could enter random names and numbers and the site would return an answer.

The response felt haphazard and ill-thought out. Years later, it still looks that way.

Equifax Stumbling Out of the Gate Makes Anyone Want to Consider Starting a Credit Freeze

Equifax had numerous issues with the breach, not the least of which had been its handling of the matter.

Starting a Credit Freeze Due to the Fine Print and Attempted Forfeitures

A few days after reporting on the breach, Equifax had fine print on its credit monitoring sign up page. It told concerned consumers that by clicking to get free credit monitoring for one year, they were also automatically forfeiting their rights to sue the company for damages sustained due to the breach. This understandably caused an outrage. So the company dialed it back, changing it to no waiver of a right to sue. There is a settlement, by the way.

And that was a good thing, too, virtually every judge out there dislikes a waiver of the right to sue (called a ‘covenant not to sue’) . Covenants not to sue get strict interpretations if they are okay at all. And they are more likely to be okay if the following conditions apply:

  • It clearly spells out the forfeiture of the right to bring suit
  • The parties are on more or less equal footing with reference to being able to bargain and shape their agreement

Neither circumstance applied here. The attempts at forcing forfeitures were hard to spot and the company did not spell out that anyone selecting the years’ worth of free credit monitoring was giving up anything or paying any sort of hidden charges, monetary or otherwise. Furthermore, the parties were not on an equal footing at all. Equifax presented the waiver as a ‘take it or leave it’ proposition.

549097 How to Build Credit For Your EIN That is Not Linked to Your SSN2 OP4 101119 - Starting a Credit Freeze Due to the Equifax Data Breach

Learn more here and get started with building business credit with your company’s EIN and not your SSN.

Cybersecurity

Technology news provider Ars Technica found that the EquifaxSecurity2017 site was first a regular old WordPress blog, and did not have enterprise-level security – something which should have been a given, considering the breach and the fact that the site was holding names and Social Security numbers. Plus the domain name isn’t even registered to Equifax – it’s registered to a company called Mark Monitor (this is still true in 2021). Krebs on Security said the first registration name on the site was Edelman PR. Therefore, it is safe to presume that the registration of this site changed hands. In less than three days.starting a credit freeze Credit Suite3 - Starting a Credit Freeze Due to the Equifax Data Breach

Advance Damage Control

Beyond the question of possible insider trading, Krebs on Security also said the company bought and registered the equihax.com domain on September 5, 2017 (two days before the public announcement of the breach by one Brandon Schondorfer (in 2021, this domain is registered to Mark Monitor). Why did they buy that domain?

This happens as a proactive measure when a company is about to announce bad news. For all of the companies which never claimed their company name + sucks.com, this can be a smart move. However, here the timing is suspect.

But the company was right about one thing – people used the equihax term– as a hashtag on Twitter. As you might expect, Twitter was not kind about this.

So even more people are considering starting a credit freeze, and for good reason.

549097 How to Build Credit For Your EIN That is Not Linked to Your SSN2 OP4 101119 - Starting a Credit Freeze Due to the Equifax Data Breach

Learn more here and get started with building business credit with your company’s EIN and not your SSN.

Starting a Credit Freeze: What You Can Do

It is becoming clear that putting a credit freeze on your account is the best way to go. A credit freeze means that every time someone (including you) wants to open up another credit account or get a loan, you need to use your PIN to temporarily unlock your account. Obviously, you don’t unlock for thieves.

Keep your PINs safe and secret, of course. You can take off the freeze permanently if you want to, and some of the services allow you to preemptively remove a freeze on a credit inquiry, which you might want to do if you’re buying a car or the like and know which company will be making the inquiry.

Credit freezes do not prevent identity theft, but they do make life harder for thieves. And with so many accounts to choose from, frustration and a slow down by your credit freezes might be enough for a thief to move onto the next of 143 million names on his or list.

Or not. According to the New York Times, possible uses for this data were not just credit cards obtained fraudulently, but also people going to the emergency room and using your medical benefits, or thieves submitting a tax return for you on January 2 (and not out of the goodness of their hearts) to steal your refund.

Starting a Credit Freeze on Your Account

Starting a credit freeze due to the Equifax breach is easy but it will take a bit of time. Plus all of these services were overwhelmed at the time. But it’s still a good idea to be patient.

Starting a Credit Freeze with Equifax

Equifax (free): https://www.equifax.com/personal/credit-report-services/

Starting a Credit Freeze with Experian

Experian (site kept crashing in 2017 but I eventually got through):  https://www.experian.com/freeze/center.html

549097 How to Build Credit For Your EIN That is Not Linked to Your SSN2 OP4 101119 - Starting a Credit Freeze Due to the Equifax Data Breach

Learn more here and get started with building business credit with your company’s EIN and not your SSN.

Consider Starting a Credit Freeze with TransUnion

TransUnion ($5 or free, depending on your state): https://www.transunion.com/credit-freeze

Starting a Credit Freeze with Innovis

Innovis (not as big as the others but this is easy and you might as well. See: https://www.innovis.com/personal/securityFreeze

All of these steps were fast; the entire process, including printing forms (and even changing ink cartridges) took me maybe an hour and a half. In 2021, it’s no longer necessary to mail in your documentation to Innovis; you can do the process online now.

2020 Update

On February 10, 2020, the Boston Globe reported that Attorney General William Barr and the United States Justice Department were charging four members of China’s military on suspicion of the 2017 hack into Equifax.

The Attorney General noted there have been any number of data theft by the Chinese military in recent years. These thefts have been of sensitive information such as identifying American intelligence officers. One use of Equifax’s financial data could be to find out if any intelligence officers have money issues – and would thereby be subject to bribery or blackmail.

Note: because all of that came before the pandemic in the US, it has understandably taken a back burner to both Covid-19 and the 2020 election.

Starting a Credit Freeze: Takeaways

In 2021, with the benefit of a few years’ worth of hindsight, the biggest lesson is probably: be vigilant.

Leave a Reply

Your email address will not be published. Required fields are marked *