The news broke late last week that hackers have taken almost 150mm records from Equifax. These records include name, address, social security number, birthdate, and in some cases driver license information.
This is an identity thief’s treasure trove.
So what should we do about it?
I read Ron Lieber’s suggestions in the New York Times yesterday and did all of that for our family this morning.
That includes putting a freeze on our records at the big three credit agencies:
And putting a fraud alert on file for the next 90 days at the big three:
That took the better part of an hour as you need to do each of these things for each social security number you want to “protect.”
I also went ahead and pulled credit reports for our social security numbers to see if any new credit had been taken out in our names. Hackers may have had this information for quite a while.
None of this feels particularly protective to be honest. We’ve made it harder for someone to take out loans in our names, but I don’t think we’ve made it impossible.
Lenders and others are going to have to get more diligent about detecting and protecting themselves (and us) from identity theft in the wake of this and many other data breaches.
Name, address, social security number, and birthdate should not be considered sufficient information to prove identity and access credit or confidential information any more. This has likely been true for some time, but this breach certainly is the nail in the coffin for that approach (and possibly the credit bureau business model).
It’s time for new approaches to security, identity, and the protection of our financial information. Thankfully, there are a lot of them out there, mostly in startup land.