Smart moves to make in wake of Equifax breach

The Savage Truth

Equifax knows you, even if you don’t know Equifax. It’s one of the three large credit bureaus that collect information on all your financial transactions from banks, credit card companies, merchants, mortgage lenders, landlords and utilities — just about every company to which you make payments or from which you borrow.

And much of that information, covering almost every adult in America, has been exposed to hackers.

Information gained by the hackers includes addresses, Social Security numbers, birth dates and in some cases driver’s license numbers. The breach happened in late spring but only now is being disclosed.

The only truly surprising thing about the huge breach of security at Equifax is that it took so long to happen. Equifax allows protected public access to its data to individuals seeking information about their own credit reports and to merchants seeking to grant “instant credit” at point of purchase. That access creates greater vulnerability to a breach. Equifax knew that but obviously failed in some way to secure the information.

Equifax created a special website for consumers to check to see if their information has been compromised. To find out, go to, and click on the Potential Impact tab. You’ll need your last name and the last six digits of your Social Security number to do that. You’ll receive a notification — the company doesn’t say how or when — that you have been affected. You’ll also be given a date, likely within a few days, when you can go back to the site and sign up for the free protection service Equifax is offering.

Users have reported two big problems with this site. First, many have tried and reported it as unresponsive or found that they could put in fake names and numbers and get a response. Even worse, the “terms of use” section of the site seemed to suggest that by signing up to see if your information was compromised, you automatically agree to an arbitration clause that would prevent you from joining a class-action lawsuit. Equifax says that won’t apply to this “cybersecurity incident,” but it might be wise to simply assume you are a victim.

So, here’s what you should do now.

Start checking your banking and credit information regularly. It’s been several weeks since the breach, so the hackers have a good head start. And they also can be patient. Check your existing bank and credit card balances online at least weekly. And don’t file your paper statements without opening and scanning them.

Go to to get a free copy of your credit report. It’s not just the balances on your existing accounts that need watching. This time you are looking for newly opened accounts, something that could easily be done with the information that was stolen.

Don’t wait for the Equifax free credit monitoring offer. Sign up elsewhere and pay the small price. It will be relatively low cost compared to the hassle of finding out your information is being sold on the dark web or has been used to open a new account in your name.

Consider freezing your credit. Contact each of the three bureaus. It will cost you a small amount to freeze and later un-freeze your credit report. But it will protect against someone using your personal information to open new accounts. Of course, if you are buying life insurance, refinancing your home, buying a car or even applying for a job — typical situations in which a credit report would be pulled — you’ll have to unfreeze your report for this purpose.

We are very vulnerable to compromise of our digital dependence. That’s a sobering reality. And that’s The Savage Truth.

Terry Savage is a registered investment adviser and the author of four best-selling books, including “The Savage Truth on Money.” She responds to questions on her blog at

Copyright © 2018, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad