This week’s Equifax breach is big news, with a few “SMH” moments (as the kids say).
The first SMH moment is the execs who sold a bunch of stock just before the company disclosed the breach: “Three Equifax executives sold a combined $1.8 million in stock just days after the company discovered a major breach of its data system, but well before it disclosed the hack publicly.” — from an AP story in the NYT. Supposedly, these guys weren’t aware of the breach at the time, but it’s still pretty darn fishy.
The second SMH issue is the web site that Equifax has set up to supposedly let people know if they’ve been affected by the breach. As multiple people have figured out, it’s pretty sketchy. At first, it kind of looked like maybe they were completely ignoring the user input and giving everyone the same opaque response. Now, that’s a little less clear, but I’m not sure if they’re actually giving useful responses or just randomizing them.
The third SMH data point is the free year of credit monitoring they’re offering. It looks like you’ll need to enter a credit card number to sign up for it, and it will convert to a paid credit monitoring plan after the first year, unless you proactively cancel before the end of the year. So they’ll likely end up making money off this breach (though not until a year from now, when all those free accounts quietly bill for year two).
The NY Times has some advice, which is all probably good, and similar to advice I’ve seen elsewhere. First is to put a “permanent” credit freeze on your info at all three credit bureaus. That can cost a few bucks, but you can leave it in place for however long you want. Then, you can also put a “fraud alert” on your info, which is free but only lasts for 90 days. (And supposedly you only need to do that with one credit bureau, and it will apply to all three.) And you should also check your credit report at www.annualcreditreport.com. (But you were already doing that, right?)
If you’re looking to read up on this, there are a lot of places to do so. Consumerist has a good, clear, general write-up. If you want a deeper dive, Brian Krebs has a good blog post about it. And if you just want to wade into the muck, there’s a mega-thread at the personal finance sub-reddit that’s everything a reddit mega-thread tends to be: a fair amount of useful information, mixed with a lot of nonsense. (But it’s fun to read.)
What am I personally going to do? Well, I already check my credit report on a fairly regular basis. I last checked it in December 2016, so I’ll try to remember to check it again at the end of this year. If there’s any short-term fallout from the breach, it’ll probably be visible on the reports by year-end. And I know I should do that credit freeze thing, but honestly I’m probably not going to. I’ll see if I can talk myself into it.
And I was initially going to sign up for the free year of credit monitoring through Equifax, but now that I’m thinking about the auto-renew thing, I think I should skip that. I’m betting that Equifax will make the process of canceling before the auto-renew fairly annoying and onerous. And I’ll probably forget to do it anyway. I can get free credit monitoring through my AAA membership, so maybe I should sign up for that. (They appear to be using Experian’s service.)