EQUIFAX’S BIG PAYBACK: SHOULD YOU FILE A CLAIM?

It was just two short years ago when Equifax went public with the realization that access to about 150 million users had been obtained by a third party still unknown to top security officials. Without knowing the perpetrators, motive behind this breach has yet to be concluded, generating worries about criminals using the identities stolen to cash in through the sale of said data or something more nefarious, including spy scandals.

While advanced cyber security and dark web professionals sift through to try and find the data, Equifax has been trying (and being forced to) make up for their mistake with the millions of Americans whose information was violated. On July 22nd, 2019, the Federal Trade Commission, in conjunction with several other agencies and all 50 states, agreed in court to a settlement of roughly $700MM to be paid out in reparations to those affected by the breach in accordance with allegations that the company did not provide and monitor security measures to protect against this attack. This is on record as the largest settlement ever dished out for a data breach in U. S. history.

Of that $700 million dollars, at least $300 million is to be used to offer the plaintiffs access to years of free credit monitoring service in order to ensure that any data stolen from Equifax during the breach was not used to steal individual’s identities, and also allows for free credit freezes as well for those who are more concerned. The other payout option they provided was $125 for anyone who files a claim for it. An extremely small payout on an individual level considering the fortunes that could be lost if a person’s identity was indeed stolen, but still a payment nonetheless. Should you file for one of these checks?

Well, unfortunately, Equifax has turned around and in the blink of an eye, stating that the amount of people filing for this $125 payment has surpassed the allocated funds for paybacks. According to the FTC, “because of high interest in the alternative cash payment under the settlement, consumers who choose this option might end up getting far less than $125”. Beyond the fact that this amount may be smaller in scope than originally planned on, the filing process isn’t as easy as filling out a form. Instead, those who file are required to gather documents related to the hack that show losses, and provide ancillary information and documents in the process of filing your claim. Many of those who have started the process are turned off by the fact that they need to proceed in presenting further information to the company that they already don’t trust to keep their information safe, and several scammers have set up websites to further deceive you into entering personal information. However, regardless of all these issues, millions have, and are continuing to file their claims which will remain open until January 22, 2020.

While the $125 (or likely much less) payment option may not be the best call, the alternative option for free credit reporting, monitoring, and freezing is catching on with some of those affected. Included in this package is free credit reporting, most importantly from all three major credit bureaus, which in theory is worth “hundreds of dollars a year” according to Robert Schoshinski, the assistant director for the FTC’s Division of Privacy and Identity Protection. To add to this value, included in the credit reporting is up to $1 million dollars in identity theft insurance and individualized identity restoration services. All in all, this secondary option may not be the source of direct money in your pocket, but rather can save you huge amounts of money in the case that something malicious were to occur as a result of this breach.

Here at DWM, we are always monitoring ways we can protect our clients, and we will continue to do so. While Equifax may not be giving out the $125 check anymore, free credit monitoring might be a very nice way to go if you’re willing to go through the process of filing a claim. This can essentially mean spending five to ten minutes of your time for 10 years’ worth of peace of mind, and roughly $2,400 worth of value ($20 per month of monitoring for 10 years). While it may seem like pocket change in comparison to the value of the data stolen from you, this can definitely serve as great protection in the case that any of this information is fraudulently used in the future.

 

If you would like to file a claim, please visit Equifax’s claim website: https://www.equifaxbreachsettlement.com/file-a-claim

October: Halloween and National Cybersecurity Awareness Month

What a combo!  Ghosts and goblins seem pretty tame compared to the potential theft of our financial information.  146 million Americans got a big scare last month when Equifax announced that hackers had stolen their personal information.  Fast food chain Sonic just announced that customers’ debit and credit card information was stolen last week.  So, while Halloween costumes, haunted houses and trick or treats get put away on November 1st, cybersecurity issues cannot be put away in the attic trunk or tossed into the garbage.

We probably all wish we could just email Equifax a two word message:  “You’re Fired!”  Unfortunately, it’s not that easy.  For example, Fannie Mae, who sets the rules for most mortgages, requires information from all three credit “repositories.”   If you will never need a mortgage, you can try to delete your files from Equifax.  However, those who have tried have been put “on hold” for hours and then told that deletion of their files was impossible.  The “no” response to deletion was confirmed by Equifax former CEO Richard Smith last week to Congress. For now, the best we can do is freeze (not “lock”) our accounts at Equifax, Transunion and Experian.

New “cyber-vampires” are emerging from the darkness.  Did you ever watch the movie “Catch me if you can?” Great film.   It is the story of Frank Abagnale, Jr., played by Leonardo DiCaprio, a master of deception and a brilliant forger who stayed one step ahead of the FBI (Tom Hanks) for five years with his highly successful scams.  Once arrested, he spent five years in jail from age 21 to 26.  Since that time, Mr. Abagnale has put his unique skills to good use teaching FBI agents around the country about cybercrime, identity theft and fraud.    He also serves as an ambassador for AARP’s Fraud Watch Network and lives in Daniel Island, SC.  Here are some of Frank Abagnale’s (“FA”) recent warnings:

FA: “Stop writing checks- if you are still paying by check, you might be putting your life savings at risk.”  If you go into a grocery store and write a check, you have to hand the clerk the check with your name and address, phone number, your bank’s name and address, your bank account number, the bank routing number and your signature.  And then, the clerk may ask to write down your date of birth and driver’s license number as well.  You never get the check back, it goes to the store’s warehouse, where it may be destroyed thoroughly (or not) six months from now.  Anyone seeing the check has all they need to draft on your bank account tomorrow.

FA: “It is now 4,000 times easier to forge checks (with today’s technology).”  50 years ago, FA used a Heidelberg printing press, originally costing $1 million, to forge checks.  The press was 90 feet long and 18 feet high.  Now, one simply opens their laptop and says, “Who’s my victim today?”  In fact, FA indicates that forging checks is so easy these days that street gangs that used to deal in drugs and narcotics are forging checks instead.  FA: “It’s easier and you spend a lot less time in jail if you are caught.”

FA: “Technology breeds crime-whether it is forging checks or getting information.”  Facebook is a great source of information for the crooks.  One of the most common scams now is the “grandparents scam.”  The bad guys go on Facebook and find out who the grandparents are and see who the grandson is dating.  They easily manipulate their telephone caller ID to show a call coming from the NYPD or other police department.  The thieves place their call on a Friday night and tell the grandparents that the grandson is at the jail after being picked up for DUI/DWI and being held for bail.  If money for bail is not received in two hours, the grandson will have to spend the weekend in prison.  “Millions of grandparents have fallen for this scam.”

At DWM, we recognize that you have worked and continue to work very hard for your money.  Our goal, in every facet of providing Total Wealth Management, is to protect and grow your assets.  Cyber-safe practices are a key element of risk management.  Our first job is to educate our clients and friends about the importance of cybercrime, identity theft and fraud.  Charles Schwab & Company, the custodian for our clients’ money, is as dedicated as we are to keep you and your funds safe and help prevent attacks.

Watch for more blogs this month (and beyond) on cybersecurity.  It’s a tremendously important topic!!

“An Ounce of Prevention is Worth a Pound of Cure”- B. Franklin

Millions of Americans are being impacted by two Category 5 disasters- Hurricane Irma and the Equifax data breach!!  Certainly, we’re all watching Irma spread through FL and our hearts and prayers are with all those in Irma’s path.  But don’t discount the Equifax high-tech heist as something small.  Last Thursday, Equifax announced that personal and confidential information for 143 million Americans.  This included names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers and other information.

This epic breach is a really big deal and a great concern.  Equifax, Experian and Transunion warehouse the most intimate details of Americans’ financial lives, from credit cards to medical bills.  Once security is breached, the hackers typically sell the stolen information to sophisticated identity thieves.  Last year, 15.4 million Americans were victims of identity theft, which totaled $16 billion.  In most cases, the money was recovered, but only after a tremendous amount of time, money and stress.  One man said the thieves so ruined his credit that he was unable to secure a needed mortgage refinance.  One lady’s social security number was used by others to file her income taxes and get a refund before she even filed her own return.  It took her over a year to get it straight with the IRS.  In the first half of 2017, there were a record 791 data breaches in the U.S., up 29% from last year.  Victims have recounted what a terrifying experience it is to have your identity stolen.  “You’re worried about the tremendous implications this could have and the possibility of it going on for years.”

Here’s the really bad part of the Equifax breach. We now know that the breach occurred six weeks ago, July 29th.  The hackers probably sold the information shortly thereafter.  We’ve likely all been compromised for six weeks and we didn’t know it.  Equifax is now under investigation for the breach and their lack of transparency by Congress, New York’s attorney general and the Consumer Financial Protection Bureau. If you call Equifax, it’s another frustration.  Their “hot line” is staffed with people who really can’t tell you if your information was taken or not.  You should assume that it was.  Ouch!!

It’s time for us to play defense.  Step one- put a credit freeze on all three reporting services immediately.  It’s your only hope.  A credit freeze prevents existing creditors and new creditors from using your information.  It prevents new accounts being opened in your name.  When you contact the sites listed below you will receive a PIN that allows you to temporarily lift or “thaw” your freeze.  Put that number in a very safe place (see below).  Yes, you may be delayed a day or two to get your information released when you need to apply for new credit, but that’s a small problem compared to potential identity theft.

Here are the sites:

Equifax – https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian – https://www.experian.com/freeze/center.html

TransUnion – https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

I froze Elise and my accounts yesterday in about 20 minutes.

 

Step two-you need to create strong passwords and store them in a secure spot. The bad guys have two pieces of information, your social security number (which you don’t want to change) and your address.  Don’t help them with the next step by having weak passwords.

Updating your passwords will take some time.  Focus first on the key ones; your credit cards, financial institutions, and key retailers like Amazon and Apple; anywhere there is money or where thieves could get merchandise or services.  If a site offers additional security with a two-factor authentication, enable it.   Once you’ve got the key sites, start knocking out the others.

You should use a password manager like 1Password or LastPass.  It’s always important to update your password every so often. These sites create a unique random number password for every website you visit and stores them in a database that you create.  This makes it much more difficult for the thieves to decode your password. Further, these are great places for all of your passwords and your PINs.  Of course, you need to keep your master password in a special spot and share that with your spouse and/or another trusted person.

No question, this is a real pain!!  But, the alternative is possible identity theft which could be a 100 times worse.  We live in an age of Big Data.  We have all allowed the emergence of huge detailed databases full of information about us.  Thanks to technology, financial companies, tech companies, medical organizations, advertisers, insurers, retailers and the government can maintain and access this information.  Unfortunately, companies like Equifax are only lightly regulated and there’s not much punishment for breaches.  Hence, breaches will keep happening.  Even with new technology, like Apple’s new iPhone8 which includes face recognition to unlock it, the consumer credit bureaus are not going away anytime soon.

Please do yourself a favor and freeze your credit, change your passwords and store everything securely this week.  The process will certainly feel like more than an “ounce” of prevention, but if it saves you from identity theft, it will be far more than a “pound” of cure.