data breaches

Data Breaches & Closing the Barn Door: Protecting Your Personal Information

With all the data breaches that have occurred over the last couple of years it is hard to know when to actually ‘do something’ about protecting our credit. Having read a fair amount about the Equifax data breach issue over the last couple weeks I’m still somewhat skeptical of the level of protection we can actually achieve. In some respects, the actions we have at our disposal seem tantamount to “closing the barn door after the horse has run off” (thanks for that one mom!)

My understanding is that it only takes your name, date of birth and Social Security number to steal your identity. For those with ill intent this essential private data seems so much easier to access than it was just five years ago.

I think we can all agree that the credit ratings agencies probably can’t offer us much in the way of protection, though I’m hopeful that something may transpire to change that. It does grate on me that company(s) already making money off protecting our credit data now want to charge us to ‘protect ourselves’ from a result of…their negligence?!

That said, I did go through the process of freezing my credit at all three agencies; Equifax, Experian and TransUnion this week. Here are some measures to consider if you want to protect your identity and credit rating:

Credit Freeze

A credit freeze is a block that prevents people from accessing your credit report without your permission. It remains in effect until you remove it, or temporarily lift it. You need to contact each of the three credit rating agencies listed above to accomplish the task. Equifax is currently offering a free credit freeze. Experian and TransUnion cost $10 each. Be careful on the TransUnion site as it is easy to get confused and sign up for a ‘credit lock’, a service which costs $19.95 per month and is not a credit freeze. I got tripped up by this, so make sure you get to the part of the site that does the credit freeze.

Why do this? A credit freeze keeps anyone from opening new credit accounts in your name. Also, apparently you are notified anytime your credit is checked. It does take time but if it all goes smoothly (which it almost did!) signing up online (see the links above) will only take about 15 minutes in total. The final step is that you receive a PIN number that allows you to lift the freeze. You need to take good care of this PIN as apparently you can’t lift the freeze without it.

Why not freeze your credit? If you are currently planning to borrow money for a car or mortgage it would not be a good idea. If you’re moving and need to turn on electricity or other services that might require a credit check…again bad idea. However, should you decide to make any of these financial moves in the future, you can always lift the freeze temporarily using your PIN. There is a charge for lifting the freeze which varies by state ($2 to $12 per credit bureau).

If you’re settled, not imminently in need of new credit, and wanting peace of mind, then freezing your credit may be a fine idea. However, it is important to remember that it will not prevent identity theft on your currently established accounts. In addition, an article by US News made the point that a freeze might make it more onerous to monitor our own credit report and scores. “As credit monitoring companies usually pull their information straight from the bureaus, you may need to temporarily lift your freeze or forego using services that allow you to keep an eye on your credit scores and credit reports.” If you are signed up with a credit monitoring service, this might be worth researching.

Fraud Alert

Next is the fraud alert. I’ve heard mixed reviews on this. A fraud alert flags your credit reports, alerting potential lenders to verify the identity of anyone attempting to open an account in your name. It presupposes that the alert is spotted and acted upon. You need only to request this service of one of the three credit reporting agencies (Equifax, Experian, or Transunion) and that agency will notify the other two. The fraud alert will be in effect for 90 days initially and can be extended. It shouldn’t cost you to implement.

Monitor Accounts

Monitor your accounts closely. This is something that you might not be doing but which can pay off handsomely. I track my spending regularly and probably find at least three or four things a year that don’t belong on my bill. Not huge dollars but enough to remind me that it could be more damaging if I wasn’t paying attention.

Periodically Check Credit Reports

Checking credit reports regularly. You can do this at and it is free (one agency per year.) This allows you to check your report for new credit accounts opened in your name. E.g., you see a Nordstrom account has been opened recently, and you don’t shop at Nordstrom…red flag! You should also know that your free credit report will not include your credit score. They charge you for that precious tidbit.

Two-Factor Authentication

For logging into your financial websites, you can implement Two Factor Authentication. This requires the bank (or site) to text you a code that you must input to finish logging in to your account. This can be modestly annoying but it is a very good security measure.

Apparently, the data breaches at Equifax began back in May. On their site you can ask if your data was on the list of hacked data. But, they just say it “could have been.” Not exactly a yes or no answer. Word is that Equifax had upgraded many parts of their network and neglected updates (which were available as early as March) in others, thus opening the door to hackers. It highlights the importance of keeping our personal information systems and antivirus precautions up to date. And we need to take the reins, to the extent we can, to protect our personal information. In the confusing landscape of digital information sharing, much of it not initiated by us, taking appropriate actions might offer some sense of control.

Scroll to Top