As you almost certainly know by now, the credit bureau Equifax suffered a massive hack this year, exposing the confidential information of some 143 million Americans.
But security researcher Brian Krebs says the smart money is to just assume that your information is out there — assume you’ve been hacked or otherwise compromised, and then act like it.
“We have no business using these static identifiers — name, date of birth, social security number, mother’s maiden name, address, previous address, phone number — all these things that don’t change about you, or that are available in these databases that have been hacked six ways from Sunday,” Krebs said on the latest episode of Too Embarrassed to Ask. “Even if we forget about all the times this data has been hacked, it’s broadly available for sale in the cybercrime underground.”
“We should behave as if our information is already compromised,” Krebs added. “We don’t need some stupid website from Equifax to tell us yes or no. If the answer is ‘no,’ it’s the wrong answer.
“You either call them on the phone, or you go to the website and you say, ‘I’m going to freeze,’” Krebs said. “You give them all the personal information that was compromised in the Equifax breach, answer four authentication questions, and they’re supposed to freeze your file. After the Equifax breach, at Equifax and almost all of the other bureaus, their ability to do this for you online completely failed because they were all overwhelmed.”
Despite the hassle — it’s worth doing, Krebs said. But consumers should keep two things in mind: If they want anyone to be able to check their credit — when obtaining a loan, for example — they’ll need to “thaw” the freeze in advance to make the credit report visible to outsiders again; also, the credit bureaus only make money when your credit is not frozen, so they may try to deceive you into doing something different.
“What is most frustrating about this is, now, in the wake of the Equifax breach, when people go to place a freeze, the bureaus go ‘Oh, you really don’t want that! I know you said you wanted that, but what you really want is a little less restrictive. You want to use our credit lock service,’” Krebs explained. “Which everyone is starting to conflate with the freeze. As far as I can tell, they are different things.”