Equifax and Capital One: How to Protect Yourself

Last week, the consumer credit reporting agency, Equifax, settled with the US Federal Trade Commission over its 2017 data breach that affected over 147 million Americans. The settlement of up to $700 million includes as much as $425 million for individual settlements.

On Monday, Capital One announced that a hacker had gained access to the personal information of over 100 million people. Among the personal data exposed were names, addresses, dates of birth, credit scores, transaction data, Social Security numbers and bank account numbers.

It would appear that we are living during a time where hacks, data breaches and stolen Social Security numbers are going to be commonplace at least until we come up with a better system for personal identification and financial transactions. If this is true, then it’s important for all of us, whether we were potentially affected by the recent breaches or not, to make personal credit monitoring a long-term habit.

Two years ago I wrote a piece called How To Protect Your Credit: 8 Steps. In it, I detailed 8 steps that everyone should take in the aftermath of the Equifax data breach. As I wrote then and would reiterate now, there’s no silver bullet that can make us impervious to the activities of financial fraudsters, but there are certainly things we can do to make ourselves much less vulnerable. Here’s a look at what we at Beacon are considering…

Regarding Capital One…

As of now, Capital One doesn’t have a website that lets you check for yourself to see if you were part of its data breach. The company has said it will reach out to customers affected by the hack. I have a Capital One savings account and I expect to receive a letter in the mail, an email or phone call – I’ll keep you posted.

For now, be on the lookout for emails and phone calls from fraudsters and fake websites posing as Capital One. Never give out your personal information or your Social Security number over the phone. Capital One says it will offer free credit monitoring and identity protection to customers affected by the breach.

Regarding the Equifax Settlement…

  • Find out if you were affected by the breach at Equifax by going to this website and entering your last name and the last six digits of your Social Security number.
  • If you were affected, you are entitled to 10 years of free credit monitoring or $125 cash. However, on Wednesday, the Federal Trade Commission announced that, due to an overwhelming response, cash payments aren’t going to be anywhere near $125. Therefore, it’s probably better to take the free credit monitoring which is worth a lot more than $125 anyway. The free credit monitoring includes 4 years of credit monitoring from Equifax, Experian and TransUnion followed by an additional 6 years of monitoring from just Equifax.
  • Note: If you spent time dealing with fraud or identity theft as a result of the Equifax breach, you can be compensated for up to 20 hours of this time at a rate of $25 per hour. If you sustained out-of-pocket monetary losses, you can file a claim for these as well. And if you paid for Equifax credit- or identity-monitoring products in the year before the breach, you can be reimbursed for 25% of the cost. (In total, you can claim up to $20,000 in cash payments altogether.)
  • You have until Jan. 22, 2020, to opt into the settlement by making a claim. You can use this website to claim the benefits described above. By opting in, you give up the right to pursue separate legal claims over the data breach.
  • You do have the option of opting out of the settlement if you’d like to retain the right to sue Equifax in the future or in excess of the $20,000 settlement amount. You have until Nov. 19 to opt out. If you do so, you give up the option to get the remedies offered in the settlement. You must opt out by snail mail; you can’t do it via the website.
  • If you do nothing, you won’t receive the 10 years for credit monitoring or $125 cash AND you’ll forfeit your right to sue in the future.

For Everyone…

  • Consider enrolling in a credit monitoring service. It looks like most of us will end up with free credit monitoring as a result of the recent data breaches. If you somehow find yourself without protection, you can enroll in the services of a company such as Lifelock. Given the current environment, it looks like having some sort of monitoring in place seems prudent. Once we know more about the Equifax and Capital One offerings, perhaps we’ll run a comparison between them and the offerings on the private market.
  • Initiate a credit freeze. A credit freeze allows you to seal your credit reports which makes it almost impossible for someone to fraudulently use your personal information to establish new credit. No creditor will open a new account for you or someone pretending to be you without access to your credit reports. You receive a personal identification number (PIN) that allows you to “thaw” your credit should you need to open a new credit card, refinance or buy a home, etc. Should you decide to go this route, you need to freeze your credit with all three credit bureaus. Clark Howard posted this very helpful guide for initiating a credit freeze. I froze my family’s credit 2 years ago and we’ve had to “thaw” it once since then. It was a very simple process (just be sure to keep you PINs.)
  • Regularly check your credit reports at Annual Credit Report.com. You’re entitled to get a free copy of your Experian, TransUnion and Equifax reports once every 12 months. I usually pull one of my three reports every four months and I plan to continue to follow this pattern. In addition, most large banks and a few free online resources, like Credit Karma or Mint , now offer a very good big picture view of your credit score and can help you catch any noticeable changes.
  • Keep a close eye on your bank accounts, checking and credit card transactions, and other financial information. A credit freeze does not prevent a thief from making purchases with your existing credit accounts so it’s important to stay alert. You don’t need to check your accounts every day but doing so regularly is just a good thing to do. However, please don’t confuse this with checking your 401(k) daily to see what the stock market has done to your balance. This can lead to unhealthy outcomes so be smart and find a system that works.
  • Consider using a password manager, like Dashlane or LastPass. Read Sam’s thoughts here. I’ve used one for a year and I’ve loved it – after a bit of a learning curve.
  • Be especially alert for phishing scams (emails attempting to direct you to enter personal information on fake websites) and fraudulent phone calls. Do not, under any circumstance, give out any personal information over the phone or via email. Even if if the caller says they are with the IRS, Equifax or Capital One.
  • Consider filing your taxes earlier. It’s possible that a scammer could use a stolen Social Security number to file a fraudulent tax return in pursuit of a refund. If you’ve already filed it may be harder for them to do so. You’ll still need to wait until you’ve received all your W2s, 1099s and other tax forms but perhaps waiting to file no longer offers as much appeal as it once did – even if you end up owing money!

We will continue to follow the Equifax and Capital One stories as they unfold and let you know if any of our recommendations need to be updated. As always, please let us know if you have any questions. We’re here to help.

Geoff Hall, CFP®, RICP®
[email protected]

My wife, Crystal, and I have been married for 12 years and have two kids, Cooper (11) and Rhodes (9.) When I’m not spending time with them you might find me downtown serving at our church, pushing my limits during a mountain bike ride or having coffee with a friend in the Five Points area. I've been a financial advisor for 29 years and I'm thankful for the privilege of shepherding my family of clients through the ups and down of the markets, and of life for that matter.