First of all, yeah don't fucking bother with Equifax's free year of credit monitoring. It's a security blanket, and about as effective. If you DO get an identity theft event, Equifax will basically tell you "Hey, you got your shit jacked! ...I mean, we didn't do anything to stop it, that's not part of this service, and it's still up to you to go through the long and painful process of resolving the situation with the lender and the credit agencies... But hey, at least you know!
"Also, if you find out you ever WERE the victim of identity theft, I strongly suggest reading this article: Identity Theft, Credit Reports, and You. The long and short of it is when resolving a fake loan or credit card on your record:
- File a police report. The police won't do jack, but a copy of the report itself is needed to show you mean business.
- Never talk to them on the phone, always write out letters, keep copies forever, and always mail with certified mail and return receipt requited. A paper trail is the most important thing to scare these assholes into actually fixing their shit.
- Don't use form letters, they're actually an out for the agencies to ignore you. Write the letters yourself.
- "Speak" professionally, not emotionally. Don't threaten to involve an attorney, it's actually a signal you don't know what you're doing and they can safely ignore you. The article goes into detail on this point, read it.
- Send the first letter to their legal departments or even the CEO's office itself. It'll be sent to to the actual resolution division, sure, but at least this way it'll be redirected from people who literally cannot afford to be ignored.
- Request your free credit report from the federal government's free annual report website. This one's pretty "no shit, sherlock", but still important to not forget. If you plan on getting a new credit card or home or business loan or something in the near future, request all three at once to make everything is correct and the same. Otherwise, just request one every four months (I keep a rolling reminder in my calendar app for this) from a different agency each time. They miiiight fuck up on the online request form, but you can just call them and request a mailed report that way instead in that case.
- Set up an account with the Social Security Administration and IRS.gov, if you haven't already done so. I don't care if you never plan to look at these accounts again, this is to prevent some Ukrainian asshole who bought your identity creds on the darknet from doing instead and siphoning all your benefits into their coinbase wallet or whatever. You need to do this BEFORE the next step, because a credit alert/freeze on your record will prevent the registration process from going through. Speaking of which...
- Put a credit alert and/or freeze on all four of the credit agencies (and also Chex Systems, Krebs mentions them in another article but I always have a devil of a time finding it). Yeah, there's Equifax (Alert, Freeze), TransUnion (Alert, Freeze), and Experian (Alert, Freeze), but there's ALSO Innovis (Alert, Freeze), who you need to do this for too. When you get an Alert at one of The Big Three, they're automatically notify the other two, but Innovis always needs to be requested separately. I also keep a rolling reminder for every 91 days to renew my credit alerts in my calendar app, as well.
As for the credit freezes? You need to request each one individually, and depending on which state you live in, you may have to pay a fee of up to $15 for each credit freeze. For example, Nuke living in the great state of Texas would have to pay $60 in total to freeze all four of his credit agency histories. Moreover, everytime you need to have your credit history run (getting a loan or new line of credit, applying for a job, etc) you need to lift it, which may cost you (like in Texas), and you need to pay again to put it back up, everytime. Depending on your situation, this may not be worth it and just leave it at the credit alert. Your call. If you have a police report showing you were a victim of identity theft, the freezes are free and you qualify for seven years worth of credit alert, but a hack like this that merely puts you at risk for identity theft doesn't count. Shit sucks, but that's how it is right now. - As always, watch your bank and credit card statements like a hawk. This hack proooobably didn't jeopardize those accounts directly, but a name, DOB and SSN (as well as an address easily found in the public record) can allow an attacker to do all sorts of nasty things to your financial life through tired-as-fuck call center operators.
