Post Equifax: Will free credit freezes help?

Tactic is a good salve, but won’t offer protection from all threats

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When Equifax announced the his­toric data com­pro­mise that exposed the sen­si­tive per­son­al infor­ma­tion of up to 143 mil­lion con­sumers, the com­pa­ny said vic­tims would have access to cred­it freezes for a month free of charge. This was not exact­ly a solu­tion to the fresh hell it had just announced.

Frankly, it seemed like a rel­a­tive­ly cheeky move con­sid­er­ing the stag­ger­ing num­ber of peo­ple who had just learned that they will be look­ing over their shoul­ders for a vir­tu­al mug­ger for the rest of their lives.

Adam Levin, chair­man and co-founder of and Cyber­Scout (for­mer­ly IDT911)

My first thought was def­i­nite­ly not, “That seems fair.”

And the Iden­ti­ty Theft Resource Cen­ter (ITRC) seems to have had a sim­i­lar reac­tion. It launched a peti­tion that urged Exper­ian, Tran­sUnion, and Equifax to let con­sumers freeze, thaw and refreeze their cred­it files, free of charge, once per year.

Sad­ly, this is not a solu­tion either.

The leg­isla­tive angle

Sens. Eliz­a­beth War­ren, D-Mass., and Bri­an Schatz, D-Hawaii, recent­ly intro­duced leg­is­la­tion that would force the Big Three cred­it bureaus to pro­vide more robust solu­tions to the iden­ti­ty-theft quag­mire we now inhab­it thanks to the Equifax breach.

One of the main pro­vi­sos was a leg­isla­tive ver­sion of the ITRC peti­tion: Give all Amer­i­cans access to free cred­it freez­ing (and unfreez­ing) for life. Addi­tion­al­ly, the bill would force the cred­it bureaus to reim­burse any fees col­lect­ed for freezes pur­chased after the Equifax com­pro­mise was made public.

Cred­it report­ing agen­cies like Equifax make bil­lions of dol­lars col­lect­ing and sell­ing per­son­al data about con­sumers with­out their con­sent, and then make con­sumers pay if they want to stop the shar­ing of their own data,” War­ren said when announc­ing the bill.

The Free­dom from Equifax Exploita­tion Act is a move in the right direc­tion, a roadmap for the Big Three to pro­vide con­sumers with more robust fraud pro­tec­tions as well as an addi­tion­al free annu­al cred­it report. (One free report is already a con­sumer right in the Unit­ed States. You can check your cred­it report for free at

In a nut­shell, the Free­dom from Equifax Exploita­tion Act says cred­it bureaus shouldn’t be able to prof­it off the fear gen­er­at­ed by their fail­ures to pro­tect our sen­si­tive data.

Freezes aren’t the answer

While it is good to get those freezes (if you can fig­ure out how to set them up), a cred­it freeze is by no means the be-all and end-all answer to the “What now?” real­i­ty of 143 mil­lion consumers.

Cred­it freezes do not mit­i­gate all threats.

First of all, you are still vul­ner­a­ble to attacks on exist­ing accounts. Two easy ways to help dimin­ish this threat is by set­ting up trans­ac­tion alerts and opt­ing for two-fac­tor authen­ti­ca­tion wher­ev­er it is offered.

You also are more sus­cep­ti­ble to spear phish­ing emails and texts now, since fraud­sters now know where you bank, where you have debt, and who financed your car. They no longer have to guess which bank you use, there­by mak­ing the whole process of defraud­ing you much more expedient—a real win for scam artist pro­duc­tiv­i­ty. Employ­ment and tax fraud as well as medical/health care fraud also are real con­cerns after the breach.

The best course of action giv­en all these vari­ables is to change the way you think about your vul­ner­a­bil­i­ty and prac­tice the Three Ms, which I dis­cuss in my book, Swiped: How to Pro­tect Your­self in a World Full of Scam­mers, Phish­ers and Iden­ti­ty Thieves.

  1. Min­i­mize your expo­sure. Don’t click on sus­pi­cious or unfa­mil­iar links; don’t authen­ti­cate your­self to any­one unless you are in con­trol of the inter­ac­tion; don’t over-share on social media; be a good stew­ard of your pass­words; when­ev­er offered, opt for two-fac­tor authen­ti­ca­tion; safe­guard any doc­u­ments that can be used to hijack your iden­ti­ty; and freeze your credit.
  2. Mon­i­tor your accounts. Check your cred­it reports reli­gious­ly; keep track of your cred­it scores; review major finan­cial accounts dai­ly if pos­si­ble (bet­ter yet, sign up for free trans­ac­tion alerts from finan­cial ser­vices insti­tu­tions and cred­it card com­pa­nies); read the Expla­na­tion of Ben­e­fits state­ments you receive from your health insur­er; and seri­ous­ly con­sid­er pur­chas­ing a sophis­ti­cat­ed cred­it- and iden­ti­ty-mon­i­tor­ing program.
  3. Man­age the dam­age. Make sure you get on top of any incur­sion into your iden­ti­ty quick­ly and enroll in a pro­gram where pro­fes­sion­als help you nav­i­gate and resolve iden­ti­ty compromises—oftentimes avail­able for free, or at min­i­mal cost, through insur­ance com­pa­nies, finan­cial ser­vices insti­tu­tions, and employers.

The Three Ms are not a solu­tion to the threat of scams in the wake of the Equifax hack, but they are a lifestyle change that can help fend off the inevitable attempts to exploit your iden­ti­ty for ill-got­ten gain.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?