shopify traffic stats

Stop, Drop, and Freeze

Watching that 3rd rerun of Sports Center? Checking Instagram for the 4th time this hour?

Unless you are doing something urgent, it is probably worth it to set aside an hour or so right now to drastically reduce your chance of losing thousands of dollars and weeks of time. Have you shopped at Target? Home Depot? Or maybe you have health care through an Anthem affiliate? Worse yet, have you started a new line of service at TMobile in the last few years? Actually, do you have a name and have you lived somewhere ever? Those breaches cover a few hundred million people, so chances are some of your credit cards, current or past addresses, birthday, driver's license number, social security number, and more are floating around the internet darkweb somewhere. If they are not already, they will in the near future. Much like the security industry has done, you should transition from believing you can protect your information online to assuming it has already been compromised. While this initially feels debilitating, completing the short checklist compiled below can return some semblance of control and simplify your entire relationship with credit.

Aside from hardening your online presence (stay tuned for a post on this), you should add a 'fraud alert' to your credit file and strongly consider placing a 'freeze' as well. A credit freeze will block anyone from accessing your credit report, preventing most forms of identity theft while also preserving your credit score on failed credit applications. If you like opening lots of credit cards or have immediate plans for a new loan, you can stick with the fraud alerts for now and consider the freeze later.

Here are the TL;DR actions for this post:

  1. Grab your free credit report to make sure everything is still kosher. You can start the process at this government maintained portal. You get 3 free credit reports a year (one from each credit bureau), so go ahead and add this to your calendar to complete every 3 months:
    Add to Calendar 01/01/2016 09:00AM 01/01/2016 11:00AM Europe/Paris Get 1 of your 3 free credit reports this year from the blog post at http://www.lessismoreorless.com/2015/11/17/stop-drop-and-freeze/, get one credit report from Equifax, Experian, or TransUnion today here: https://www.ftc.gov/faq/consumer-protection/get-my-free-credit-report true MM/DD/YYYY 1440 FREQ=DAILY;INTERVAL=90
  2. Make sure to create an online account at the IRS (currently disabled by the IRS for 2015) and Social Security Administration benefits websites before a criminal does so in your name and claims your refund and/or benefits. Note: Do this even if you aren't receiving benefits yet.
  3. If you know your SSN or other core personal information has been included in a data breach, place a fraud alert on your credit file (this link will work for Experian, Equifax, and TransUnion), at Innovis (the lesser known credit bureau), and at ChexSystems (used by banks to check your identity). Even if you are not the victim of a breach, if you like the practical idea of someone calling you to verify a new credit card or loan in your name, go ahead and do this anyway. You can choose to do this independently of a credit freeze. While you are at it, remind yourself do this every 90 days right now:
    Add to Calendar 12/01/2015 09:00AM 12/01/2015 11:00AM Europe/Paris Refresh Your Fraud Alert for your credit file from the blog post at http://www.lessismoreorless.com/2015/11/17/stop-drop-and-freeze/, renew your fraud alert at Equifax, Innovis, and ChexSytems: https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp, https://www.innovis.com/fraudActiveDutyAlerts/index, https://www.chexsystems.com/wps/portal/consumerdebit/page/IdentityTheft/securityalert/ true MM/DD/YYYY 1440 FREQ=DAILY;INTERVAL=90
  4. Consider placing a credit freeze at all major credit bureaus (Experian, Equifax, TransUnion), Innovis, and ChexSystems. This will cost around $30 upfront depending on where you live (props to Chex and Innovis for keeping it free), which is worth it compared to identity monitoring services. If you are angry you are charged a fee for protecting your personal information after someone who did not own it gave it away, see the next step. Note: Make sure to use the most up to date mailing address, as you will receive a PIN/password and confirmation in the mail from these organizations once the freeze is applied. Also if you were offered a complimentary identity monitoring service and plan to use it (useful for the insurance, not for the claimed protection) enroll before placing any credit freezes.
  5. Consider signing this whitehouse.gov petition so we can have more sensible security breach response requirements.
  6. If you no longer want to get credit card offers in the mail (another way thieves can open lines of credit in your name) opt-out for 5 years or permanently here: https://www.optoutprescreen.com/
  7. If you are using any standard answers (birthplaces, maiden names, previous addresses, etc) for password recovery security questions, change the answer to something more unique (doesn't matter what it is). Do this at all your government, financial, and health related accounts (move on to your other less valuable accounts as you find more time). Stay tuned for a future post on how to approach security questions used for verification and password recovery. Read through this guide for more information.
  8. Share this post with your friends and family (you should do this for your children or parents) who might also be victims of data breaches. See the links at bottom of page.

All done? Congrats! Well that wasn't too bad was it? You can now return to your regularly scheduled programming of 'Sports Center reruns and chill' or Instagram stalking. If you feel like reading more about the Experian breach and their response however, continue reading part 2 of this blog post here.

UPDATE The U.S. Public Interest Research Group has officially recommended the same 'freeze first' approach described above.