How to Protect Your Credit in the Wake of the Equifax Breach

Geoff Williams

For anyone who takes protecting their credit score and identity seriously, the news was probably like getting a punch in the gut.

As you've no doubt heard, Equifax, one of the nation's largest credit bureaus, was hacked -- it is believed that 143 million American consumers' personal information was exposed to online criminals. But while the nation learned about it on Sept. 7, the breach lasted from mid-May through July 29 when Equifax discovered what was happening and put a stop to it. During that time, hackers were able to collect people's names, Social Security numbers, birthdates, addresses and even, for some people, driver's license numbers. They also stole credit card numbers from 209,000 people and dispute documents with personal identifying information from 182,000 people.

[See: 12 Habits to Help You Take Control of Your Credit.]

Some Canadian and British residents' personal information was seized as well. Naturally this all begs the question: How do you protect yourself from these online identity thieves? That's what everyone is still trying to figure out. Nevertheless, you can try the following.

Go to equifaxsecurity2017.com. You have to offer up the last six digits of your social security number and check a box that assures the website you are not a robot. Then, if Equifax thinks that there was a good chance you were one of those 143 million consumers (and, boy, the odds are good; the country's population is 323 million), you'll probably receive a message like this (at least, this is the message this writer received):

Based on the information provided, we believe that your personal information may have been impacted by this incident. Click the button below to continue your enrollment in TrustedID Premier.

Then pay a visit to TrustedID.com. This is an identity theft prevention and credit monitoring company owned by Equifax, and they're offering a year of free service to people who may have been affected by the breach. (As you may have heard, at first, if you signed up with TrustedID Premier in the days after the hacking was revealed, you gave up your legal right to sue Equifax, but after a public outcry, that's no longer the case.) If someone tries to take out an account in your name, or your Social Security number turns up on any suspicious websites for the next year, with any luck, TrustedID will let you know. You'll have to give out your personal information to TrustedID, including your Social Security number, but, hey, at this point, why not?

You'll then possibly receive an email that reads, in part: You will receive an email with a link to finalize your enrollment and activate your product. Please be patient. Due to the high volume of requests, emails may be delayed.

[See: 25 Ways to Fix Your Finances Fast.]

You could ask the credit bureaus to install a credit freeze or fraud alert. So what's that? A credit freeze means that nobody can open up an account in your name, including, um, you.

Yes, you can temporarily unfreeze it, and it may be worth doing if you don't expect to be borrowing money for a long time. Generally, to put a freeze on an account, you have to contact each bureau individually to let them know. Depending on your state, you might have to pay a small fee, perhaps nothing or maybe as much as $10. Equifax has now dropped its credit freeze fees until Nov. 21.

A fraud alert is a little less extreme. You can ask a credit bureau to put a fraud alert on your account, which means that if somebody opens up an account in your name in the next 90 days (you can also request longer versions, one that lasts 12 months and another that lasts 7 years), they'll let you know. It's free, and if you call one credit bureau and make the request, they have to tell the other two bureaus about your fraud alert.

"These should be used with caution, particularly if one intends to apply for credit in the near future," says Charles Lee Mudd Jr., a privacy, internet and identity theft attorney in Chicago. "The freeze and fraud alert may cause more frustration and hurdles should the consumer seek to obtain credit while they exist on the reports."

Mudd says that if you're going to do one or the other, it's probably best to go with the shortest fraud alert.

"You can always renew," he says.

That said, just remember that a credit freeze or a fraud alert won't completely protect you. For instance, someone could file their taxes under your name and collect a refund -- and you wouldn't find out until you did your own taxes. If an online criminal is sick, he or she could pose as you and get free medical treatment.

[See: 10 Simple Ways to Raise Your Credit Score.]

Monitor your accounts. Especially now, everyone should regularly monitor their credit cards and statements for irregularities, Mudd says.

He also says that this might be a good time to change your passwords to your financial institutions.

"Follow recommendations provided by the vendors and use different passwords -- I realize this becomes a pain to do so -- and regularly change them in any case," Mudd says.

You could argue that this would also be time to pay for a monthly credit monitoring service, but again, because monitoring services tell you about problems after the identity theft occurs, this industry still has its critics. But it seems likely that credit monitoring services will flourish in the aftermath of this Equifax attack as consumers rush to sign up for them.