Equifax and Personal Data Security
Our Comment by J. David Lewis – Equifax reported a security breach that occurred several months ago. It set off shock and concern. We, like virtually everyone, have seen many news items that repeat the same advice – check your credit reports, consider placing a credit freeze on your files, monitor your existing credit cards and bank account, consider a fraud alert and file your taxes early. I have seen these discussed so many ways, I don’t see reason to repeat the details. See them here. Let’s put Personal Data Security into broader context.
Despite this being the largest data breach in history, it is one breach. There have been several recently. It is reasonable to assume someone troublesome probably has much of our personal data already. There is an Equifax website purporting to tell you whether your data was, may have been or probably was not breached – click here. We have a client phone call note that reads:
“He asked if I had used the website, or read the reviews, or looked at the small print at the bottom. His experience was that, after putting in everyone’s information the first time and recording the responses, he decided to try again, just to make sure. The second time he put everyone’s info in, he received different answers.”
This is not comforting. The facts are, you cannot know whether your data was breached this time or years ago – maybe several times. Experts think this data will probably not be used for months or years. We will forget this breach, because there will be another – possibly bigger. To believe you have the ability to know whether your data is secure creates more risks than assuming it has been breached. YOU have to watch for misuses, whether or not there was a recent breach.
Wow! Am I pessimistic or what?
A discipline of good personal data hygiene seems the most viable protection. These risks cannot be eliminated, only rendered less likely to disrupt our lives. Therefore, the advice above is not just for this event. It should be an ongoing part of our lives:
- Check your credit reports – I have a phone app (Days Since Tasks) that gives a reminder to check a credit bureau report every four months. For example, my most recent was Equifax. It took about 30 minutes to download and review the report. When I clicked the reminder complete, it was moved forward a year, for another free Equifax report.
- Consider placing a credit freeze on your files – I have not personally done this, but am considering it. My credit reports list organizations that got reports. Some seem odd and may contribute to my junk mail. Emily Watts, in our office, can discuss her interesting previous work experience, approving loans when she encountered these freezes.
- Monitor your existing credit cards and bank account – Virtually all client investment accounts we monitor are reviewed every day, for transactions inconsistent with our expectations. Similar reviews have been a part of my routine since Resource Advisory Services was small. I had to watch every penny. Most mornings, I download transactions from two bank accounts and three credit cards for household accounting software. Then I check the bank accounts and Resource Advisory Services credit cards online for pending transactions. This usually takes from 10 to 20 minutes. If I have bills to pay, it may take a little longer.
- Consider a fraud alert – From what I see, this has a good chance of giving a false sense of security. Basically, it is putting a note in your file that says “be careful about my data.” I have put notes in my credit reports, calling attention to names I have never used. When I saw the notes in later reports, they were obscure. I cannot imagine anyone noticing. Finally, the erroneous names disappeared. Maybe something positive happened.
- File your taxes early – I wish I could. I usually don’t have the information to file early. If you can, filing early is definitely good personal data hygiene. I personally know several cases where false returns were filed for refunds. Clearing those up is frustrating.
We can be disappointed in Equifax, Target, BlueCross BlueShield and whoever else has a future large or small data breach. I have been to enough cybersecurity continuing education classes to be convinced none of these are carelessness. They suffer tremendously, like we all do. Your protection is not something you can offload to anyone. There may be potential regulations that could help some, like the one that gets us free annual credit reports. I don’t see an appetite for new regulation in our government these days.
It is up to you to develop a discipline of good personal data hygiene that gives you as much peace of mind as you can achieve, understanding that you will never have complete foolproof security. We live in a dangerous world. Consider which is more useful – time in social media or good personal data hygiene – while you sit waiting for the next explosion.
Contact David Lewis with DLewis@ResourceAdv.com. He is a passionate advocate for fiduciary, fee-only financial planning and has been associated with financial services since childhood in a banking family. He founded Resource Advisory Services in 1985. National Association of Personal Financial Advisors (NAPFA) was formed only a few years before. Lewis became a NAPFA-Registered Financial Advisor in 1986. He served on its national Board of Directors from 2013 to 2016, has been its Treasurer and is currently on its Audit Committee.