The last week has been dominated by the headline of the Equifax Data Breach. If you've been living a social-media free life (good for you), you might not have heard that the personal information of 143 million people were stolen from Equifax - including names, addresses, and SSNs.
The ironic part of this story is that Equifax is a credit reporting agency - the "keeper" of your credit report and score - the basic information they lost to hackers.
When these events happen (data breaches), the media, and in turn the public, seem to lose their minds about everything from their finances to their personal information, to even their basic banking accounts. Suddenly, everybody is talking about it like this event somehow wiped away everyone's savings accounts or something major.
What's even scarier is the sad realization that most people don't realize how much of their information is already out there - and how much of it has been lost, stolen, misplaced, misused, etc.
In the last several years, I've had:
The truth is, for 99.99% of Americans, you identity has already been stolen. Let's dive in to what is really happening out there and some simple steps that you can take to be a little proactive about your personal information.
Data Breaches Are Sadly Too Common
I don't know if you've seen the news in the last few years, but data breaches are extremely common - and these are just the ones we hear about because they involve a lot of data or big, well known companies.
The Privacy Rights Clearinghouse has been tracking data breaches since 2005, and it has recorded 7,674 breaches that have been made public, involving a whopping 1,070,186,516 records. That's over a billion records. Given there's only about 360 million Americans, it's a safe guess that your information is already out there.
Some of the most well-publicized breaches (although long forgotten in today's media cycle) include:
The list of hacks and personal information releases goes on and on. If you look at the Privacy Rights Clearinghouse website, you'll also sadly see that many breaches don't even know the extent of the information that was taken.
Finally, consider that this is just the "major" breaches. How many small businesses do you think mishandle or misplace your information? You give your name, address, and SSN to your dentist to file your insurance claim - are they handling your information correctly and securing it?
What about your employer? Your doctor? Your landlord? The guy you paid at the farmers market?
Also, what about every single person you've ever written a check to? They have your bank account and routing numbers, as well as your name and address!
And it's not just your credit card number - it's also your name, address, phone number, Social Security number, health records, tax records, employment records, and more! It's all out there! This is just the world we live in today.
All Your Personal Information Is Already Out There
Have you ever looked around to see how much personal information is already available "out there" about you? It's pretty scary, but you should know so that you can arm yourself.
First, do a simple test and Google your name - what comes up? Now, what if you add your city to your name - so FIRST NAME LAST NAME CITY. What comes up? Are you shocked by the results?
Next, check out the site Pipl.com. Enter your name, email, or phone number. Do you see you address? Do you see your past addresses? Maybe you even see a picture of yourself?
Finally, now that you have an address - you can start seeing things that are public record in your county or state. Maybe you want to know your neighbor's tax bill or small business information? Any recorded documents at your county clerk? That's searchable online.
Oh, and do you think your SSN is safe? It's not. Beyond the hacks, there are some common ways to find Social Security numbers. Prior to 2011, SSN had a common format, based on the location and year of birth. You could then use the SSN Validator for free online each day and see if you got a valid SSN. Scary!
So, you can simply find all this online? What "private" information do companies have about you? Let me show you:
The Equifax breach made headlines because it was a credit reporting agency. Your credit report shows your history of borrowing, what you paid back, were you on time with it, and more. It's a useful document for your finances, and many companies use your credit report to make decisions about your responsibility.
There are three main credit bureaus: Experian, Transunion, and Equifax. If you want to get a free copy of your credit report, you can do so once a year by going to AnnualCreditReport.com.
I strongly recommend you do this annually and ensure that all the information is correct.
Beyond credit, there are also companies that maintain records about your bank accounts - where you've banked, your credit writing history, and more. The goal here was originally to stop fraudulent check writers from continuing to take advantage of banks, but with less people using checks, this has now become an identity service similar to your credit report.
ChexSystems is the largest company that maintains these types of records, and you can get a copy of your information from them here.
Have you ever gone onto a website and it asked you really weird questions - like have you ever lived at one of the following addresses, or do you have a relative with the following name? This information is gathered by a service called LexisNexis. That have all kinds of information, from your addresses, to insurance claims, to work history, and more.
You can get a copy of your LexisNexis Personal Report here.
How Vulnerable Are You Really?
After reading through how much information is already out there, you might be feeling a bit scared and vulnerable. But it's important to realize that all this information has been out there for years, and nothing has happened. And the odds of something happening are still extremely low.
Look, there are really only two ways that you're going to get your information compromised:
- Someone is intentionally stealing your identity: This is the most common way you'll be compromised, and it can be the hardest to prevent if someone is really trying hard to steal your identity. But you're not a celebrity, so the actual odds of this happening are extremely low - I put it at 1%. This also includes cases of your home being burglarized or purse being stolen. It can happen, but the odds are rare.
- A bot is using hacked information randomly: A more common scenario is that there are hackers and bots that are simply using the data that's already been hacked, and trying to do something with it. The run through credit card numbers and SSNs simply hoping for a match on a random website to get a sale, and move on once it's shut down.
If someone has actually gone to the extent of stealing your identity, you have bigger issues that a simple Equifax hack (or other hack). You need to file a police report, and take action. But this is no different than being the victim of countless other crimes.
If you're information is simply leaked, the bigger threats are bots and hackers, and there are smart ways to protect yourself and remain vigilant. It's also important to note that with credit cards, you have NO LIABILITY for fraudulent charges. If your card is stolen and used, the card issuer pays the bill, not you. So don't panic about potentially being wiped out as a result of hackers.
The Best Ways To Protect Yourself & Your Credit
Look, a lot of places are telling consumers "call all the credit bureaus and freeze your credit immediately". But for most people, that's simply not practical. Most of us use our credit reports pretty regularly (and most don't realize it). Furthermore, it typically costs money to freeze your credit (although some companies are waiving that fee temporarily), and it's just a waste of money. There are better ways to avoid getting your identity stolen.
There's really only 4 things that you need to do to protect yourself, your credit, and your identity:
- Monitor And Organize All Your Financial Transactions: The first thing you need to do is get organized and monitor all your accounts. If you have ever bank account and credit card synced into one system that you can monitor easily, it makes seeing potential fraudulent transactions easy. We recommend Personal Capital (it's free), but there's also Mint.com, YNAB, and more.
- Monitor Your Credit: You should also be consistently monitoring your credit for any unusual activity. While monitoring your known accounts is good, if you don't watch your credit, you can't know if someone opened a new credit card in your name. We recommend Credit Karma, another free tool that updates weekly based on your credit report.
- Pull Your Credit Report And Other Data Annually: We already listed the resources above, but pull your credit report and other personal data reports at least annually. For your credit report, you might consider pulling one from each of the three bureaus every 4 months.
- Change Your Passwords And Enable 2-Factor Authentication: Ensure that you change all your passwords, don't use the same passwords on your bank accounts that you use on social media, and enable two-factor authentication everywhere possible (email, social media, banking, etc). Two-factor authentication is where you get a text message to enter a code. This means that someone would not only have to steal your information, but they would also have to physically have your phone as well. If you get a text and you're not trying to login, you know somethings up and can take action. It's annoying to setup sometimes, but it's worth it from a security standpoint.
The thought of getting your identity stolen is a bit scary. But the odds of it actually impacting your life is very rare.
Yes, your credit card might be used in some foreign country - oh well, you get a new card. Yes, someone opened a credit card in your name. More of a hassle, but you file a report, contact the card issuer and credit bureau, and get it taken care of.
The bottom line is that it's not the end of the world. There's already so much information about you out there, the only thing you can do is take the preventative steps above and monitor your information.