As you have likely heard, Equifax recently reported a massive data breach potentially impacting about 143 million U.S. Consumers. If you are not familiar with Equifax, it’s one of the three credit reporting agencies, with a role of tracking and rating the financial history of U.S. consumers (i.e. they report your credit score).

CNN provided this article on the issue while Equifax has created a site specific to this breach with additional information. We won’t talk about the fact that although the hack was discovered back on July 29th, it took the company more than a month to come go public with the news (that’s for another day).

The below quote is from the Equifax site and provides some information on what type of data was stolen:

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Below are some questions and answers for you:

How do I know if I was affected by the breach?

You can find out whether your information was breached at this site that Equifax created.

Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so ensure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

Equifax has offered a year of free credit file monitoring and identity theft protection with TrustedID Premier, an Equifax product. At first, the terms and conditions included language that indicated anyone who enrolled would give up their right to sue the company, but the company clarified late Friday that the arbitration clause wouldn’t apply to the data breach.

You may choose to enroll in this service to start, however you have other options available and in general it is recommended that you take steps beyond opting in for just one year of service because this information can be used by criminals for years into the future (not just the next 12 months).

What can I do to protect myself?

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freezeon your files. Freezing your credit report makes it harder for thieves to open new lines of credit in your name. It may occasionally inconvenience you though when you are opening a new credit card, buying or leasing a car, or applying or refinancing a mortgage. Really, anytime you need to access your credit score. However, most of us don’t establish new lines of credit all that often and a few phone calls (to unlock your credit reports) prior to that process is likely well worth the added protection.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early. File as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
  • Sign up for credit monitoring . There are free services like Credit Karma, which offers credit monitoring for free so you will receive notifications when someone pulls your credit report and there are paid for third-party services like LifeLock, that tend to track more sources to spot and alert you of suspicious activity (while also bundling in assistance to help victims handle credit problems).
  • Create complex passwords that identity thieves cannot guess easily. Change your passwords if a company that you do business with has a breach of its databases.

With regard to using complex passwords, I recommend a password manager, such as LastPass. These make using very challenging passwords much, much easier. In addition, you can also add a two-factor authentication component that will require your password and a random, frequently changing code to access sites. You can find more information about two-factor authentication here.

As I’ve always said, your credit score is your financial report card (except there’s no getting rid of it after college). This isn’t something to be taken lightly and if you’re the type that hasn’t checked your score or report in quite some time – NOW is the time to take action to protect yourself (your future self will thank you for it).

Feel free to share this with anyone you may think find it useful.