Protecting Yourself from the Equifax Hack | James River Advisors

Protecting Yourself from the Equifax Hack 

It’s beginning to sound like a broken record – as you’re scrolling through your Twitter timeline or Facebook newsfeed, you learn there’s been another hacking incident, and millions of people are at risk of identity theft. Sometimes 1 million customers are affected, other times 10 million. Usually, the blame rests with a company with which you’ve chosen to do business: Target, Anthem, Home Depot, Yahoo, and JP Morgan Chase, to name a few.

The Equifax hack, however, is a different animal for a variety of reasons. First, the number of people who are now at risk of identity theft is astonishing, currently estimated to be 143 million adults in the United States alone. Second, nobody “chooses” to be a customer of Equifax. Equifax is one of the three major credit reporting agencies, which means that your personal information is provided to Equifax by companies with whom you conduct business. This information is often shared without your knowledge or consent, and you have no power to opt-out of this data sharing arrangement. Many potential victims may not even be aware Equifax has their personal information in the first place. Unfortunately, Equifax probably knows a great deal about you, even if you’ve never heard of Equifax.

There are plenty of other resources you can use to research what happened in the case of Equifax, if you’re interested. Our job isn’t necessarily to report the details, but rather to educate you on the steps you can take to protect yourself now that the data breach has occurred. See below for a list of options you should consider:

Obtain Credit Reports

A credit report will contain details about nearly all credit cards, mortgages, lines of credit, or other loans associated with your social security number. The three major agencies, TransUnion, Experian, and Equifax, are all required to provide a free credit report to each “customer” once per year. Additional requests will incur additional costs.

However, I would instead suggest using a service like Credit Karma is a free service which allows you to login 24 hours a day, 7 days a week, and access the most up to date information contained in your credit reports through TransUnion and Equifax. Review the details of your credit report closely, and investigate further if you see anything you do not recognize. The advantage of using Credit Karma is that you can do this on a regular basis, which greatly improves your chances of identifying identity theft in its early stages. You can still check your Experian credit report for free once per year to confirm the information matches the other two agencies.

Request a Fraud Alert

Contact one of the three major credit bureaus and request that they place a fraud alert on your credit file. Whichever reporting agency you contact is required to notify the other two agencies to place a fraud alert on your credit file.

A fraud alert notifies all potential creditors or lenders who check your credit report that they need to take additional measures to verify your identity before giving you a loan. If a criminal applies for a fraudulent loan using your information, the fraud alert will serve as an extra layer of security, reducing (although not completely eliminating) the likelihood of the fraudulent loan being approved. There are three types of fraud alerts:

  • 90 days
  • 1 year (for active duty military)
  • 7 years

For most people, the 7-year option is probably best. Just because no one attempts to fraudulently use your personal information in the first 90 days does not mean you’re in the clear. Seven years provides better protection, and both options are free. You can remove the fraud alert at any time upon written request, so it makes sense to take advantage of the extra protection provided by the 7-year option.

You can request a fraud alert online or over the phone:

  • Experian: Online or 1-888-397-3742
  • TransUnion: Online or 1-800-680-7289
  • Equifax: Online or 1-888-766-0008

Freeze Your Credit File

If you prefer to be extra cautious, or if you believe you are already a victim of identity theft, there is a “nuclear option.” You can request that the credit reporting agencies place a credit freeze on your file, which means that applications for new credit using your social security number will be denied. This option is not free, although it is fairly inexpensive in most cases (usually $10 or less). Unlike fraud alerts, if you decide to freeze your credit, it is critical that you contact each of the three credit reporting agencies separately. Remember, if you plan to apply for a car loan, credit card, mortgage, or other new credit, you will need to unfreeze your credit file prior to applying.

While this protects you from criminals opening new accounts using your personal information, it is important to note that it does not protect your existing accounts from being compromised. For example, if the data breach exposed your credit card information, a criminal could still max out your credit card limit with fraudulent charges. The important lesson here is that, even with a credit freeze in place, it is still important that you monitor all existing accounts closely, and report any suspicious activity immediately.

Change Your Passwords

Everyone gets tired of hearing this one, but it is important to change your passwords after a data breach. The problem is, you have no way of being certain exactly what information was exposed, and it’s always possible your passwords are compromised. Standard password rules apply:

  • Don’t use passwords that can be guessed easily – names, birthdays, children’s names
  • Don’t use passwords such as “password” “111111” “abcd1234”
  • Enable two-factor authentication, if available
  • Don’t use the same password for multiple websites

If you can’t play by the above rules, I suggest you consider a password manager. Password managers can store extremely strong passwords for you using a single “master password.” In other words, you can use different passwords for every single website you visit, and each of the passwords can be so complex you’d never be able to remember them on your own, yet you only need to remember a single password on your own. For example, you enter your master password, and the app will know the password for your online banking login is M$462kF*901~9F8JbMQi<9F (I doubt many hackers will be guessing that password anytime soon).

For Mac users, 1Password is a very popular option. For Windows users, LastPass is probably better, because 1Password was originally designed for Mac only.  Other options include DashLane, KeePass, TrueKey, and Keeper. Compare the cost and features of each, and select the option that best suits you. As a personal preference, I prefer the options that allow you to store your passwords on your own network, rather than in the cloud.


There are other potential steps you can take to protect yourself from the Equifax data breach, but these are the actions we believe are most important. We encourage you to take additional steps if you are especially concerned, or if you spot any suspicious activity which leads you to believe someone is attempting to fraudulently use your information. However, information is only helpful if the plan is actionable, and most people simply won’t follow a “12 Step Guide.” If you can diligently follow the steps listed above, it will go a long way toward protecting you from identity theft, or at least detecting the fraud in it’s early stages.

We invite you to follow us on social media: Facebook_325x325.png  Twitter-192x192.png LinkedIn.pngor contact us via e-mail. 

We always welcome feedback from our readers. Unfortunately, due to current regulations specific to our industry, we are required to disable public comment functionality. However, if you would like to comment on a particular article, suggest a guide that could help people like you, or request an update regarding any specific topic, please contact us here.

If you are publicly quoting from our content, please notify us and provide proper source citation. If you are reusing any of our content for your own commercial/marketing purposes, please contact us to request permission.

James River Advisors is a registered investment adviser in the State of Virginia.  The content on our site is for informational purposes only and should not be considered an offer or recommendation to buy or sell any specific investment or investment strategy.