Earlier this month, Equifax, a consumer credit reporting agency, announced a cybercrime identity theft event potentially impacting 143 million U.S. consumers. Though the attack was stated to have begun in mid-May, the breach was not observed until July 29th. Since Equifax essentially holds all of your information from every loan you have had to every utility you have applied for, this has been a very concerning issue. 

Since the September 8th announcement, there has been a barrage of misinformation roaming around the internet. Fake sites were even Tweeted out by Equifax stating that they would inform you as to whether your information was part of the hack. Shares of Equifax have fallen, lawsuits have been filed, and confusion has ensued.

The Basics

Your safest bet is to assume you were impacted by the breach. This means that your name, social security number, date of birth, and other personal information could be in the hands of a criminal. While it's possible that you may never be affected, it also may take months or years before someone utilizes your information for nefarious purposes. If I were a criminal, I would probably wait to let this event blow over before carrying out any action.

How could you be affected? Some of the more typical uses for stolen information would be to open up a new line of credit in your name (a credit card, mortgage, or auto loan), use your current credit cards to make a purchase, and more recently to steal your tax refund before you get the chance to file your taxes. 

Action Items

1) Look for fraudulent activity

One of the more common forms of identity theft will still be the unauthorized use of your credit lines to make purchases. Thus, it will be important to go over bank and credit card statements to ensure all charges are correct. Since keeping track of several checking accounts and credit cards can be onerous, we would suggest using a free account aggregator, such as Mint.com, and checking every few days to confirm all transactions.

If you are a client of First National Corporation, you also have access to our Wealth Management System. We like to refer to this as Mint.com on steroids. This is powered by a company called eMoney, a Fidelity owned firm. It contains 256-bit encryption and 2-factor authentication, meaning that after you type in your username and password, a unique 6 digit pin is sent to your cellphone. This further prevents anyone but you from accessing the portal.

The Wealth Management System helps to bring your checking account and multiple credit card transactions into one list, allowing you quickly catch any fraudulent charges. You can set alerts to receive an email for any transaction over a certain dollar amount, or simply log in every few days to check the list. To learn more about the Wealth Management System, click here. To log in to your account, click here. Since this is where your investment accounts will be linked and where your financial plan will reside, you may find this both convenient and prudent.

2a) Sign up for a credit monitoring service

While Equifax has offered their own credit monitoring service, we would not encourage trusting them any further. Instead, use another provider who will email you if they suspect any fraudulent activity, such as opening a new account. CreditKarma.com is a popular, free service that will give you your credit score, credit report, and a monitoring service. If you have AAA, you can also get access to ProtectMyID's monitoring service for free. 

2b) Sign up for an initial fraud alert

A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you. You would ask 1 of the 3 credit reporting companies to put a fraud alert on your credit report. They must tell the other 2 companies. The alert lasts 90 days but you can renew it. 

3) Freeze your credit

This has been a popular recommendation since the Equifax hack. Essentially, freezing your credit prevents anyone from opening new accounts in your name. You would call all three credit bureaus (Equifax, Transunion and Experian) and pay between $3 and $10 to freeze your credit, though Senator Elizabeth Warren is working on a bill that requires those freezes to be free. You would then get a unique pin number to use if you needed to unfreeze your credit for a future event (taking out a mortgage, auto loan, credit card, etc.) It should be noted that while this prevents new accounts from being opened in your name, it would not have any effect on existing lines of credit. You and your credit monitoring service would still be responsible for monitoring your current lines of credit.

4) File your tax return early

One of the rising schemes of recent years have involved criminals using social security numbers to file a tax return and get their hands on your refund. Last year, the IRS claimed that they paid out $239 million in "suspect" refunds. While you should not rush to file early and miss an important tax form, look to organize everything in anticipation of receiving your mid-February tax forms. If you have been a victim of identity theft in the past, you can also apply to the IRS for a unique 6 digit pin to use in place of your social security number. 

If you have moved in the last year, you will also want to ensure that all of your previous employers and financial custodians have your current address on file. This will ensure you receive all relevant tax forms as soon as possible.

Your Accounts With First National Corporation

While rare, we have seen instances where Schwab and Fidelity have flagged accounts where unauthorized access was attempted. However, due to the amount of safeguards placed on these financial accounts, none have been successful. Both custodians require a stringent process to add a bank account and verify that you are the owner of that bank account. Thus, if your email or computer were to be hacked and your credentials stolen, we would not expect your accounts to be impacted.

We ask that if you have a change of address, email, or phone number that you notify us immediately to ensure your requests are handled promptly. Any requests made from an unfamiliar source will be ignored and reported. We thank you for the trust you have placed in us and we will continue to work vigorously to maintain the security of your account.