Identity Theft and the Equifax Data Breach

EquifaxMacFinesse reported on the Equifax data breach back in October 2017. Just this week, the Chicago Tribune wrote this article as an update:

Equifax hack put more info at risk than consumers knew

(This is a brief excerpt from that article) The Equifax data breach exposed more of consumers’ personal information than the company first disclosed last year, according to documents given to lawmakers.

The credit reporting company announced in September that the personal information of 145.5 million consumers had been compromised in a data breach. It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and — in some cases — driver’s license numbers and credit card numbers. It also said some consumers’ credit card numbers were among the information exposed, as well as the personal information from thousands of dispute documents.

However, Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, that a forensic investigation found criminals accessed other information from company records. According to the document, provided to The Associated Press by Sen. Elizabeth Warren’s office, that included tax identification numbers, email addresses and phone numbers. Finer details, such as the expiration dates for credit cards or issuing states for driver’s licenses, were also included in the list.


You can read our original MacFinesse article, The Equifax Data Breach: What Can You Do? for some excellent next-steps to follow.

Given what is now known about the depth and breadth of that breach, below is an excerpt from’s assessment of what to do if you believe you are a victim of identify theft. You may not need this information now, but you could in the future, so bookmark this page for future reference.

Take these 10 steps now if you think you’re a victim of identity theft

1. Take notes

Keep a running list of every call you make related to your identity theft case, including the names of the institutions that you have contacted, when you called, who you spoke with, what was discussed and how the call ended. Be sure to note if there was any resolution or if follow-up will be needed, as well as any case, confirmation or reference numbers that you may need to keep for later.

2. Open an account with Credit Karma or Credit Sesame

It was actually in taking this step that I initially discovered the fraud issue. Both services are free and while Credit Karma, for example, only shows two of your three credit scores, it’s enough information to recognize when something is amiss. Be sure to create your account before taking any additional steps because you won’t be able to once your credit has been frozen.

RELATED: I just found out I was hacked twice, thanks to this free identity monitoring service

3. Request credit reports from all 3 credit bureaus

Everyone is allowed at least one free credit report annually from each of the credit bureaus and this information is going to be valuable in identifying any additional fraudulent activity that may not show up on Credit Karma or Credit Sesame. For example, I discovered an incorrect mailing address that the fraudsters had provided in their attempts to apply for loans and lines of credit. I was also able to trace recent hard inquiries back to banks, credit cards, cell phone companies and others that the fraudsters had tried to open accounts with. You can request the reports directly through the credit bureaus directly or

4. Freeze your credit with all 3 credit bureaus

You can read more on how to do that here. Once completed, you will receive PINs from each bureau, over the phone and/or by mail. Put these PINs in a safe place, as they will be required any time you want to thaw or re-freeze your credit. The cost to freeze or thaw your credit varies by state, but generally runs from free to $10 per credit bureau with each action. This is a small price to pay for financial peace of mind.

5. Contact the institutions where you see fraudulent activity

Whether it’s a credit card, mortgage, bank account, or some other financial action that you didn’t initiate, call each institution to report the fraud and request that these accounts be closed immediately. You don’t want these fraudulent accounts to further affect your credit. The credit bureaus will also check with these institutions when attempting to resolve your fraud issues, and this will help the process move along much faster if they already know about it.

6. Contact all 3 bureaus and issue a fraud alert with each one

Notify each credit bureau of any activity and personal information that you don’t recognize. It’s recommended to do this before the credit reports arrive in order to limit any further damage to your credit. Follow up if you find any additional information or activities on the credit reports that don’t belong to you.

7. File a police report

Call your local police department to file a report. You may be transferred to the fraud prevention department if there is one. Provide any information that you have about the fraudsters — like the fraudulent mailing address in my case — and details of what accounts have been opened, stolen from and even applied for in your name. Follow up if you uncover additional information that may be of value. In my case, I found out that an individual visited two different banks pretending to be me.  Since banks have cameras all over the place, this helped police obtain a visual of at least one of the fraudsters. Get a copy of the police report and keep a copy on your person. If someone wrote back checks in your name you could have a warrant out for your arrest and this is hugely beneficial to have on hand.

8. Call the Social Security Administration’s fraud alert line (800-269-0271) and the Federal Trade Commission, which keeps a database to identify thefts (877-FTC-HELP)

Let them know what has happened to you.

9. Contact your current banks and credit card companies to report fraudulent activity in your name

Whether or not the fraudsters have been able to access your bank accounts or legitimate credit cards, it’s hugely beneficial to let your institutions know that your personal information has been compromised. In many cases, they can add additional layers of security to your accounts to further protect yourself.

10. Follow up

The work, unfortunately, doesn’t end once your credit has been restored, and the constant need for follow-up will likely be life-long. Initially, make sure to follow up with the credit bureaus to ensure that all fraudulent activity has been removed. All three bureaus will send you an amended credit report, at no extra charge, with all updated information. Check these thoroughly to make sure nothing fraudulent remains and that nothing legitimate was removed accidentally. Set up reminders to check your account on Credit Karma or Credit Sesame biweekly or at least once a month to make sure that everything continues to look as it should. Also, pull your free credit reports as frequently as you are allowed to receive them.

Troubleshooting, small business networks,
Macs, iPads, and printers
Device syncing, backups,
passwords and email accounts
OS and app optimization and updates, and
preventive maintenance