Skip to main content

This is the fifth article in our 10-part series for National Cybersecurity Awareness Month. Look for new cybersecurity topics explained by Alpine Cyber experts every Tuesday and Thursday in October. 

The Big Breach

The flood of data breaches in recent years makes poor data security seem like the norm. We seem a little desensitized whenever XYZ social media service falls victim to a data breach.

But there was one breach that caught the public’s attention in a major way. We’re talking the big one…the Equifax breach.

Would you believe it’s been over 2 years since they announced that publicly?

People took this one seriously because of the scale and severity. It included 147 million people’s personal information including social security numbers. That’s insane. To put that into perspective – take every person in New York, Los Angeles, Chicago, Houston, and Phoenix. That’s a lot of people, right? Now multiply that by seven.

Is Credit Monitoring Enough?

Equifax did offer up to 10 years of free credit monitoring with 6 of them managed by Equifax’s own monitoring service. It was hardly equitable.

If you are a victim of a breach will credit monitoring be sufficient? No. Trust me – it sounds better than it is. The old adage stands true – TRUST NO ONE.

The free credit monitoring is imperfect and comes in many flavors. This is not an exhaustive comparison of credit monitoring services, but let’s review one case.

I signed up for a credit monitoring service a few years ago following a major retailer data breach. The service provided me with a monthly summary of activities that they deemed ‘suspicious.’ Their criteria for determining ‘suspicious’ activity is rightfully kept private, but it seemed strangely relaxed. In just one month I bought 2 cars and refinanced my mortgage. Not a peep from the monitoring service. The report the following month simply stated ‘no suspicious activity during the previous month of monitoring.’

¯\_(ツ)_/¯

So what happens now? What are your options to prevent this from happening to you again? The simplest option is to freeze your credit.

Putting Your Credit Report on Ice

Freezing your credit or putting a security freeze on your credit restricts access to your credit report, which most companies use to understand your financial stability and determine your financial risk. This freeze protects your identity by limiting the activities you or anyone with your social security number can perform. Examples include opening new credit card accounts, applying for a loan, or refinancing an existing loan or debt. It also affects things you wouldn’t expect like making changes to your cellular phone plan or subscribing to an internet service provider.

Applying this freeze is accomplished individually with each of the 3 credit bureaus.  You can find more information here:

Equifax – equifax.com/personal/credit-report-services
800-685-1111

Experian – experian.com/help
888-397-3742

Transunion – transunion.com/credit-help
888-909-8872

Living with a Frozen Credit Report

It is possible to function in the world with frozen credit. I have been doing it for 2 years now. The biggest issue living with frozen credit is that you have to manually unfreeze your credit when your credit is pulled or checked, and you have to do it selectively with the bureau that is being leveraged.

Another drawback is that it costs a little money or about $10 per freeze in the case of Experian. To me this is a small price to pay for the reassurance that nobody is stealing my identity.

Of course this does still assume that the credit bureaus are protecting the records of freezes just as well as they protect the social security numbers themselves. I’m looking at you Equifax…

Wish we could go off the grid and not engage with the 3 credit bureaus? Unfortunately, they are the only ‘trusted’ financial identity bureaus out there. If you want that changed you can always start by writing your senator.

In the meantime your credit report is yet another piece of sensitive information that you must manage. In a previous post we recommended using a password manager. Most reputable ones also allow you to keep secure notes. I use this feature to store the sensitive pins and codes that you need to unfreeze, and to keep freeze/unfreeze records and related links.

Below you’ll find an example of how to manage the freezing of your credit with a simple log. Don’t worry, I changed the dates and codes for security purposes…

Happy freezing!

 

EQUIFAX – https://www.freeze.equifax.com/Freeze/Security Freeze Placement Confirmation

A Security Freeze has been placed on your Equifax Credit File
on October 12, 2017. In order to (i) permanently remove the
security freeze or (ii) authorize Equifax to release your credit
file for a specific period of time, you must provide us with a 10
digit personal identification number (PIN). Your PIN is 1234567890.
It is for your personal use only and should not be provided to
anyone else, including potential creditors.
Please print and keep this page for your records.

Temp pin: 1234 01/11/19-01/11/19 – Cell Plan Upgraded
Temp pin: 2345 02/12/18-02/26/18 – Credit Card Application

==================================================

TRANSUNION – https://freeze.transunion.com/tab/product/securityfreeze

Click Continue to proceed, or View Receipt to view a copy of your order.
CONFIRMATION

PIN: 1234567

Temp pin: TU123456 01/11/19-01/15/19 – Cell Plan Upgraded
Temp pin: TU234567 02/12/18-02/26/18 – Bank Loan Application
Temp pin: TU345678 03/27/18-04/10/18 – Credit Card Application

==================================================

EXPERIAN – https://www.experian.com/freeze/center.html

Security freeze successfully added
Confirmation
A security freeze has been successfully placed on your credit report.

Your credit card was charged $10.70.

Your personal identification number (PIN) is 1234567890123.

You must submit this number in order to temporarily or permanently remove the security freeze from your credit report. Print this page for your own records.

To permanently remove a security freeze or to temporarily remove a security freeze for a period of time in order to apply for credit or for any transaction that requires that another party access your personal credit report, visit experian.com/freeze or call 1 888 EXPERIAN (1 888 397 3742), then enter your identification information and PIN. You may also submit your request electronically at experian.com/upload or in writing to:
Experian
PO Box 9554
Allen, Texas, 75013.

To view state specific rights that might pertain to you, visit experian.com/consumer/help/report/fcra.html.

Temp pin: 03/27/18-04/10/18 – Credit Card Application
Temp pin: 06/20/19-06/27/19 – ISP Upgrade

 

Happy Cyber Security Awareness Month! If you missed our posts last week we covered phishing attacks and vulnerability management. Follow us on LinkedIn and Twitter for these and more cybersecurity topics each week.

Photo by Kira Schwarz

Steven Pressman

Author Steven Pressman

Steve is the President and CTO of Alpine Cyber, responsible for the strategic direction of the company and its products. He is passionate about bringing enterprise grade security to small and medium sized businesses, and advocates for "doing security the right way", including DevSecOps, managed services, and cloud infrastructure. Read his full bio here.

More posts by Steven Pressman