Credit bureaus keep getting hacked. Protect yourself with 4 steps
TransUnion, one of the major credit bureaus in the U.S., reported a hack at the tail end of August—personal details of 4.4 million individuals stolen. The cause of this breach? Salesforce, the same third-party vendor also at the root of other recent high-profile leaks at Google, Quantas, Adidas, and other well-known companies.
According to BleepingComputer, stolen info included social security numbers, birthdates, names, billing addresses, phone numbers, and email addresses. TransUnion says no credit data (including reports) was revealed.
Like other data breaches, this news is a reminder to stay vigilant. Bad actors can craft more convincing phishing attacks with this information, for example. You should also maintain good password habits. But doing so is a lot easier if you have other defenses in place, and now’s a good time to check if you’ve set them up.
Credit bureau breaches have been happening for years—the massive 2017 Equifax leak was just one incident. Your best bet for protecting yourself is to stack up as many available protections as possible.
Table of Contents
1. Freeze your credit report
Dylan Gillis
After the 2017 Equifax breach, locking your credit report became free across the U.S. Placing a freeze on your profile keeps scammers from opening credit cards, loans, and other lines of credit in your name.
To be thorough, you must set up a security freeze with each credit bureau. The three major ones are Experian, Equifax, and TransUnion. I also recommend freezing your report with Innovis, a smaller fourth credit bureau.
Once a credit freeze is in place, only you and existing creditors can access your credit reports. You can temporarily lift the freeze through the Equifax, Experian, and TransUnion websites or through their phone lines. You may need the PIN issued to you in order to request the temporary lift.
2. Check your credit report
PCWorld
While you’re freezing your credit profile, you should look over your report for any suspicious activity. You can check through the official website (AnnualCreditReport.com) or request a paper copy through the phone or by mail once per year. Your banking app may also offer free looks at your credit report.
If you see any inaccuracies, you can dispute them—and if you spot signs of identity theft, you can report them and begin remediation.
3. Request an IRS identity protection PIN
PCWorld
To combat tax return fraud, the Internal Revenue Service (IRS) now lets you block others from fraudulently filing in your name. Requesting an identity protection PIN (IP PIN) means any return will have to include that six-digit code to be processed. You can obtain an IP PIN even if you’re not required to send in a return.
IP PINs refresh every year, so once enrolled in the program, you will need to obtain the new PIN annually. (The IRS says new PINs become available in mid-January.)
If you’ve set up an online IRS account, you can simply login to see the info—you won’t need to reapply for a PIN. Your identity protection PIN remains viewable on the IRS website through mid-November.
If you cannot establish an online account, you must get your IP PIN through an alternative methods (mail-in form or in-person appointment). However, income restrictions for the mail-in form option may apply.
4. Freeze your banking report
PCWorld
Similar to your credit report, banks keep a file about your banking activity, too. If you show a history of overdrafted accounts and unpaid fees, banks can decline your business—so you don’t want a fraudster running your good name into the ground.
The main company used by banks for reports is ChexSystems, which allows you to freeze access to your report. Once you put the freeze in place, only you and institutions you already bank with can access your report. If you need to temporarily lift the freeze (like to open a new bank account), you can do so online. You’ll need the PIN you were sent when the freeze first was placed.
