Wednesday, September 20, 2017

Equifax Hack - Update

Last week I posted this blog sharing my thoughts on the Equifax Hack.

Since then many questions have arose.  I hope to address them here.  

Where can I check if I'm affected?
Many are paranoid to trust what's out there.  After the Equifax hack, I don't blame them.  

If you want to do the ‘check’ the site is here: 
(WAIT!  Read below first)

It redirects you to a ‘trustedID Premier’ site.   The whole thing feels wacky – but the process is legit.    Once you enter your last name and last 6 digits SSN, your told your probably are affected.    

Then you fill out a form to enroll.   This enrollment entitles them to advertise to you and share your personal info with other financial institutions.  So I don’t like that.  That’s the price you pay to use a service instead of monitoring it yourself.  

What if I'm NOT affected?
Take the perspective that you have been affected.   
Remember the credit agencies are ‘for profit’ and Equifax is treating this hack in a manner to protect their financial future.  They have sites to ‘check’ if your affected, but there’s all kinds of ‘strings attached’ once you take that approach.   

If you check with Equifax and they say you’re not affected, would you rest at east and move on?  I wouldn’t.  If you find out you are affected, then what?   I suggest to supersede the ‘check if your affected’ approach.  

Go Beyond Checking. 

Get your credit report. is the only government-authorized site where you can request free a copy of your credit report.    I just got mine from Experian.   Review it.   Set an outlook reminder in 90 days, pull from TransUnion.   Repeat with Equifax.  In a year do it again.  

Review and Monitor your financial accounts.

Review and Monitor your medical records and health insurance.   

Freeze your credit.  
I know this sounds nuts, but it’s not. is the Federal site that explains.  Read it through.  Pretty clear.  I put a freeze on mine.   I can lift it when needed, no biggie.  

Here is the federal trade commission site on the facts.

Did I do it?
Yup.  I’ve went through it all.  Do the above 4 steps for you, your spouse, parents, kids, and any next of kin.  This was a game changer, let’s not risk it.  This is going to haunt people for years.  

Happy Clicking!

Nathan DeSutter
IT Consultant

Wednesday, September 13, 2017

Equifax Hack

There’s much discovery still taking place regarding the Equifax hack.   The fact is this is huge.  Most hacks allow criminals to gather partial info on your personal identity, piecing together on the dark web.   Hacking Equifax however is a gold mine.  Your full legal identity details all packaged up nicely for fraudulent use.   Rightfully so you should be concerned. 

Most media outlets are covering this with various advice.  Generally I’ve heard good suggestions.   But be on guard.   Some sites like the credit bureau data breach site and TrustedID and others are including legal arbitration clause baring your ability to bring legal action.   If you have no plans to join the already active law suits, then those sites are helpful. 

What can you do?
The two biggest things you can do is monitor your credit report and make sure you delineate password use.  

Credit Report.
You can do personal credit check for free annually.  With 3 credit agencies, than means a free check every 4 months.  Look for ANYTHING that seems out of place or you don’t recognize.  Identity theft is a pain to say the least and a nightmare for most.  Over the coming months you can be sure personal identity will be sold on the dark web.  

This hack will have lasting risks for pretty much all of us.   Not to over hype this, but it would be better to assume your affected by the hack, and monitor your credit report. 

It’s not a bad idea to freeze your credit - I did.  You need to contact each credit bureau directly.    Also setup a fraud detection / alerting.   The Federal Trade Commission has details for both here:

In our CyberSecurity workshops we provide several real world steps you can take; more than I can practically provide here.  Mainly though, make sure you keep separate passwords for your corporate network, personal email, and financial institutions. 

Other Signs.
Monitor your bank and credit card accounts more closely   Watch for odd transactions.  Take notice of paper or electronic bills that suddenly stop.  Could have been redirected to an attacker.   Even medical records need a look for things that shouldn’t be there. 

Be careful what you click.  Treat every email like a visitor at your home at 2am.  Provide personal info at great care.   Do a double take look at everything above. 

Happy Clicking!

Nathan DeSutter
IT Consultant