By now, nearly everyone has heard about the recent data breach at Equifax – one of the big three consumer credit bureaus – this summer. As a quick recap:
- Between May and July 2017, hackers stole data on 143 million people from Equifax’s servers.
- Information obtained by the hackers included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
- In addition, the hackers took about 209,000 credit card numbers and “personal identifying information” of about 182,000 people.
In response, Equifax is now offering a free one year of its TrustedID credit monitoring service. Having previously worked in the consumer finance world for over 12 years, I wanted to outline some of the pros and cons of enrolling in TrustedID, as well as provide a step-by-step process for doing so.
Full disclosure: I have already enrolled in the free TrustedID service. However, I am not affiliated with Equifax in any way, nor is ConsumerSafety.org, and no compensation was received for this post.
Considerations About Enrolling in Trusted ID
Since knowledge about the data breach became public, there has been a lot of justifiable criticism levied against Equifax – both because of the breach itself and as a result of its response. Let’s face it: Offering a free year of the company’s own credit monitoring service is a pretty cheap way to respond.
Beyond the frugality of the move, some folks have raised legitimate concerns that certainly should be addressed. Among these are:
Equifax can’t be trusted – Obviously, the company has already allowed a massive data breach. Who’s to say that it’s TrustedID service is actually trustworthy?
TrustedID is an Equifax product – While the data breach FAQs for consumers indicate that the service provides “3-Bureau credit monitoring,” some people are concerned that it will miss credit accounts opened by identity thieves from issuers who use the other major credit bureaus (Experian and TransUnion).
Legal rights may be waived – There has been speculation that those who sign up for TrustedID must waive their right to file a class-action lawsuit against Equifax, since the terms of service require arbitration. However, the company has stated in its FAQs about the data breach that it “will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.”
The free service only lasts one year – Embedded in the terms and conditions it says, “Your membership subscription may be subject to automatic renewal.” However, you do not have to provide any payment information up front. The best Equifax can do is pester you with emails begging you to renew after a year, and at that point you can choose either to be removed from their mailing list, or continue your subscription at the going rate.
My personal take on the above concerns is that, while I understand why some people might be worried, I see little downside to enrolling in the complimentary year of TrustedID service. In my opinion, even if the monitoring service isn’t as complete as I’d like, there’s still a better chance of catching an unauthorized credit account or other identity theft event with the service than without it.
Also, I’m not really concerned about the legal issues, since I doubt any court of law would uphold the arbitration clause in this case, especially since the data breach occurred before I signed up for the service and Equifax explicitly stated they would not adhere to it in the public FAQs.
TrustedID Enrollment Process
If you have decided to enroll in TrustedID, below are the steps to do so:
- Visit the dedicated site: EquifaxSecurity2017.com
- Click Enroll from the menu at the top or using the Enroll button at the bottom.
- On the next page, click Begin Enrollment.
- Note that clicking the Begin Enrollment link takes you off the EquifaxSecurity2017.com website and will bring you to the TrustedIDPremier.com website.
At this point, you will come to page titled “Getting Started” that will ask you to enter your last name and the last six digits of your Social Security number. Before doing that, however, it is important to make sure that your information is safe:
- Double check that you are on the Trusted Premier website (you should see trustedidpremier.com in the location bar of your browser).
- Make sure you have a secure web connection by looking for a green “Secure Page” lock in your browser’s address bar (see more information here).
If you are certain everything is safe, go ahead and enter the information requested, complete the CAPTCHA security test, and then submit the form.
From there, you will receive a “Thank You” message that says you may have been affected by the “security incident.” You will have to click on another Enroll button, which then takes you to another form with more personal information to complete.
Once you’ve completed the final form, you should get a confirmation message saying you will receive an email “within a few days” to activate your free subscription to TrustedID. Once you get that email and activate your account, you should be good to go.
Protecting Yourself Going Forward
Unfortunately, there isn’t much that individuals can do in situations like this where big companies have data stolen. The best way to prevent identity theft is to proactively monitor your own accounts and credit reports. Other options exist beyond TrustedID of course. LifeLock offers a range of identity theft plans as well, but they aren’t free like TrustedID.
The Financial Trade Commission has some great information on its page about the data breach. In addition to signing up for TrustID, they recommend:
- Checking your free annual credit reports from Equifax, Experian, and TransUnion
- Placing a credit freeze on your files to prevent others from opening new credit accounts (you will need to lift the freeze if you want to apply yourself).
- Monitoring your current financial accounts (bank accounts, credit cards, loans, etc.) for suspicious activity.
- Place a preventative fraud alert on your files for up to 90 days for free (up to 1 year for active deployed military).
Finally, if you think you are a victim of identity theft, visit IdentityTheft.gov to get more information about what you can do.