I hope you’re well today. This is the final week before extended returns are due (Monday, October 16th is the due date this year), so we are working hard with those clients who placed an extension on their filing to make sure that everything is set up and filed properly.
So, it’s a busy week for us in our Louisville offices this week, and I’d ask for your understanding about that for your communication with us.
But just because it’s busy, doesn’t mean that I wouldn’t take the time to communicate with you, and this week I’m addressing the big Equifax data breach, and what you should know about it, and what you should do. I’ve received some questions about it over the past couple weeks, but based on my research, it’s a messy situation overall, and rock-solid answers to certain questions seem hard to come by.
That said, I have some advice and rock-solid answers to some questions, and a few thoughts on the ones for which information seems unclear.
Here we go…
A Credit Freeze How-To, and Why Kevin Roberts Recommends It Now
“The best way to convince a fool that he is wrong is to let him have his own way.” – Josh Billings
It’s been about one month since the massive “data breach” at Equifax, which affected about 145 million Americans (more than half the country), led to the firing of their CEO, and has caused a great deal of stress to millions of people — including most of us here in Louisville. And, well, if you’ve done any research on the matter, you’ve also no doubt seen conflicting advice and a fair amount of nonsense.
First of all, it’s still unclear whether the data on the Equifax site EquifaxSecurity2017.com is actually accurate. In other words, you might get a “false positive” and you might get a “false negative” when you submit your information there. There have been multiple reports I have seen in which people submit the same information multiple times and receive varying information. No doubt that their systems were slammed after all of the press coverage, but the fact remains that the site still apparently remains unreliable.
So, it’s a good idea to just assume that your information was part of the breach, even if you have checked and think that it wasn’t.
So what should you do? I’ll keep this simple because there’s just so much noise out there about this topic: First of all, request a credit freeze at all three credit bureaus (Equifax, Experian, Transunion).
Here are the online links to do so:
Don’t trust the online process? Here are the phone numbers for it:
Why a credit freeze, and what does this do?
A “credit freeze” essentially locks your credit from being issued to any other person (including yourself). It seems like overkill, but consider it to be like “locking the doors to your financial house”. (In this way, it is far superior to programs like “LifeLock”, which can be understood as a “delayed alarm” system for your credit.)
“Unfreezing” your credit, while it does take a bit of doing, is not burdensome. It takes about 20 minutes to freeze your credit at all three agencies, and as long as you keep the PIN from that process, temporarily unfreezing them as needed is almost instant.
The only time you really need your credit to be active is when you are applying for a new credit card, applying for a loan or mortgage, or switching cell phone carriers (where monthly credit is extended). As long as you are not doing these things several times per year, the hassle is minimal.
Here are a couple things you do NOT need to do:
- Check your credit score. All this really does is verify your “credit worthiness” and doesn’t help you determine if you’ve been affected or if your credit is being used by a third party.
- Subscribe to a paid credit monitoring service. All that you need is provided for free, especially if you freeze your credit.
- PANIC. We are in your corner, no matter what comes.
I do recommend you ensure you are prepared to submit your tax returns as early as possible in 2018. That may sound self-serving coming from me, but the reason security experts agree on this step is so you can close the window for scammers to file in your name, with information they may have obtained from the breach. Obviously, some of my clients have complicated situations that mean waiting on K-1’s, 1099’s, etc. However, it’s a very good idea to not dawdle in the process, and this is ESPECIALLY true if you will be expecting a refund.
Certain people can get a personalized PIN for their taxes, which is another safeguard against fraudulent tax returns in your name. Here is a link to more information about it, but it’s currently only available by IRS invitation, or if you have an address in Florida, Georgia, or the District of Columbia: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin
I do hope all of this helps. I am not a dedicated expert on these matters, but I have seen enough nonsense to be able to cut through the garbage a little bit for you.
(Here is another great place to find answers if I haven’t addressed everything you are concerned about — the New York Times’ continually-updated FAQ about the Equifax breach:
I’m grateful for the opportunity to serve you, and for your referrals – and we’ll be in touch again next week, after the extension deadline!
We’re just a phone call (or email) away: (502) 426-0000 (firstname.lastname@example.org)
Roberts CPA Group