We continue to receive questions from clients regarding the impact of the Equifax security breach this summer, whereby key financial information of over 145 million people was stolen.
In this report, we provide our latest thoughts about the breach, what to do about it, and how to better protect yourself from identify theft in general.
THE BREACH: A BIG DEAL, BUT NOT UNIQUE
While the Equifax breach is the largest to our knowledge, it is not the first, nor will it be the last. At this point, you should assume your vital information is already out there. Identity thieves have been hacking private databases for years, gaining access to sensitive personal information like social security numbers, birthdays, and credit card numbers.
Our research over the years has shown that, for most of us, our sensitive data is already available for purchase by fraudsters through the internet black markets. The purpose of this is not to alarm, but to make you aware that this is the world we live in, and it’s important to take steps to protect your identity.
Since the breach, initial reports from banks indicate that they aren’t seeing a meaningful uptick in fraud, but it is still too early to know. Several experts believe that it may take time for thieves to act on the Equifax data, as banking and credit industries are on high alert, and consumers are putting safeguards in place. After a year, if and when vigilance eases, some of the sensitive information will still be available. Fraudsters may have more success over time.
WHAT WE AND OUR PARTNERS ARE DOING TO HELP PROTECT YOUR ACCOUNT(S)
The primary concern of our clients is fraudulent access to their investment assets, and over the years we have implemented measures to help prevent that type of fraud. We won’t offer exact details here publicly, but broadly we have done things like verbal verification on money movement. Most clients agree that such extra steps are worth the effort as an extra layer of defense.
To enumerate some general steps we and our partners are taking:
- CornerCap, along with our custodial partners, has implemented internal measures to help ensure the identity of those clients when requests for withdrawals/gifts/other distributions are made. These measures include multi-step identification protocol and confirmation of destination for those distributions.
- Once our custodial partners are made aware of a potential fraud attempt against a client, loss prevention restrictions will be added to their accounts. Our custodians also offer asset protection guarantee, whereby clients are reimbursed for cash or securities lost due to unauthorized activity through no fault of their own. No enrollment is required in this program, and our preferred custodians provide this protection automatically once the accounts are established.
If you suspect unauthorized activity on any of your investment accounts, please contact your CornerCap Client Service Manager immediately.
WHAT YOU CAN DO (GENERAL GUIDELINES)
Individual behavior is the largest point of failure when dealing with identity theft and other types of financial fraud, and individuals can help deter fraud by implementing some well documented steps. They include:
- NEVER allow remote access to your personal computer, unless you are 100% confident that the person gaining access is legitimate. An example of successful fraud involves receiving a phone call from an Apple or Microsoft representative claiming to have received notice of an issue with the individual’s computer. The fraudsters walk them through a few steps that allows them access and leaving exposed all information on the computer. A time-tested approach: Unless you initiated the communication, avoid allowing access to the computer.
- NEVER disclose personal information (name, address, social security number, etc.) unless you are 100% confident that the person receiving the information is legitimate. As with remote access, avoid giving out personal information if you did not initiate the communication.
- Avoid public WI-FI. Only use WI-FI where a password is required. It is best to use your cell phone data plan if an unsecured public WI-FI is your only option.
- Systematically change all your passwords. Passwords should be saved to a local hard drive or a purchased USB stick – avoid using free promotional USB sticks. Scan your computer and remove all malware. Use automatic updates for your anti-virus and anti-spyware software.
- Use dual authentication when offered. Dual authentication combines a password with a code that is unique for that moment, sent via text or email in real-time. More and more online banking, financial, and insurance websites are providing this option.
- Frequently check your accounts for suspicious behavior. With online access, it has never been easier to quickly check balances and activity, and apps are available that consolidate that information from multiple accounts.
- Frequently check your credit reports/credit score: Apps are also available that provide free access to your credit report and credit score.
For additional information, see our commentary from July 2015, which outlines what we believe people can do to avoid becoming victims of predatory scams: Protecting Yourself from Investment Fraud.
Children are also at risk, and fraudsters can use their identities for years before anyone realizes it. The following article offers great suggestions about protecting your children. Protect Your Child from Identity Theft
WHAT YOU SHOULD DO REGARDING THE EQUIFAX BREACH
As it relates specifically to the Equifax breach, individuals can take steps to protect against identity theft. We recommend using a “credit freeze”, which seals your credit report and should prevent fraudsters from establishing new credit using your personal information. Information is available on line that provides more detail on how to “freeze” and “unfreeze” your credit, but below is brief summary:
- Credit Freeze: Credit reports are sealed, and only available if a Personal Identification Number (PIN) is provided. PINs are provided by the credit reporting agencies (Equifax, Transunion, Experian).
- IMPORTANT: For comprehensive coverage, Credit Freezes must be made with each of the three agencies. We also recommend going one step further and putting a freeze in place at smaller data providers like ChexSystems and Innovis. It’s possible that if fraudsters can’t break through the major bureaus, they may test the smaller ones.
- Credit Thaw: Using their assigned PIN, individuals can “thaw” or “unfreeze” their credit report when applying for credit.
- For those who are reluctant to place a Freeze on their credit report, credit monitoring/fraud alerts are an option. With fraud alerts, the consumer is notified that a request for credit has been made using their identity. They are then contacted to confirm the request.
If you have any questions or need more specific guidance, please contact your CornerCap Client Service Manager.
Technology is a wonderful thing, but with it comes a dark side. It is imperative that we all (companies and individuals) remain vigilant in dealing with fraud and identity theft, and CornerCap remains committed to the safety of our client’s assets and personal information. We will continue our efforts at improving these safeguards as we battle these ever present threats.