In light of the Equifax breach, you’ve probably heard a lot more about credit freezes and you might think enacting one at all the credit bureaus will keep you safe from identity thieves.
Not so much.
As cybersecurity reporter Brian Krebs points out, at least at Experian, it’s not hard to undo a credit freeze. You only need the PIN to do it, and anyone can request a forgotten PIN on the Experian site. You just need someone’s name, address, date of birth and Social Security number.
Sound familiar? Yep, all that information was just jeopardized in the Equifax breach and the many others that came before.
After you enter that info, you have to answer a series of knowledge-based questions, around topics like where you’ve lived previously, etc. The answers to some of these questions are easily found online at websites that claim to be genealogy aids (check out our story for detailed instructions on how to remove your info from one such site).
Once you answer the questions, Experian will send the PIN to ANY EMAIL ADDRESS.
As Krebs advocates, the PIN should instead be sent via snail mail to the address on the credit record.
“This is yet another example of how someone or some entity other than the credit bureaus needs to be in put in charge of rethinking and rebuilding the process by which consumers apply for and manage credit freezes,” Krebs writes.
As we detailed in a previous post, the Equifax site which people can use to set up alerts has at least one vulnerability that allows a hacker to trick users into turning over sensitive data, as the ZDNet.com story titled “Equifax’s credit monitoring site is also vulnerable to hacking” points out.
The problem is that the site, which is used to request a 90-day fraud or active duty alert, is easily spoofed.
Which, coincidentally, is exactly what happened to the website Equifax set up to deal with the breach. Even more alarming, for weeks, Equifax company representatives fell for it and even directed worried consumers to the spoof site.
Credit Freeze Limitations
While a Credit Freeze might be a good line of defense, it’s important to note the limitations to a Credit Freeze. While it does help prevent some new accounts requiring a credit check from being opened — not all new accounts require a credit check — it doesn’t safeguard the accounts you already have open. Plus, it won’t prevent all types of identity theft
That’s worth repeating: There are many forms of identity theft that won’t even show up on your credit report, including criminal identity theft, Social Security identity theft, employment identity theft, tax identity theft and medical identity theft. Again, a credit freeze is only one defense against identity theft.
What Can You Do?
To recap, there’s a common misperception that a credit freeze will completely prevent identity theft, which isn’t the case. Did you know the average identity theft victim spends 200+ hours trying to repair the damage?
So what in the world can you do to protect yourself? It’s simple — sign up for LibertyID. We are an identity restoration company. There’s no limit to the time or money we will spend restoring your identity to pre-event status. If you’re a LibertyID member and your identity is stolen, we will fix it.
A certified restoration specialist will handle all of the legwork (like submitting disputes to lending institutions, utility companies, cell phone carriers, etc. and researching and documenting erroneous info on your credit file and having it removed). They will keep you informed with regular status updates.
The bottom line is there’s really no better time than the present to become a LibertyID member. LibertyID provides expert, full service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.
*Extended families – primary individual, their spouse/partner, both sets of parents (including those that have been deceased for up to a year), and all children under the age of 25
Are you covered for identity theft?