Know the Law: Beyond Equifax – Protect Yourself

Cameron G. Shilling
Director, Litigation Department & Chair of Cybersecurity and Privacy Group
Published: Union Leader
October 2, 2017

Q. What should I do to protect myself in light of breaches like Equifax?

A. Equifax is only the most recent in a string of breaches that compromise the personal information of huge numbers of individuals. While Equifax impacted 143 million Americans, Yahoo’s three breaches revealed personal information from over 1 billion user accounts, and the LinkedIn breach affected 165 million users. Online companies are not the only targets for huge breaches. The Anthem breach compromised the medical care records of 78 million Americans, and 102 million user names, passwords, and other personal data were revealed in the Sony PlayStation breach, and the breach of the federal Office of Personnel Management endangered highly sensitive personal information of 18 million past and current government employees.

The cumulative effect of massive breaches along with generally lackadaisical data security in this country yield a simple truth: our personal information is already compromised. You need not ask yourself questions like, “Will my personal information will be stolen?” or even “When will it be stolen?” Instead, concern yourself with the question, “What can I do now to protect myself?” Here are the most important steps.

1. Monitor your credit report and freeze credit: Obtain your credit report, terminate inactive accounts and then periodically obtain and review an updated report. A free report is available once per year from each of the three major credit bureaus: Experian, Equifax and TransUnion. In addition, implement a freeze with each credit bureau. You will receive a personal identification number (PIN) to use to temporarily unfreeze your credit (e.g., if you apply for a loan) or otherwise adjust the freeze.

2. Monitor financial accounts and report fraud: Monitor your credit card, bank, investment and other financial accounts at least monthly, and immediately report unusual activity. Timely reporting is critical to avoid liability for fraudulent charges and recover stolen money, and doing so avoids further financial loss.

3. Purchase credit monitoring and identity theft insurance: Purchasing reputable, commercially available credit monitoring and identity theft insurance not only ensures that you have a sophisticated security network monitoring the Internet to detect and avoid malicious activity, but also provides you with credit and identity restoration insurance and support services if you are targeted.

4. Secure mobile devices and passwords: Mobile devices (laptops, phones, tablets, hard drives, etc.) must be encrypted. Such technology is readily available and oftentimes already available to be activated on the device. In addition, use of strong passwords that are themselves protected is imperative, which can be accomplished by using a commercially available password manager.

5. Be aware of the hacks de jour and avoid pitfalls: The news is replete with reports about the latest security vulnerabilities, like phishing. Learn how the hacks de jour occur and how to avoid falling victim to them.

Know the Law is a bi-weekly column sponsored by McLane Middleton, Professional Association. We invite your questions of business law. Questions and ideas for future columns should be addressed to: McLane Middleton, 900 Elm St., Manchester, NH 03101 or emailed to Know the Law provides general legal information, not legal advice. We recommend that you consult a lawyer for guidance specific to your particular situation.