Equifax Breach: What Actions to Take

On September 7, 2017, Equifax, one of the three largest U.S. credit bureaus, announced a massive data breach affecting 143 million consumers. As a result, they established a website – www.equifaxsecurity2017.com – to address the issue and keep consumers up to date on the latest news around the breach. Included in the website is a list of actions they have taken, frequently asked questions (FAQs), a link to determine if you may have been affected by the breach, and a link for free credit monitoring for a year from TrustedID.

You can follow these steps to determine if you may be affected:

  1. Go to www.equifaxsecurity2017.com
  2. At the bottom of the page, click “Potential Impact”
  3. Provide your last name and the last six digits of your Social Security number

If you are interested in obtaining one year of free credit monitoring, you’ll be given an enrollment date. At that given time, return to www.equifaxsecurity2017.com and follow the steps to enroll. It is important to note that free credit monitoring is open to everyone even if you do not believe you were affected by the breach.

The best way to protect yourself is to stay informed. Here are a few tips we recommend for protecting yourself:

  1. Check your account statements and history at least monthly to verify transactions. 
  • If you have not been proactive about reviewing your credit reports on a regular basis, now is a great time to start. Each US citizen has access to their free credit report from each of the three largest U.S. credit bureaus – Equifax, Experian and Transunion – once a year through annualcreditreport.com.  You can get all three reports at one time or stagger them throughout the year.
  • Consider a fraud alert or credit freeze on your credit.

If you are aware that your personal information has been compromised, you can place a free fraud alert on your account. This will require a business to notify you if someone tries to open an account in your name. A fraud alert lasts for 90 days, but can be renewed, or if you are a victim of identity theft, you can choose to have an extended fraud alert for seven years.

A credit freeze actually restricts access to your report completely. Fees for a credit freeze are limited to a maximum of $10 per credit bureau. A credit freeze is a greater protection than a fraud alert; however, it also requires the freeze be removed and reapplied each time you need to have your credit reviewed by someone other than yourself.

  • Change passwords regularly and use strong passwords. At Longview, we use LastPass. LastPass is a free consumer tool for storing and developing passwords. LastPass can automatically generate a password that meets a site’s requirements and offers strong encryption.
  • Consider using two-key authentications where available.  This is a second layer of protection for your accounts. Not only are you required to give a password, but you are also required to provide a code that is either emailed or sent by text to you during log in.

We live in a world reliant on electronic access and delivery of information. It is important to remain proactive and protect your information as best you can. If you have any questions or would like to learn more about protecting your information, we encourage you to reach out to us.

How Longview Protects Your Information

The internet has increased the speed and ease at which we can provide and access information, but it has also created another entry point for thieves. It is a growing struggle for businesses to stay ahead and put protections in place. It is a scary reminder that if large organizations, like Equifax, can be breached, so can the smaller businesses, like Longview. That is why it is so important for us to maintain policies to review and protect our client’s information. Here are a few of the policies and procedures Longview has implemented to protect your data:

  • Identity Theft Program: We have a list of red flags for which all employees are responsible to watch.  Red flags include: changes in addresses, request of funds, wires, notifications of possible breaches, and suspicious activities. Whenever a red flag occurs, there is a process in place to review the action for client protection.
  • Password Policy: Longview uses a corporate license for LastPass, a free consumer product to store and generate passwords. This program offers encryption of passwords, strong password creation and requires a change in the master password every 90 days. Longview also has internal requirements for passwords.
  • Two-Key Authentication: Fidelity and our customer relationship manager software requires two-key authentication for access of client accounts. This is a second layer of security protection for online activity.
  • Information Security Policy: Longview has adopted an information security policy to provide a plan to prepare for and respond to possible breaches. Several safeguards are included in the policy:
    • Review of all third-party security policies on an annual basis.
    • Physical copies of information containing personally identifiable information are stored in locked rooms/filing cabinets and all hardcopies of client information is locked away daily.
    • Electronic copies of client information are encrypted and stored through Box.com, which is backed up through Amazon. No client copies are saved on individual laptop computers.
    • The firm’s firewall and antivirus software is up-to-date.
    • All access to the firm’s network requires a secure password and is separate from a client’s network access.
  • Incident Response Plan: Longview has compiled a process for employees to follow if an incident does occur. The plan includes a list of access persons, policies and procedures, succession and business continuity plans, vendor due diligence reports, periodic computer reviews, daily download deletions, and a process to remediate and recover information.

In addition to Longview’s protections, Fidelity has a customer protection guarantee that covers losses from unauthorized activity in your account.

As always, thank you for your business. We value your partnership and will continue to strive to protect your information.