Equifax Data Breach Hit Me: Here's How I Protect Myself Now
A financial professional who once paid Equifax to monitor his own personal information outlines the four-step plan he now uses instead to guard his identity, Social Security number and finances from cybercriminals.


As a wealth adviser, I usually write about topics like preparing for retirement, helping your kids fly the nest and making better investment decisions. But in light of the recent Equifax hack, along with similar hacks at Target, Yahoo and others — and the common misperceptions about them — I think it’s important to tackle another issue: the steps you can take to protect your wealth in the digital age.
The biggest mistake you can make right now is to think your information is perfectly safe. Even excluding the many corporate hacks that happen regularly, 145.5 million people were affected in the Equifax breach. There are about 250 million people over the age of 18 in the U.S.
That gives you better than 50-50 odds that your information is out there. If you’re frustrated and angry, I’m with you. I was one of the many who actually paid for Equifax to monitor my personal information, only to have it compromised.
From just $107.88 $24.99 for Kiplinger Personal Finance
Be a smarter, better informed investor.

Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
But like I tell my kids: You can get angry about a problem or deny that it exists — or you can roll up your sleeves and do something about it.
Here’s what I’m doing.
Step 1: Deal with your credit record
The very first decision you need to make is what to do about your credit record. Do you freeze it, so no one can take credit under your name unless you lift the freeze? Sign up for ongoing credit monitoring?
The answer is that it depends on your needs and your trust level. Monitoring is convenient and usually effective. Of course, a lot of people are concerned about giving Equifax the very same information they already failed to protect.
But if you need your credit record to stay open, a monitoring service could be a good solution. Equifax is offering their monitoring service for free for a year, and other bureaus have a monitoring option as well.
You could potentially improve the security of monitoring if you add a free 90-day fraud alert to your credit report. This will give you an extra layer of protection for three months because it requires every lender to verify your identity before proceeding with any applications. You may even be able to set up an automatic renewal on the 90-day fraud alert. I have this in place, and I think it’s a good combination of simplicity and security.
If you won’t be needing to use your credit report anytime soon, you can also freeze your file with each credit bureau. You’ll likely need to pay for this service.
When a lender has a legitimate request, like a credit check on a car loan, you’ll have a special PIN that you can use to temporarily open the file. You’ll need to know which credit bureau your lender uses, call in to “thaw” your file so they can access it, then freeze your record again afterward. You may need to pay a fee each time you freeze and thaw your report.
This is obviously a little inconvenient, but it could be the best way to ensure that no one can access credit in your name.
If you want to learn more about identity theft and some of the serious issues that can accompany it, click here to see my 3-minute TV segment on the subject.
Step 2. Set up two-factor authentication on every account that you can
This, in my opinion, is a must. Two-factor authentication notices if someone is trying to log into your accounts from an unknown computer, mobile phone or tablet. To make sure it’s really you, the system will send a security code to your phone number (or, sometimes, an email address). Once you’ve logged in from a particular device, you can check a box to remember it if you want to, so that you only have to go through these steps once. Some systems, like Gmail, will automatically remember your device after the first authentication.
Two-factor authentication can seem annoying, but it can also prevent someone from getting into your bank account. That’s why it’s important to set it up on any website that you can. Put together a list of all your bank and investment accounts, insurance agencies and credit cards, and then go to this website to learn how to set up two-factor authentication on each one. I have personally also set it up on all my email and social media accounts.
It only takes a few minutes, and it’s very much worth it.
Step 3. Add a PIN on your phone number (I’m not talking about the PIN to open your phone!)
Next, close another potential gap in security: your cellphone number.
As noted above, one of the most common features of two-factor authentication is a text message that provides you with a temporary security code. So what if someone else was able to compromise your phone number?
This isn’t a stretch: It’s easy to port a phone number from one carrier to another using only some basic personal information. If someone had that information already and just needed to get access to your security codes ... well, let’s just say it’s happened before and it can easily happen again.
Make it harder by putting a PIN on your phone number with your carrier so that it can’t be ported by someone else. Call your phone providers today and make sure you have this extra layer of security in place. It’s an extremely fast and easy way to make sure two-factor authentication always works the way it’s supposed to.
Step 4. Update your passwords
A lot of us are guilty of using the same basic password for all our logins, with a few tweaks here and there. It’s convenient, but it’s also unsafe. Once someone knows part of your password, it becomes a lot easier to figure out the rest of the sequence. This doesn’t just make your password easier to crack: If you reuse your passwords, it gives criminals access to a huge amount of digital information.
That’s why unique passwords are so important. One recent recommendation on passwords is to forget about complicated letters and symbols, and use long sentences for your passwords instead. So, instead of something impossible to remember, like “P@77yW3N7,” you could try “pattywenttothebank.” Although, in my opinion, you should have a different phrase for each login. Reason being, if they hack one website and compromise your password, you don't want them to have access to all of your sites.
The reason a phrase is better because sentences — very long passwords in general — are harder to crack because they’re long. Each character can be one of 26 letters: A password with 18 characters and no numbers, like the one above, has over 1.5 million possible combinations of letters. If you wanted to (or were required to) add a number or a symbol, your possibilities only go higher. However, for the user, they’re still memorable enough to be useful.
Of course, remembering dozens of different passwords can still be hard. To help you manage, you could use a password manager. Again, it depends on your level of trust. These tools are convenient, but they can also be hacked. Consumer Reports has a great introduction to password managers, including how to get the most value from them and some of the more popular products available.
That’s why some people find it more secure and less of a headache to use a more old-fashioned tool: a pen and a piece of paper. Few hackers are going to make that kind of effort, and you know it can’t be compromised online because it’s nowhere to be found. Just make sure you keep it in a very safe place.
The reality of the modern age
Hacking is, unfortunately, here to stay. There’s a high probability your information was compromised in the Equifax hack, and it may have been compromised before (check out this site to learn if your email address and site password were involved in other hacks ‐ all you have to do is enter your email address).
That’s why you need to take these basic security precautions.
I’m not a cybersecurity expert, and none of these tools or methods are foolproof. But much like the way you lock your doors, set the alarm in your house, or install a password to unlock your phone (by the way, you should have one of those too), these tools provide extra layers of protection that make stealing harder.
That alone is worth a lot.
So don’t wait: Take these steps, and start taking control of your information today.
Written by Bradford Pine with Anna B. Wroblewska
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.

Brad Pine is a wealth adviser and president of Bradford Pine Wealth Group, based in Garden City, N.Y. BP Wealth Group assists individuals and entrepreneurs to create wealth, simplify their lives and plan for retirement. Honesty, integrity and reliability are the foundations of Pine's investment philosophy.
-
The Upscale Upgrades Coming to a Country Club Near You
Young country club members expect more from their fees than access to a golf course. From teen rec rooms to red-light therapy, this is how clubs are upgrading.
-
I claimed Social Security six months ago at 62, but my checks are too small. What are my options?
We asked financial experts for advice.
-
Five Retirement Planning Traps You Can't Afford to Fall Into, From a Wealth Adviser
To help ensure you reach your savings goals and enjoy financial security in your golden years, be aware of these common pitfalls. The key is to be proactive, informed and flexible.
-
Your 401(k) Can Now Include Alternative Assets, But Should It? A Financial Adviser Weighs In
Many employer-sponsored plans offer limited investment options, which can stunt growth. But participants considering alternatives might need some sound advice to get the most from their accounts.
-
Will Taxes Shred Your 401(k) or IRA During Your Retirement? It's Very Likely
Conventional wisdom dictates that you save in a 401(k) now and pay taxes later, but turning that rule on its head could leave you far better off. A financial planner explains why.
-
More Retirees Are Renting: Should You? A Financial Adviser Weighs In
In some ways, renting is cheaper, more flexible and easier, but unless you understand the implications for your taxes and health costs, it might not be for you.
-
I'm a Real Estate Investing Pro: This 1031 Exchange Strategy Can Triple Your Cash Flow
Savvy investors can use 1031 exchanges to unlock value by moving capital across markets in a play called geographic arbitrage. These tax implications can make or break the strategy.
-
I'm an Insurance Pro: Everyone Needs to Prepare for Earthquakes, Even if You Don't Live Near a Fault Line
Here are my tips for what to do before, during and after an earthquake. The more prepared you are, the more you'll be able to keep your wits about you if it happens.
-
Where There's a Will, There's a Way Your Assets Will Be Distributed as You Wish
Your will is the backbone of a strong, adaptable estate plan that ensures what you leave behind goes to your selected beneficiaries. Without a will, state laws determine who gets your assets.
-
I'm a Financial Adviser: This Is What You're Really Losing if You Cut Back on Your 401(k) Contributions
Missing out on the benefits of the employer match and compounding growth could force you to work longer and lower your standard of living in retirement. Here are some alternative options.