Many of you may have heard about the Equifax hack—or perhaps you have even been contacted by Equifax to notify you that you were affected. According to Equifax, the names, social security numbers, birth dates, drivers’ licenses, some credit card information, and credit history of 143 MILLION Americans has been stolen. Considering the size of the over-18 population of the U.S., that’s a better than 50% chance you have been hacked. If you have been hacked, you are 11 times more likely to be a victim of identity fraud. The breach occurred between May and July, the company became aware of the breach on July 29, but did not announce it for well over a month. This means that if your information was compromised, the hackers could have been using it since May of this year! They can use this information to open new accounts in your name, get credit cards in your name and use them, take out loans (for which you are responsible), file for a tax refund, or try to hack into bank and investment accounts. So what should you do about it?

STEPS TO PROTECT YOURSELF

Equifax provided a link on its website to help you check if this hack affects you. Go to https://www.equifaxsecurity2017.com. Fill in the requested information and it will tell you if the hack affects you. They also plan to send out written notification to the affected persons. Next, get a copy of your credit report. By law, you are entitled to a copy of your credit report annually for free. You can do this at https://www.annualcreditreport.com. If you don’t check your credit report regularly, you really should start doing so. It will tell you new accounts that were opened, accounts that remain unpaid and which affect your credit, and other useful information. If you see that a new account was opened in your name that you did not request, bills unpaid by creditors you are not familiar with, or calls, liens or lawsuits for collection by creditors you don’t know, your information has been compromised—and yes—you are responsible for it, unless you take action to notify the creditors and prove that you did not take out the loan or credit or make the charge.

If you are affected, it may also be beneficial to order a credit freeze, in which case you will need to call all three credit bureaus. However, this will leave you unable to open new lines of credit, such as loans, and it may cost some money directly out-of-pocket. Consumers may place, temporarily lift, or remove a security freeze to an Equifax Credit File by going to http://www.equifax.com/CreditReportAssistance/?/CreditReportAssistance. There is no charge for this (even though originally some people were charged and are to be refunded). To call for a Credit Freeze:

TransUnion: 1-888-909-8872
Equifax: 1-800-349-9960
Experian: 1-888-397-3742

This is a way that you can better control who accesses your credit file. You must release the security freeze to apply for credit. While this is helpful, will this solve the problem? Probably not. This is because if hackers have all of an individual’s personal information, they also have all the information needed to unfreeze an account. Think about the last time you forgot your password or user id and contacted your bank or on line provider to reset your password. What did they ask you for? Probably your social security number (or a part of it), mother’s maiden name, birth date or other information, much of which these hackers now have if you were a victim of this breach.

WHAT IS EQUIFAX OFFERING AND SHOULD I TAKE IT?

Equifax has offered a free service, called TrustedID Premier, to all those affected by the breach, for one year. The service includes (1) copies of your Equifax Credit Report; (2) 3 Bureau Credit File Monitoring, including automated alerts of key changes to your Equifax, Experian and TransUnion credit files, (3) Equifax Credit Report Lock, which allows you to prevent access to your Equifax credit report by third parties, with certain exceptions; (4) Social Security Number Monitoring, which searches suspicious web sites for your Social Security number; and (5) Up to $1 million in ID theft insurance, which helps you pay for certain out-of-pocket expenses in the event you are a victim of identity theft.

Should you wish to enter legal proceedings for claims directly related to the breach, Equifax has waived the arbitration clause specifically for their TrustedID Premier, meaning you will not waive your right to enter legal proceedings. Originally, consumers were required to waive their right to sue and agree to mandatory arbitration. Equifax has reversed this decision and will not enforce it, even if you already signed up and agreed to it. You can also opt out of all arbitration clauses by sending a written notice via mail or overnight delivery service, which states that you are opting out of all arbitration clauses. Timely written notice of opt out must be delivered to Equifax Consumer Services LLC, Attn.: Arbitration Opt-Out, P.O. Box 105496, Atlanta, GA 30348, and must include your name, address, and Equifax User ID, as well as a clear statement that you do not wish to resolve disputes with Equifax through arbitration. If you decided to opt out, I recommend that you send this notice via Certified Mail. Return Receipt Requested or overnight delivery service, so you have a record of delivery.

Should you accept their offer? You may want to consult with your attorney about this. Provided you are not prevented from taking other legal action if you decide to, you may want to consider it. However, the question remains—can you trust a company to protect you when they already failed to protect your data and notify you of the breach in a timely manner? Or might other credit/identity theft services be a better option, even if you have to pay for them? If you decide to use another vendor, be sure to find a service that not only does credit monitoring, but also provides identity protection insurance. I’m reminded of the commercial where the patient in the dentist chair is told he has a cavity and then the dentist walks out and the patient says “Well aren’t you going to fix it?” and the dentist says “I am a dental monitor. I just let you know you have a cavity. You have a cavity.” Credit monitoring without identity theft insurance protection to help you fix issues and pay expenses for losses incurred is like the dentist identifying the cavity but not fixing it. It’s not that helpful.

WHAT ABOUT MY PAUL WINKLER ACCOUNTS?

You might wonder if your accounts with Paul Winkler, Inc. and the financial firms we work with have been affected. This hack has not affected any of our accounts at this point. Paul Winkler Inc. (PWI) and our servicing financial entities have many safety protections in place. First and foremost, your accounts are held at an independent third party custodian. In addition, PWI and the financial firms we work with use security protection on our systems designed to help protect against unauthorized access. PWI does not have discretionary authority on any account which would enable us to enter into your accounts and place trades or take out money without your permission. We also have certain cross checks in place to help further protect your information in case we have reason to believe that a request on your accounts seems irregular. For example, nearly every distribution must be facilitated with a signed LOI, and there is a system in place to follow up on items flagged for potential fraudulent activity. Keeping your money and your confidential information safe is of utmost importance to us.

THE BEST LAID PLANS…

Despite the many precautions we and others take on your behalf, it is impossible to guarantee that somebody has not or will not some day hack any of your accounts on line. Therefore the best thing you can do is be more diligent than ever when it comes to personal accounts and protecting your information. Signing up for the Equifax or other credit/identity theft protection insurance is a start. But even if you do this, it is important for you to consistently monitor bank accounts and credit activity for anything suspicious. Be wary of clicking links via email or social media claiming to originate from Equifax, as thieves are likely try to further capitalize on the event through malware. Make sure you have anti-virus and anti-malware protection on your computer.

Please do whatever is necessary to protect your identity! Take the breach seriously. Your social security number alone being stolen makes it very simple for someone to open a line of credit in your name, putting you in a very bad place for getting loans, a mortgage, a new apartment, a new car, a new house, or even a new job.

3050 Business Park Circle Suite 503 Goodlettsville, TN 37072
Tel: (615) 851-1950 Mobile: (920) 915-5510 anne@paulwinkler.com
This message is intended for the use of the addressee, and may contain privileged or confidential information. If you are not the intended recipient, or the employee or agent responsible for the delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and return the original message to us at the above address via U.S. Postal Service.
Paul Winkler, Inc. does not provide tax or legal advice. All decisions regarding the tax or legal implications of your investments, or client investments, should be made in consultation with an independent tax advisor or attorney. The views expressed herein are those of the sender only, are not intended to constitute an advertisement for Paul Winkler, Inc., have not been reviewed as firm marketing literature and should not be used or distributed to any other person as such. Firm marketing literature is available on the firm’s website or upon request. Nothing in this email is designed to meet the specific needs of an individual investor or intended to be used as a basis for investment decisions.