Cybersecurity experts say older consumers need to be more vigilant about protecting their identity from hackers in the wake of new revelations that personal information was stolen from Equifax databases on 2.4 million more people than was previously reported.
The credit reporting agency’s disclosure adds to the 145.7 million people from the U.S., Canada and the United Kingdom that Equifax had said were hacked last year.
Equifax will notify the affected consumers by mail and will offer free identity theft protection and credit file monitoring services, similar to services it offered to other consumers affected by the data breach, the company says in a news release. The Federal Trade Commission and the Consumer Financial Protection Bureau are investigating the incident.
In the Equifax breach, hackers were able to gain access to consumers’ driver’s license and Social Security numbers, birth dates and home addresses. Fraudsters can use that stolen data to apply for credit cards, personal loans and other consumer credit.
The latest batch of consumers identified by Equifax had only partial driver’s license information taken. But that’s often enough for scammers to access other personal information to commit fraud.
If you believe you’ve been hacked or that your information is at risk, security experts say you should check your credit report, credit card statements and bank records for suspicious activity, such as a bogus credit card charge or bank withdrawal. You can also lock or freeze your credit report at major credit bureaus.
Here are some additional tips to help prevent cyberfraud:
Use multiple forms of identification
Most web-based accounts require just usernames and passwords to log in. If you have the option, take advantage of multifactor authentication (MFA), which provides additional layers of security to prove you’re who you say you are, including such information as a fingerprint that can be provided on a cellphone.
Delete, delete, delete
“Put your hacker hat on for a moment,’’ says Robb Reck, chief information security officer for the Ping Identity security firm. “If a hacker were to break into your email, what would they find? What information do you have stored in obvious and not-so-obvious places?” Delete any emails and documents containing sensitive information that would make it easy to access your financial and business accounts, Reck says.
Don’t use the same password for multiple accounts
Once hackers have your password, they’re likely to try it everywhere. Instead of passwords, switch to "passphrases" — which are longer and more complex than passwords — to strengthen access to your accounts.
File your tax returns as soon as possible
Scammers are using stolen identification to file fraudulent tax returns, according to the Internal Revenue Service.
“There’s a common misconception that attackers monetize personal data by selling it,” says Sarah Squire, senior technical architect at Ping Identity. “While there is a market for that information, a more reliable way of making money from stolen personal information is to file a fraudulent tax return and have a tax return deposit sent to the attacker's account.”
Submitting your tax returns well before this year’s April 17 filing deadline can greatly reduce the chance of being victimized by a fraudulent return, because the IRS processes the first tax return that comes in with your Social Security number.
“If you haven’t filed yet, you may want to check online to make sure that a return has not been filed in your name by anyone else,’’ says Squire. “If your identity has been stolen, you can set a PIN on your IRS account, which will be required to file future returns."
Posing as IRS agents or collection agencies, fraudsters also trick unsuspecting tax filers into sending refunds to them.
AARP’s Fraud Watch Network can provide more information about identity theft, investment fraud and other scams. To learn more, go to aarp.org/fraudwatchnetwork.
Disclosure: AARP’s branded Identity Theft Protection service is provided by TrustedID, an Equifax company.