An Action List for Business Owners After Equifax’s Data Breach

[7 MINUTE READ]

The following guest blog post was composed by Maddie Shepherd, News and Finance writer at Fundera. It originally appeared on the Fundera Ledger.

It is intended solely for informational purposes. It is not an endorsement or recommendation and should not be construed as such. The views and opinions expressed are those of the author and do not necessarily reflect the opinion of Supplier Connection, its members, or regional growth partners.

The post is intended to provide small and diverse business owners with advice on how to deal with the Equifax security breach.

 

Chances are, you’ve heard or read something about the recent cyberattack on the systems of Equifax, one of the three largest credit reporting bureaus in the country, where crucial identification information of about 143 million U.S. customers was compromised.

Equifax released a statement that the cyberattack made vulnerable names, Social Security numbers, birthdates, address, and driver’s license numbers of the credit bureau’s customers, as well as the credit card numbers of around 209,000 consumers.

You might be thinking—as a business owner—how does or could this affect me?

For starters, it’s important that you check whether or not your information was compromised during the breach and if so, take action.

Why do small business owners need to protect themselves if impacted?

Small business owners’ credit scores are extremely important for their small business’s financial health. With access to the information that the cyberattack made vulnerable, among other things, criminals could seek credit in your name and max it out with no intentions to pay it off. Since this would be in your name, it would be your credit score that would suffer.

If your credit score plummets because of fraudulent activity like this, you can contest it. But, in the interim, you’ll be cut off from access to valuable funding for not only your personal finances but also for your small business.

Though you might try to separate personal finances from business finances, lenders will almost always consider your personal financial history before funding your business. Because of this, as a business owner, you have more at stake with your credit scores and consequently should be covering all your bases following this cyberattack.

Here’s how to check if you were impacted and, if so, the steps you can follow to protect yourself.

8 Steps to Take to Ensure Security After the Equifax Breach

Whether you find out your information was compromised in the attack or it wasn’t, and you just want to be cautious, taking the right steps to ensure your security will give you peace of mind. We know you can never be too careful with your financial health and reputation, especially when you’re running a business.

Here are 8 steps experts suggest you take to cover all of your bases:

1. Determine if your information was compromised.

If you haven’t already done so, this is the first step to take immediately. Even if you haven’t noticed any worrying activity on any of your accounts, go to Equifax’s form so that you can be certain about the status of your information following the attack. It is very easy to complete and only takes a minute.

To check whether or not you were impacted, visit www.equifaxsecurity2017.com and click “enroll” to determine whether or not you were impacted in the attack.

2. Sign up for free credit monitoring (regardless of the results).

Even if Equifax’s system determines that your information wasn’t affected in the attack, you’ll have access to free credit and identity theft protection through TrustedId Premier for a year.

Because of the uncertainty surrounding the attack and the sensitivity of the information at stake, it’s recommended that you enroll regardless of your results.

3. If your information was compromised, report it to your banks.

The quicker you report your compromised information to your banks, the better. Even if no fraudulent activity has occurred on your accounts, get ahead of the game by notifying any banks, creditors, and lenders you work with that you were impacted.

4. Place security freezes.

This step is crucial. By placing freezes with credit bureaus, you can block financial activity that occurs in your name. By going to the three major credit bureaus and asking for a security freeze from each of them, you’ll make it impossible for anyone to do anything in your name that requires a credit check. If a criminal uses your information to try to open lines of credit, credit cards, or loans in your name, lenders won’t be able to run a credit check if you place the freezes.

Keep in mind that the three main credit bureaus—Equifax, Experian, and TransUnion—all require that you file unique requests for a freeze at each bureau. Different creditors and lenders use different bureaus for their credit checks. Be sure to cover all your bases by filing a request for a security freeze at all three major bureaus.

Similarly, you’ll want to file a request for a security freeze with Chexsystems. This is the service that about 80% of banks (and almost all large banks) use to screen new customers for bank accounts. A security freeze will prevent unauthorized attempts to open bank accounts using your information.

5. Make an identity theft report.

After you inform all financial entities that your information was compromised, decide if you want to take the time to declare your identify theft legally. This will involve an FTC identity theft report and a police report, which together will make your Identity Theft Report.

If you choose to follow through with reporting your theft to the authorities, you’ll first have to report your identity theft to the Federal Trade Commission. Then, to report your identity theft to the police, you’ll need to come bearing your printed FTC report, a form of government-issued ID, any proof you have of the theft, and a note from the FTC to law enforcement.

These are the basic steps for filing a legal report for your identity theft, but bureaucratic processes like this are extremely detailed and specific. Because of this, you should be sure to read up on the exact steps to take in reporting your identity theft by referring to the FTC’s instructions page.

Though it’s not completely essential, having this legal documentation will majorly facilitate any disputes you’ll have to make against fraudulent activity.

6. Pull copies of your credit report.

To investigate financial activity under your name, you can pull a credit report from each of the three major bureaus mentioned above on an annual basis by visiting annualcreditreports.com.

Because you took the time to request a security freeze with each of the bureaus, it’s unlikely that you’ll find anything. However, these credit reports are the only way to know for sure that someone didn’t open accounts in your name before the freezes are processed.

7. Set up alerts.

Setting up alerts for all of your accounts will save you a lot of time and a lot of worry. With many banks, you can set up SMS or emails alerts for actions like address changes, failed login attempts, and suspicious activity. Knowing you’ll be notified if something fishy happens on your accounts will give you some peace of mind amidst all of this uncertainty.

Additionally, you can consult Credit Karma for free credit scores, reports, and insights. Their monitoring functions can help you spot possible identity theft early.

8. Dispute fraudulent activity as soon as you learn of it.

If you learn of fraudulent activity in your name, don’t sit on the information. Have a quick turnaround to the parties involved, whether it’s your bank, another bank, a lender, or a creditor. The quicker you report fraudulent activity, the less liability you’ll have and the easier you’ll be able to resolve the situation.

Now, Take a Breath

It might go without saying, but taking a step back to breathe after you cover all of these bases is crucial. With so much at stake, recovering from having your identity potentially compromised can be especially nerve-wracking for a business owner. Be vigilant by completing the above steps, but also remember that, in the aftermath of this widespread cyberattack, financial institutions will likely be even more forgiving and willing to work with you if you were impacted.