By now, everyone is aware of the massive data breach at Equifax. Something like 143 million Americans had their personal information exposed in the hack. That effectively means that every American adult was impacted. You can check to see if you are on the list here: www.equifaxsecurity2017.com. I’ll bet you are.
We have received a lot of phone calls about this. We don’t believe there is any serious risk to your investment accounts, as our custodial firms require signature authorization in order to disburse funds. However, if you are concerned, you can request additional security measures for electronic access to your accounts if they are held at Charles Schwab.
The bigger risk is identity theft. It is now conceivable that your information could be used by a third party to open up new lines of credit in your name. This may be credit cards, car loans, bank loans, etc. If you are concerned about this, there are steps you can take.
Primarily, you can put a credit freeze on your account by visiting the web sites of the major credit reporting companies. The websites are below:
Equifax: http://www.freeze.equifax.com
Transunion: https://freeze.transunion.com
Innovis: https://www.innovis.com/securityFreeze/index
Experian: https://www.experian.com/freeze/center.html
While the data breach was recently announced, it actually occurred several months ago, and likely persisted for some time. It seems the initial hacking episode occurred in March, and continued undetected until July of this year. At which point, Equifax learned of the breach and moved to fix the problem. It was over a month until the public was notified that their personal information was exposed. Interestingly, during the period that Equifax learned of the problem, but before it was released to the public, Equifax management had time to sell personal holdings of their Equifax stock.
That last point might make you angry, and demand some regulatory response. Indeed, the U.S. Securities and Exchange Commission has warned public companies in the past that they could be the target of enforcement actions if they mislead investors about a significant data leak that affects share prices. However, you might consider that the SEC just announced a major data breach of its own.
The SEC’s electronic system for public company filings was hacked, resulting in the loss of highly sensitive data that could be used for insider trading purposes. While this information was released to the public on September 20th of this year, the actual incident occurred in 2016. Perhaps the SEC will initiate an enforcement action against itself.
The point here, other than venting my frustration with government incompetence, is to note that data breaches are frequent and widespread. All of us, whether or not we use computers, have sensitive personal information that is available on the internet. There isn’t much we can do about it, except take a few common-sense security measures to reduce the risk as much as possible.
To Download the complete 2017 Q3 Newsletter please click below.