Frustrated Woman at Computer Holding Credit Card

The magnitude of the Equifax security breach is still unfolding. Be proactive to prevent fraud, and take steps to detect and remediate fraud if it occurs.

Preventing Cybercrime

How to Protect Your Personal Financial Information

  • Mark Eich
  • 9/14/2017

The Equifax breach and other high-profile data breaches result in financial losses to consumers with increasing frequency, and affect all of us in some form or another. Businesses are required to tighten their security measures, and there are steps you can take to protect yourself.

To help determine whether your personal information has been breached, go to the Equifax consumer website, and type in your last name and the last six digits of your social security number.

Despite these continual security breaches, hackers seem to keep finding a way through. How do they do it?

What hackers do

First, let's look at how hackers steal. Their target is your personal financial information such as social security numbers, bank accounts, credit cards, driver license numbers, phone numbers, street address, date of birth, mother’s maiden name, location of birth, and email addresses. To complete a full dossier they will also look for your interests, pets, online personas, friends, coworkers, and any other information that can be obtained from the Internet. The more the complete the dataset is, the more valuable it is to the hacker and the more attractive it is to steal.

Thieves will then sell that information to other criminals (often eastern European organized crime groups) who use it to make fraudulent purchases, fake credit cards, or establish bogus credit relationships with banks and big box retail outlets in order to make even more fraudulent purchases. When personal financial information is tied to email addresses, hackers have an easier time crafting phishing messages designed to hijack personal financial accounts.

What you should do to protect yourself

How can you protect yourself from this online thievery? The answer lies in a multi-layered strategy, not one simple "silver bullet." Here are our top recommendations:

  • Diligently monitor your bank accounts, weekly at a minimum.
  • Avoid enabling online banking features that easily move money out of accounts, such as wire transfers or ACH (automated clearing house), unless you have a pressing need to do so.
  • Don't use debit cards for purchases, especially online. Credit card losses are typically much easier to recover than losses from stolen debit cards.
  • Thoroughly monitor credit card activity. Most cards offer online access to make it easy to monitor card use.
  • Consider using only one of your cards for online purchases, which makes it easier to keep an eye on activity.
  • Keep credit card receipts. Then balance and reconcile your card accounts the same way you balance your checking account.
  • Utilize automated alert functions provided by bank and credit card accounts. These often mean defining transaction limits, and you'll receive email or text messages sent if you go over the limit. Some banks and credit cards also allow you to configure alerts for transactions where the card is not present.
  • Report suspicious card activity ASAP and be prepared to place a credit freeze on your accounts by contacting the three credit reporting agencies.
  • Use a credit monitoring service like (which is actually not free) or Credit Karma (there are others). Set up alerts for new activity (like new accounts) to be delivered by text message.
  • If you cannot perform the above items with diligence, use an identity protection service such as LifeLock or Identity Guard.
  • Be very wary of website links that arrive in emails. Hackers use bogus links to send victims to rogue sites that deliver malicious software (malware) that can steal your passwords and other personal financial information. If the email appears believable, navigate to the site with your browser rather than following the link whenever possible.

The Equifax hack came to light on the heels of the recent WannaCry attack. For even more information and tips, check this identity theft resource page from the Federal Trade Commission.