Making Cents: The Equifax Security Breach Guide

US Wealth Napolitano |

By: John P. Napolitano, CFP®, CPA, PFS, MST

Protecting your confidential information is a frequent topic of this column. Most recently in regards of what to do if you have reason to believe that your information may have been compromised with the recent Equifax data loss.

The first step is to log on to the special site that Equifax has set up to learn whether you were one of the unlucky victims. That site is The volume of people and the significance of this is so massive that it may take a few days to even learn whether or not you were affected.

In the meantime, you can go to all three credit bureaus and immediately put a complete freeze on your accounts. This will require any transaction needing your credit history to be declined without your pro-active consent to release the freeze. Currently Equifax has waived all fees and charges associated with a freeze with their company through November 21, 2017. The other two agencies, Transunion and Experian are still charging a fee for this service. Beware that every time that you want to release and re-set your freeze, that you’ll pay another fee.

Check your credit report to see if anything has already happened. The black market for data is so huge and well developed that adverse consequences may be immediate for some of the unluckiest. Consider buying a credit protection service that can help to monitor and maybe prevent unauthorized utilization.

Log into to all of your web sites that may contain stored credit card information or any other confidential personally identifiable information (PII) and change your password.  Consider changing your user ID – especially if you use the same user ID for many sites.  Utilizing unique user IDs and passwords for all sites that contain your PII is most beneficial.

Crooks typically will try to corroborate your PII using other publicly available sites where you voluntarily give up certain PII such as date of birth or town of residence. I’ve been advised by internet security experts to either not have that information out there or to provide different answers and different dates for different social media sites. This sounds pretty deceitful, but frankly it makes sense when I was told why.  If some or all of your data doesn’t jive precisely with other corroborative sources – you may be less likely to be hacked. After all, why would they mess with you if there are millions of other users who have used the same user ID and password for every site they utilize?

The last two issues are remembering all of your passwords and user IDs and advice for those who do not use the internet. Even if you are not an internet user, you can now see that your data is out there whether you use it or not. You still need to take these precautionary measures. Remembering your user IDs and passwords, however, is still not easy. There are apps and web sites that help, but if they get hacked we are back to square 1!


John P. Napolitano CFP®, CPA is CEO of U. S. Wealth Management in Braintree, MA. Visit JohnPNapolitano on LinkedIn or The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. John Napolitano is a registered principal with and securities offered through LPL Financial, Member FINRA/SIPC. Investment advice offered through US Financial Advisors, a Registered Investment Advisor. US Financial Advisors and US Wealth Management are separate entities from LPL Financial. He can be reached at 781-849-9200.