FTC recommends security freezes

ALERT: FTC recommends consumers consider security freezes with credit reporting agencies following Equifax breach

October 2, 2017

Following the Equifax data breach, the Federal Trade Commission recommends consumers consider a freeze with credit reporting agencies.

The Federal Trade Commission has released guidance to help consumers whose information was compromised in the recent Equifax data breach learn more about protecting themselves. The Sept. 7 breach, which exposed individuals’ Social Security numbers, account numbers and drivers’ license numbers, put many at risk of identity theft. As a result, the company is offering free credit freezes, which block access to a person’s credit information, until Nov. 21. Those who had already paid for such a freeze before Equifax’s offer will receive refunds. However, to effectively help protect against identity theft, consumers must place freezes with all three major credit reporting agencies – Equifax, Transunion and Experian. Transunion and Experian charge for credit freezes, and for all three agencies, the typical cost is about $5 - $10 every time an account is frozen or unfrozen. Each agency must be contacted individually to freeze or unfreeze an account.

What are credit freezes and fraud alerts?

A credit freeze is a freeze on all access to a person’s credit information. This means that no one – including the consumer – can access the credit report to open new accounts or issue credit unless the consumer unfreezes the account. In most states, this freeze lasts until the person temporarily or permanently removes it. In some states, the freeze expires after seven years. This may be a good option for those who aren’t planning to seek new credit anytime soon; otherwise, the cost and inconvenience of having to freeze, unfreeze, and refreeze credit report accounts may be too much.

Another option is for consumers to place a fraud alert on their credit reports. When a fraud alert is placed, lenders and creditors must attempt to verify a consumer’s identification before they extend new credit. For fraud alerts, consumers need to contact only one of the major credit agencies, as each is required to notify the other two to place an alert on the file. Fraud alerts are free; however, they expire after 90 days unless they are renewed by the consumer.

Need more information?

To review the FTC’s full alerts, click here and here. To set up a credit freeze or fraud alert, contact Equifax, Transunion, or Experian directly. If you are concerned about managing your personal or your organization’s cybersecurity risk, please contact Brian Johnson, AGH’s senior vice president of technology services, using the information below.

Brian Johnson

Senior Vice President
Technology Services

Brian leads the firm's technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and APICS (the Association for Operations Management). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned a master's of accountancy and bachelor's in business administration.

Information in this document has been obtained by Allen, Gibbs & Houlik, L.C. from sources believed to be reliable. However, AGH does not guarantee the accuracy nor completeness of any information. This communication does not and is not intended to provide legal, accounting or other professional advice or opinions on specific facts or matters, and accordingly, AGH assumes no liability whatsoever in connection with its use. Nothing in this communication can be used to avoid penalties that may be imposed by a governmental taxing authority or agency.

Your organization has unique vulnerabilities and security requirements.
See how our professionals can tailor an IT security plan for you.