With the angry glare of the public eye squarely focused on Equifax after announcing a massive breach and blamed it on a computer server flaw other companies had fixed months before, the company is waiving fees on credit freezes. Which is good news because it's the only thing that's going to save your bacon.
The company had previously offered victims a free year of credit report monitoring — but customers and advocates were quick to point out that this wouldn't actually stop anyone's identity from getting exploited from the data heist affecting nearly 143 million Americans. Hackers would still be able to open up new credit cards and go on spending sprees, apply for other loans or mortgages, and leave you holding the bag for the debt or the bad name.
Equifax announced the move on Twitter in reply to a customer tweet — which has less visibility than a new standalone tweet and would only be seen by people reading the comment thread or following a link.
But, however muted the trumpet heralding was, it's still good news.
"If there is a breach and you're concerned about identity theft, credit monitoring is not the most effective measure," Chi Chi Wu, a lawyer with the National Consumer Law Center, told NBC News. "A credit freeze is."
How To Freeze Your Credit Report
To freeze your credit at Equifax, you'll want to go to www.freeze.equifax.com.
Enter your complete name, address, social security number, and date of birth. On the next screen select that you want your credit report frozen. Then confirm. Write down your PIN code in a secure place when you get it.
But at time of publishing, the Equifax site, and sometimes the other credit bureaus, were giving error messages to customers who tried to initiate a freeze. It's okay to wait a few days and try again, says security expert Bob Sullivan. Things should hopefully improve. But in the meantime, you can also submit your request in writing to this address and supply the same information, per these instructions:
Equifax Security FreezeP.O. Box 105788Atlanta, Georgia 30348
You'll have to pay to freeze your credit with the other two agencies, but experts say it's worth it.
"A credit freeze is only effective if applied to all three credit bureaus. It'll typically cost you about $10 to implement one, but it is pretty easy to do through bureau websites or on the phone, and it can be quite effective," CreditCards.com analyst Matt Schulz told NBC News in an email.
This means that any time you or any other entity — legitimate or otherwise — tries to check your credit and open up a new line of credit, you'll need to first "thaw" your credit report. To thaw it, you can call a phone number (Equifax's automated freeze lift line is 1-800-685-1111) and give them the PIN along with either the date range you wanted the freeze lifted, or the name of the company you'd like to be given access to your report.
The whole process takes about 15 minutes. After you thaw the report and are done with the transaction, you call the credit bureau back and put the freeze back on. The FTC has more info on how credit freezes work as well.
Freezing your credit is a great way to stop thieves or computer errors from messing up your credit history. But it's also somewhat of a hassle — so if you're shopping for a car or house, you'll want to leave the freeze off for a while.
It can also put a crimp in those spur-of-the-moment store credit offers where you get a percentage off your purchase for signing up on the spot.
Since the announcement of the hack and even up to now there have been problems with the freezes. Equifax customers reported reaching call center employees who didn't know what a "credit freeze" was. Others said the automated freezing line wasn't working. And, most interestingly, instead of randomly generated PINs, early PIN codes appeared to be simply the date and time you applied for a PIN. Not very secure.
But the company says it's learning as it goes along, and working quickly to make changes.
"We are listening to issues consumers have experienced and their suggestions," the company said on a website it created to post updates on the hack and to detail how it is addressing the issue. "These are helping to further inform our actions, and we are now sharing regular updates on this website. Thank you for your continued patience and feedback as we continue to improve this process."
The credit freeze, however, will not protect you from potentially even more nefarious end users of this treasure trove of information on nearly half of all Americans.
"Cyberwar is in large part conducted through data mining and cyber-intelligence," said Avivah Litan, an analyst at Gartner. "Enemy nation states build databases of Americans that they then use to get to their targets, for example a network operator at a power grid, or a defense contractor at a missile defense company. "