Attorney General Jim Hood announced on October 19, 2017, he joined 36 other attorneys general in urging consumer reporting agencies Experian and TransUnion to immediately stop charging fees to consumers who want to put credit freezes on their accounts in light of the massive data breach at the consumer reporting agency Equifax.
“If these agencies do not waive their fees, I intend to make Equifax pay for the fees that victims have incurred due to their hack,” said General Hood. “For customers who have already paid fees to place a freeze on their account, Equifax must reimburse them.”
The attorneys general sent a letter last week to the consumer reporting agencies (CRAs) urging them to stop charging fees for credit freezes and fees to lift or temporarily lift credit freezes on consumers’ accounts. The Equifax data breach reported last month has so far affected over 145 million Americans, including more than 1.3 million Mississippians.
Immediately after that breach, General Hood joined a group of attorneys general that forced Equifax to extend their free credit monitoring through the end of January. Although Equifax also agreed to waive fees for its security freezes, people are still having to pay fees at other agencies. While it is legal in Mississippi to charge up to $10 to place a freeze on credit reports, General Hood believes a measure to waive that fee in extreme situations such as this breach should be seriously considered. The CRAs profit by selling consumers’ information, and they have a responsibility to protect that same information.
Three actions are suggested for consumers when credit breaches take place: 1) freezing credit, 2) monitoring credit, and 3) locking credit.
- A credit freeze is when a consumer’s credit report data is sealed and made inaccessible to third parties. This prevents identity theft, and protection of credit through a freeze is guaranteed by law; however, the freeze must be lifted in order to open new lines of credit or apply for a loan or mortgage.
- Credit monitoring is a system that monitors for fraudulent activity on a consumer’s credit report—such as a new account or credit inquiry—and notifies consumers of suspicious actions. Having credit monitored usually lasts for one year before the initial request expires.
- A credit lock is similar to a credit freeze, but rather than being guaranteed by law, it is an agreement between the consumer and the credit monitoring company, which generally means consumers are liable for any issues that take place while an account is locked. Lifting a lock is also usually much faster than lifting a freeze.
Currently, some of the CRAs are offering credit locks but in some cases are also charging a monthly fee for the lock and combining it with other services, such as credit monitoring. In other cases, the CRAs offer a credit freeze free of charge, but the terms and conditions indicate that consumers’ information will be shared with affiliates and third party marketers.
In addition, General Hood offered the following tips consumers can take to safeguard against identity theft:
- Regularly request your free credit reports, inspect them closely, and promptly dispute any unauthorized accounts;
- Inspect all financial account statements closely and promptly dispute any unauthorized charges;
- Consider placing alerts on your financial accounts so your financial institution alerts you when money above a pre-designated amount is withdrawn;
- Beware of potential phishing emails; don’t open any email messages or attachments from unknown senders, and do not click on any unknown links. Fraudsters will frequently send coercive and misleading emails threatening account suspension or worse if sensitive information is not provided. Remember, businesses will never ask customers to verify account information via email. If in doubt, contact the business in question directly for verification and to report phishing emails; and
- Be on the lookout for spoofed email addresses. Spoofed email addresses are those that make minor changes in the domain name, frequently changing the letter O to the number zero, or the lowercase letter l to the number one. Scrutinize all incoming email addresses to ensure that the sender is truly legitimate.