LendingTree is compensated by companies on this site and this compensation may impact how and where offers appear on this site (such as the order). LendingTree does not include all lenders, savings products, or loan options available in the marketplace.
Two Years After Equifax Breach, Millions Still Not Taking Basic Steps Against Identity Theft
Editorial Note: The content of this article is based on the author’s opinions and recommendations alone. It may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
Four in 10 people with a credit or debit card have provided their full Social Security number in an online form in the past month, according to a new report from LendingTree, as Americans continue to wrestle with how best to combat identity theft two years after the Equifax data breach.
That breach, announced by the credit reporting bureau on Sept. 7, 2017, exposed more than 140 million Americans’ private data, including Social Security numbers, credit card details and driver’s licenses. The vastness of the breach sent ripples throughout the nation, and those are still being felt today as millions of Americans submit claims to a piece of a settlement of up to $700 million with the Federal Trade Commission that Equifax agreed to pay those who were affected.
For the second straight year, LendingTree marked the anniversary of that announcement by asking Americans with a credit card or debit card their perceptions and feelings about breaches as well as what they had done in the past year to protect themselves from identity theft.
We asked about 10 actions that can help detect, prevent or protect yourself from identity theft and found that 95% of Americans said they had done at least one of them, but way too few people had done many of them. We also found that one of the most important bits of data about any American is being given out more often online than we would have guessed.
- 40% of cardholders have provided their full Social Security number in an online form in the past month. However, 95% of cardholders are at least somewhat hesitant to provide personal identifiable information online in case of a data breach.
- 91% think data breaches are becoming more common.
- 95% of cardholders said they took some sort of action last year to protect themselves from identity theft, and 44% said they’re much more diligent about looking for signs of ID theft, a 3% rise from 2018. The most common actions taken include:
- 66% said they reviewed their online bank and credit card statements more often than they did the previous year (up 1% from last year)
- 57% checked their credit score at least once last year (up 6%)
- 50% activated alerts to inform them when charges are made to a credit card (unchanged)
- However, many credit cardholders are still dropping the ball when it comes to basic steps in ID theft prevention:
- While 2 in 3 cardholders said they’re reviewing their online statements more often, there was actually a small decrease in the number of folks who review them each month to ensure charges are accurate. (62%, down from 66%)
- While nearly 6 in 10 cardholders checked their credit score last year, fewer than half of cardholders (46%) checked their credit score every month
- Just 4 in 10 reviewed a credit report
- Just 31% changed passwords on bank and credit card issuer websites in the past year, and just 30% signed up for alerts about changes to their credit report.
- 42% of cardholders said they will claim damages from the Equifax data breach settlement. That includes about 1 in 4 who will claim monetary damages, and another 16% who will claim the free credit monitoring service. 37% of respondents said they were not affected by the breach.
- About 1 in 5 affected by the Equifax breach will not claim damages. The main reason stated is that it’s too much of a hassle (26%) and/or they don’t trust Equifax with their personal information (25%). Twenty-two percent simply don’t think the compensation is worth the effort.
Keep your Social Security number secure
One of the few things that all Americans seem to agree upon in today’s hyper-polarized environment is that bad guys are hell bent on getting hold of your private information. The survey showed that 91% of cardholders think that data breaches are becoming more common and 95% at least somewhat hesitant to provide personal identifiable information online because of data breaches.
The good news is that the barrage of bad breach news has led to more Americans being more diligent about protecting themselves. The bad news is that there’s far more to be done.
Case in point: Social Security numbers.
These powerful nine-digit numbers are like gold to bad guys because having one basically gives you the keys to the kingdom when it comes to a bad guy pretending to be you. However, 40% of cardholders said they have provided their full Social Security number in an online form in just the past month! Extrapolate that out over a year and you have an awful lot of people giving out perhaps their most valuable bit of data.
Of course, it can be entirely appropriate to provide your Social Security number online. For example, you have to when you request your free credit reports at AnnualCreditReport.com. You have to do it when you apply for a credit card at a site such as LendingTree or other types of loans at other reputable websites. There are also insurance forms, school registrations, job applications and countless other perfectly legitimate reasons why a website might ask you for your SSN. However, it’s not always easy to tell the legitimate ones from the frauds.
Here are some things you can do:
- Watch for HTTPS in the web address: That designation tells you that the information found on the website – or any information that you enter into the website – is secure. Of course, no technology is completely hacker-proof, so HTTPS is no guarantee of safety. However, it is a significant step above regular HTTP. Ultimately, it comes down to this: Don’t enter your SSN on a site that doesn’t begin with HTTPS. It’s as simple as that.
- Ask questions: If a website asks you for more information that seems necessary, contact them via phone, email or social media and ask them why they need it. If anything about their response gives you pause, you should probably take your business elsewhere.
- Beware of phishing: Even if it looks 100% legitimate, don’t click a link in an email that is asking you to provide your SSN or other vital information. It’s likely a so-called phishing scam, designed to steal your information. Reputable organizations simply won’t ask you for that type of information in an email.
- Trust your gut: If you’re in an unfamiliar neighborhood in real life, you might handle yourself a little differently and be a little more watchful. It’s the same with unfamiliar websites. If something doesn’t feel right about a site, don’t enter any of your valuable information.
Leverage the most important tool you have
Much of our current focus when it comes to protecting your identity is misplaced. The best example of this is your credit score.
Credit scores can be useful in fraud detection. For example, if your score suddenly plunges, and you did nothing to cause it, it might be a sign that you’re a victim of credit card fraud. However, consumers would be far better served in paying less attention to their credit score and more to their credit report. There’s no better tool in your arsenal when it comes to fighting ID theft than your credit report, and yet it is far too often overlooked by consumers. This survey is yet another example of this:
- Nearly 60% of cardholders checked their credit score in the past year, while just 40% reviewed their credit report.
- 50% of cardholders activated alerts to inform them when charges were made to their credit card, but just 31% set up alerts to let them know about changes to their credit report.
All these steps are useful and important. However, more emphasis needs to be put on credit reports in your regular financial routine. For example, your credit report is the only way for you to see if someone has opened an account in your name without your knowledge. It can also show you any mistakes made by the credit bureaus that might be holding your credit score down artificially. It can even show you actual mistakes that you made that you might not have recognized, such as a late payment on a card you may have forgotten about.
The bottom line: Take action. It matters.
To many Americans, data breaches aren’t that surprising anymore. What might’ve shocked us into action in previous years barely causes us to raise an eyebrow today. That’s troubling because apathy just makes bad guys’ jobs easier.
We even saw this laissez-faire attitude when it came to potential compensation for damages done by the Equifax breach. About 1 in 4 cardholders (26%) said it was too much of a hassle to file a claim and another 22% said they didn’t think the compensation was worth the effort. Sure, early reports of affected people getting $125 each might not end up panning out, and even if it did, it might not change your life financially. However, it is surely worth taking the time to put in the effort.
That’s also true when it comes to checking for identity theft and fraud. Yes, you’re busy — we all are — but you have time to do these things. Do them once a week instead of checking Facebook or Instagram. Do them while you’re sitting at your kids’ soccer practice or waiting for them at the orthodontist. Do them on the train home from work. Make them a priority because it matters.
LendingTree commissioned Qualtrics to conduct an online survey of 750 American credit cardholders, with the sample base proportioned to represent the general population. The survey was fielded August 16-19, 2019, and the margin for error for all respondents is +/- 3.6%.