As anyone able to tear themselves away from hurricane bulletins last week knows, credit reporting bureau Equifax shared the news that the personal information of 143 million Americans was compromised earlier this year. Yet while plenty of companies, including Equifax itself, are happy to give or sell you credit monitoring services after such a massive breach, that doesn’t mean you should take them up on it.
The Equifax breach isn’t the largest in in history; that dubious honor goes to Yahoo, which had the login details of more than 1 billion accounts stolen on its watch.
This was, however, the largest known breach of data that’s useful to identity thieves. Information that was taken includes:
• Dates of birth
• Social Security numbers
• Driver’s license numbers
The information stolen could be used for anything from filing a tax return in your name to taking out loans and credit card accounts.
Credit monitoring: Don’t bother
People with common sense have criticized Equifax for using the breach to sell its own identity theft protection services. The company is offering victims a year of its TrustedID credit-monitoring service.
(NOTE: When the service was originally launched, it included a mandatory binding arbitration clause for disputes over TrustedID, meaning users gave up their right to sue if something goes wrong with TrustedID. However, on Sept. 11, responding to days of consumer outcry, Equifax changed the terms and conditions for breach victims signing up for TrustedID, and no longer requires them to agree to mandatory binding arbitration. People who purchase this monitoring service outside of the data breach site are still subject to this condition.)
Post-breach credit monitoring services are a thriving mini-industry. Equifax is one of the financial services companies providing these services that benefits whenever there’s a credit card or personal data breach, since firms routinely offer identity theft protection as part of a standard apology package after a breach of personal data and/or payment card numbers.
The problem with such services is that they don’t prevent anyone from stealing your personal data or opening accounts in your name. They just let you know a little bit faster when it happens.
You can enroll in the services that Equifax is offering if you want to, but be sure to remember to cancel them or to not renew them when the free year is up.
Placing a freeze on your accounts is an important step if you’re concerned that you might be a victim of identity theft or another financial crime. Here’s how to do it. It isn’t foolproof, but it is cheaper and more secure than paying monthly or yearly for credit monitoring services. It costs up to $12 per credit bureau, but there’s no cost for residents of some states.
Read more: My Identity Was Stolen, Then TransUnion Let The Fraudster Unfreeze My Accounts
A freeze should prevent anyone from opening accounts under your name, including you. This might be good if you want to keep yourself from opening any new credit cards, but can also be inconvenient. So you should probably hold off on placing a freeze if you’re planning to apply for a mortgage, auto loan, or other major debt instrument in the next few weeks.
Users who had frozen their Equifax reports have noted that their PINs, the codes used to lift the freeze and open the credit report up for queries and opening new accounts, were simply a timestamp of when they requested the freeze.
The company switched to assigning random numbers only after customers pointed this out.
“We understand and appreciate that consumers have questions about how a PIN is currently generated for a consumer initiating an Equifax security freeze solution. All consumers placing a security freeze will be provided a randomly generated PIN,” the company’s site for breach information now says.
One customer recounted to The New York Times that he found himself explaining credit freezes and PINs to a representative at the Equifax call center. While it’s good that the company has put as many people on the call floor as possible to help customers, it shouldn’t be up to customers to train them.
(Story has been updated to include latest information regarding arbitration clause.)
Editor's Note: This article originally appeared on Consumerist.