Q: A few days ago, my wife and I each received letters regarding the settlement of the Anthem data breach that resulted in a one-year “credit monitoring settlement award.” We’ve been the victims of other data breaches in the past and always took advantage of the credit monitoring.
The letter regarding the Anthem breach and credit monitoring includes an activation code, which I thought would make it easy to get registered.
However, I found out yesterday in talking to an Experian agent that in addition to providing confirmation of your personal information (name, address, email address, Social Security number and date of birth), which appears to be typical for these data breach settlements, you must also register on Experian’s site with a username, password and security questions. This is the case whether you register online or over the phone.
The fact is I am leery of providing any further information to Experian’s database that it doesn’t already have, considering that its database could be hacked someday, as happened at Equifax.
My wife and I huddled and, as we have all of our credit files frozen, we didn’t think the additional measure of having to register on the Experian site would be worth the risk we’d be exposed to. There’s also the likelihood we would be subjected to an ongoing barrage of marketing emails from them.
What’s your view on this? Should you want to check out the registration page, go to www.experianidworks.com/anthem. I would expect many of your readers received this same letter.
A: I agree with your decision to pass on this.
For the most part, the credit bureaus (Experian, TransUnion and Equifax) know almost everything there is to know about us: Everywhere we’ve lived, every job we’ve had, every loan and credit card we’ve had – and more.
But it sounds like the security questions they want answered might include information not in your files, such as the name of your pet, or where you went to high school, or the middle name of your oldest sibling. Of course, you could always choose to answer these questions incorrectly; you’d just need to make sure you remembered your incorrect answers. (Take note: I never provide my mother’s maiden name. It’s too easy to learn. The name I provide when asked is another relative’s last name.)
Even if the questions required to create your account were based on information in your credit files, there’s risk in enabling access to your files using information that a thief already might have, thanks to the Anthem breach. If someone is able to log in to your Experian account, then what kind of damage can he do?
The credit monitoring offered under this settlement could have some value. But you note that the biggest potential problem – new credit applications – is not an issue because your files are frozen and a prospective creditor couldn’t get access to open a new account.
The service also offers identity restoration if you have a problem related to this breach, along with insurance that reimburses you for certain expenses up to $1 million.
Credit monitoring, in my opinion, creates a false sense of comfort for many people. The credit bureaus have a good track record of not taking very good care of us.
The truth is that 88 percent of identity theft and fraud involves existing accounts. The credit monitoring isn’t going to help you with this any more than you could help yourself by setting up account alerts and monitoring your bank and credit accounts weekly or, even better, daily.
You can learn a lot more about protecting yourself and your finances by contacting the Federal Trade Commission’s identity theft help service online at https://www.identitytheft.gov or by calling 1-877-382-4357.
To reach Teresa Murray, email [email protected] or call or text 216-316-7064. She cannot respond to all queries or comments.
Previous columns: cleveland.com/moneymatters
On Twitter: @TeresaMurray
On Facebook: www/facebook.com/MurrayMoneyMatters