It was announced today that Equifax has settled claims brought by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and all 50 states’ Attorneys general alleging that Equifax neglected to take basic security steps to protect the personal information it stores and that this failure led to the massive data breach in 2017 in which personal data on more than 147 million people was stolen.  The personal information included the names, dates of birth and social security numbers of 147 million people putting them in serious danger of identity theft for the rest of their lives. A later SEC filing by Equifax disclosed that images of the drivers licenses, passports and other personal identification documentation affecting thousands of people were also stolen. Last year I told you about documents provided by Equifax to the Senate Banking Committee disclosing for the first time that among the personal information stolen in its massive data breach were email addresses. The email addresses put the victims of the data breach in increased danger of “spear phishing” which is phishing emails specifically tailored to the victims of the data breach in a manner that they will appear trustworthy. People providing personal information in response to these emails put themselves in serious jeopardy of identity theft and people clicking on links in these apparently trustworthy emails run the risk of downloading serious malware such as ransomware.

Under the terms of the new settlement Equifax will pay between 575 million dollars and 700 million dollars, which includes 300 million dollars to be paid to a fund to provide affected consumers with credit monitoring services as well as pay consumers who bought credit monitoring services from Equifax.  Equifax has agreed also to provide all Americans with six free credit reports each year for seven years in addition to the one free annual credit report that all credit reporting agencies are required to provide to consumers upon request by present federal law.  Under the terms of the settlement, Equifax must also implement a comprehensive security program to better protect consumer data.

While the settlement agreement has been reached by Equifax and the various government agencies, the agreement still awaits a judge’s approval before it will become effective.  Once it is approved by the judge, you will get an email notification of the settlement with specific information about the settlement and how to request services provided for under the terms of the settlement.  I will also be providing you with detailed information about this as soon as this information is available.

Meanwhile, the best thing you can do to protect yourself from many forms of identity theft is to put a credit freeze on your credit report at each of the three major credit reporting agencies.  In response to the Equifax data breach, Congress passed legislation eliminating the cost of freezing and unfreezing your credit so now it is free to do so.  However, the credit reporting agencies are recommending that you use a new invention of theirs which they call a “credit lock” instead of a credit freeze to protect your data.  They tout them as being more convenient and tie them into other services.  However, the truth is that you are better off with a credit freeze than with a credit lock.  Credit freezes are governed by laws that protect you, while credit locks are creations of the credit reporting agencies pursuant to contracts which they can change at will.  In addition, you may not desire the extra services you end up paying for at Experian which includes credit locks in security packages that can cost you more than a credit freeze while providing services you may not need.  Quite frankly, I don’t trust any of the credit reporting agencies to have our best interest as their primary motivation so I believe you are better off choosing to put a credit freeze on your credit reports at each of the three major credit reporting agencies rather than a credit lock.


To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

As for protecting yourself from spear phishing, remember my motto, “trust me, you can’t trust anyone” and never click on any link in an email or text message regardless of how trustworthy it may appear unless you have absolutely confirmed that it is legitimate.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”