According to a 2015 study from Bluevine Capital, 75% of startups are funded by personal savings or loans. These loans depend on personal credit scores, which are managed by three major credit reporting agencies in the U.S.
Equifax, one of the three, was hacked earlier this year. With your information in the hands of criminals, you need to be prepared to handle potential headaches headed your way.
Read on for a summary of what happened, what to look out for, and what you can do to protect yourself..
How credit reporting agencies work
When everything is going well, credit agencies exist in the background, generating almost no interest.
Do you know the details of what makes the elevator in your building run, or how stoplights are tied into the electrical grid? The average person doesn’t. It’s magic, and no one cares…until the elevator gets stuck or the city’s lights go out.
In short: credit agencies try to guess how good you’ll be with money in the future based on what you’ve done in the past.
Instead of looking at just the big results, credit agencies watch almost everything you do. If you open a bank account or credit card, buy a house or a car, have a kid or miss a bill, credit agencies know.
FICO Score factors, used (in some version) by all three credit agencies. [Source: MyFICO.com]
Financial companies—your bank, the lending arm of a car dealership, the high street retailer issuing a credit card—want to know who they’re lending to. To allow that, they give data on all of the bill paying, account opening, and other relevant activity you engage in to credit reporting agencies.
The agencies aggregate this information to build your financial picture. When you request a new loan or credit line, the issuer can connect with the agency to see what kind of risk you pose.
If you’re making payments on time and don’t have too much existing credit, you’re generally a decent bet.
There are three major credit reporting agencies—Equifax, TransUnion, and Experian. Each has a slightly different version of your personal data, as each has connections to slightly different sets of data providers.
For whatever the reason, these versions mean that your credit score from each agency will differ. Your overall credit is usually a composite of the three scores, which means each score is important on its own.
What was the Equifax hack?
From May through July 2017, hackers accessed Equifax’s data by exploiting a flaw in the company’s software. According to Equifax, the data included “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.”
The hack affected 143 million people—about 57% of the total U.S. adult population. Odds are someone nefarious now holds a copy of your information.
The Equifax hack was, from floor to ceiling, a waking nightmare. Despite this, company’s response has been…slow.
Equifax discovered the hack in late July, hired a team to manage a security response in August—around which time, totally unrelatedly, some senior Equifax employees sold about $2 million of the company’s stock—and announced the hack in early September.
Equifax then set up a website to give people information about the breach, but accidentally directed them to a fake website with a similar name. On top of the misdirection, Equifax forgot to change the language on its own site, making it seem as though users who wanted to see if they had been affected had to waive their right to join a class-action lawsuit before they could check their data.
It later clarified, saying, “enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action.”
Equifax’s CEO apologized, then quit. Now, it’s someone else’s problem—yours, most likely.
How are businesses affected?
Since small businesses heavily rely on personal loans for startup capital, the hack could pose a threat to obtaining those loans. If someone uses your information to open fraudulent accounts, you’ll be in for a long road of unscrambling what’s real and what’s fake.
Solopreneurs that file taxes using their Social Security number are most likely to feel negative effects come tax time. Tax return fraud is popular among identity thieves who can file your taxes, take your return, and leave you to sort it all out.
Even if nothing happens this year, your information may float around for years to come, opening you up to future problems.
What can you do about it?
Here are a few resources for small business owners who’ve had their data stolen.
- On Equifax’s Cybersecurity Incident Information page, you can check to see if your data was affected and sign up for free credit monitoring from Equifax. You can enroll in the program through Wednesday, January 31, 2018—sooner is better than later.
- The IRS guide to identity theft contains information on the warning signs of tax fraud and identity theft. The CliffsNotes: file early and check your status often.
- Freeze your credit. This is a massive pain, especially for business owners, so understand what you’re signing up for before diving in. A credit freeze is you saying: “I don’t want anything issued in my name using my credentials.” While it’s a great way to stop people from using your data to open fake accounts, it also stops you from opening real accounts. While unfreezing credit is faster than it used to be, it still takes time and effort. If decide you do want a credit freeze, you’ll need to request one with Equifax, Experian, and TransUnion.
- Keep an eye on your credit. The law requires credit providers to give you a free credit report each year, if requested. The only place authorized to manage such requests is www.annualcreditreport.com.
To make sure you’re ready to file your taxes as early as possible, stay up-to-date with your accounting software. If everything is entered and ready to rock, your accountant will be able to get your taxes filed before someone sneaks in to grab your refund.
Keep an eye on your accounts, and don’t think “It won’t happen to me.”
It already has.