Equifax Data Breach Frequently Asked Questions:
I’ve been hearing about the Equifax breach in the news. What happened?
Equifax, one of the three major credit bureaus, experienced a massive data breach. The hackers accessed people’s names, Social Security numbers, birth dates, addresses, driver’s license numbers, and other non-public personal information. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
Was my information stolen?
Though we cannot confirm this directly for you, in today’s world of constant large scale data breaches, it’s best to assume your information has been compromised.
How can I protect myself?
Should I place a credit freeze on my files?
- Enroll in Credit Monitoring services
Equifax is offering one year of free credit monitoring and identity theft protection services to everyone in the United States, whether or not your information was exposed. You can sign up at https://www.equifaxsecurity2017.com/.
- Monitor your credit reports
In addition, you can order a free copy of your credit report from all three of the credit reporting agencies at annualcreditreport.com. You are entitled to one free report from each of the credit bureaus every year.
- Monitor your bank accounts
We also encourage you to monitor your financial accounts regularly for fraudulent transactions. Use online and mobile banking to keep a close eye on your accounts. If you notice anything suspicious, call us immediately at 800-719-8080 (TTY/TDD 855-584-0256).
- Watch out for scams related to the breach
Do not trust e-mails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.
Before deciding to place a credit freeze on your accounts, consider your personal situation. If you might be applying for credit soon or think you might need quick credit in an emergency, it might be better to simply place a fraud alert on your files with the three major credit bureaus. A fraud alert puts a red flag on your credit report which requires businesses to take additional steps, such as contacting you by phone before opening a new account.
How do I contact the three major credit bureaus to place a freeze or fraud alert on my files?
Equifax: Call 800-349-9960 or visit its website.
Experian: Call 888-397-3742 or visit its website.
TransUnion: Call 888-909-8872 or visit its website.
Where can I get more information about the Equifax breach?
You can learn more directly from Equifax at https://www.equifaxsecurity2017.com/. You can also learn more by visiting the Federal Trade Commission’s web page on the breach at https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do. To learn more about how to protect yourself after a breach, visit https://www.identitytheft.gov/Info-Lost-or-Stolen.
If you are a victim of fraud or identity theft, you should take the following steps:
Call your bank and credit card issuers immediately so they can further protect your account.
File a police report and call the fraud unit of the three credit-reporting companies (Experian, Equifax, and TransUnion, phone numbers are listed above).
Consider placing a victim statement in your credit report and a fraud alert on your account.
Keep a log of all the contacts you make with authorities regarding the matter. Write down names, titles, and phone numbers in case you need to re-contact them or refer to them in future correspondence.
Contact the FTC’s ID Theft Consumer Response Center at 1-877-ID THEFT (1-877-438-4338) or www.ftc.gov/idtheft.
User ID and password guidelines, tips to avoid phishing, spyware and malware, tips for keeping your wireless network safe, and more.
Here are simple steps to combat and thwart a potential cyber thief:.
- Stay alert online. Be sure computers and mobile devices are equipped with up-to-date anti-virus and malware protection. Never give out your personal financial information in response to an unsolicited email or phone call, no matter how official it may seem. Your bank will never contact you by email asking for your password, PIN, or account information. Only open links and attachments from trusted sources. When submitting financial information on a website, look for the padlock or key icon at the top or bottom of your browser, and make sure the Internet address begins with “https.” This signals that your information is secure during transmission.
- Mobilize your defenses. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially from senders you don’t know.
Criminals love to take advantage of the giving spirit during the holidays and will stoop to the bowels of the Earth to scam you out of your money. Some common tactics criminals use include fake charities, false advertisements of discounted goods, bogus coupons, and phishing with false delivery receipts or error notifications.
Be that as it may, criminals are no match for a well-informed and cautious shopper! Use the following tips to help keep yourself safe from fraud this season:
- Secure your mobile device and computer. Keep your software and operating system up-to-date with the latest patches and run anti-virus software where possible.
- Use a unique password for all merchant websites and keep your devices secured with a passcode or password.
- Don’t use public computers or public wifi for mobile banking or shopping. Attackers may have already installed malicious software on public terminals that could steal your information and when it comes to public wifi, that traffic is easily susceptible to interception.
- Pay by credit card. As a consumer you have better protection and less liability when paying for items with credit instead of debit.
- Use trusted merchants. Steer clear of websites and merchants you’ve never heard of, no matter how good the deal seems. If the deal is too good to be true, it probably is.
- Look for “HTTPS”. When making an online purchase, make sure the website is secure by looking for a locked padlock icon and the letters HTTPS at the beginning of the website address.
- Do not allow retailers to store your credit/debit card information with your account. Doing so increases your risk of being affected if a malicious actor is able to gain access to your account.
- Frequently review your bank statements. Always make sure only the purchases you’ve made appear on your statement. If something doesn’t look right, call us ASAP at 1-800-809-1377 or TTY/TDD 855-584-0256.
- Monitor your bank statements regularly. If you see anything suspicious or inaccurate, let us know right away!
- Be wary of PIN use. You have more protections when using your debit card as a credit card. Try to only use your PIN number at ATMs.
- Report lost or missing cards immediately. We’d rather send you a new card to be safe, than find out later that it was stolen and used fraudulently. For lost or stolen cards call: 800-719-8080 or TTY/TDD 855-584-0256
- Patch your devices and applications; this includes your personal computers, mobile devices, tablets, internet-connected TVs, and all software that you use. By updating to the latest software and operating system versions, you can significantly reduce your risk of an attacker taking advantage of known vulnerabilities.
- Use Anti-Malware software. HomeStreet has partnered with IBM to offer all online banking customers a free copy of Trusteer Rapport anti-fraud software.
Download Rapport for business use
Download Rapport for personal use
Mobile Devices - Smartphone and Tablet Security
Smartphones and tablets devices have a lot of great features to make banking at HomeStreet easier. It’s important that you think of your smartphones and tablets as any other computer, capable of performing financial transactions and just as susceptible to getting hacked.
As more and more people are using smartphones for financial applications, hackers are turning their attention to them. The same types of malware that can infect your laptop are finding their way into your smartphones and tablets.
Tips for Safe Mobile Banking:
- Set a password on your mobile device so no one else can access it.
- Don’t disclose personal information, account numbers, or passwords in text messages. Purge your text messages regularly.
- HomeStreet will never contact you via text message asking you to respond with account, login, password or other personal information. Don’t fall victim to a text purporting to be from us and requesting your account number(s), Social Security number, or other personal information.
- Don’t Bank and Drive.
- Use only reputable Wi-Fi hot spots that are password protected.
- Never store mobile banking login and passwords on your device.
- Phishing attempts can be sent via mobile e-mail or text message. Never open attachments or download files from unfamiliar sources.
- Be careful of apps you download. Download signed applications only from a trusted source. Look at the developer’s name, and check out reviews and star ratings.
- Install antivirus software. Many security software vendors now have a mobile version of their anti-virus solution.
- Visit only trusted web sites.
- Download a trusted app that can remotely wipe information from your lost or stolen device.
- Keep your device protected from view when using mobile banking applications.
- Turn off Wi-Fi™ and Bluetooth™ when your device is not in use, so hackers won’t have an opening to get in to your system.
- Don’t attempt to alter your smartphone manufacturer’s security settings. “Jailbreak” or “Root” your smartphone will void your warranty, and make the phone much more vulnerable to attacks.
- Delete all Mobile Banking Apps, and personal information if you sell or discard your smartphone or tablet. This includes e-mails, text messages, photographs, contact details and Internet links. Login to HomeStreet Online Banking application on your PC, click Customer Service tab, click Manage Mobile Banking Settings, select your device and either Disable Device or Remove Device
If your mobile device is lost or stolen:
If you have any questions, or if we can help you in any way, please feel free to contact us at Corporate Information Security.
- Change your password immediately. Log in to HomeStreet Online Banking from your PC and change your Online Banking password.
- While in the HomeStreet Online Banking application, click Customer Service tab, click Manage Mobile Banking Settings, select your device and either Disable Device or Remove Device.
- Watch your account closely for unauthorized transactions.
- Remotely wipe your device, if you can.
- Report the loss to your carrier and ask them to disable the device.
- Contact HomeStreet to let us know about the loss. We can discuss additional security options with you.
Green Bar Means Safer Online Banking with HomeStreet
HomeStreet Bank uses enhanced security to help keep online banking customers safe. HomeStreet uses Extended Validation SSL from VeriSign®, a trusted provider of Internet infrastructure services for the networked world, to provide added assurance that our web site is authentic. When visiting our Web pages, the URL address bar turns green, a closed padlock icon appears, and HomeStreet's name is shown to the right of the URL along with the security provider issuing the certificate (VeriSign). More than 75% of browsers being used today are high-security browsers that can show the green bar. Supported browsers include Internet Explorer 7.0, Firefox 3.6, and Safari 4.0 or later.
Here is an example of what you should see with high-security browsers when you are on a www.homestreet.com Web page:
Online Banking Security
We address Online Banking security at three levels:
To learn more about best practices for protecting your privacy and preventing ID theft when online, check out our Secure Login FAQ.
Securely Transmitting Information
Communication between your browser and HomeStreet’s online banking servers uses Secure Sockets Layer (SSL) technology and the green bar Extended Validation described above. To ensure that our customers get the most out of this security technology, our Online Banking Web portal requires the use of a Web browser that supports 128-bit encryption. If your browser does not support 128-bit encryption, we recommend that you upgrade to one of the following high-security browsers: Internet Explorer 7.0, Firefox 3.6,or Safari 4.0 (we recommend the latest versions of any of these browsers).
Securely Storing Information
Your customer information database is housed on our secure servers and protected by firewall technology. Just as authenticated requests are the only things that can communicate with our Online Banking server, our Online Banking server is the only thing that can send requests to the customer database
Preventing Unauthorized Access
A security analyzer constantly monitors login attempts and recognizes failures that could indicate a possible unauthorized attempt to log into an account. When such trends are observed, steps are taken automatically to prevent that account from being used.
The Latest Federal Guidelines Governing How Banks Confirm the Identity of Online Users
Consumers appreciate the convenience and speed of banking and bill paying over the Internet, but many are concerned about the safety of their money and personal information based on news coverage of criminals making unauthorized transfers from accounts. That's why the FDIC and other federal financial regulators updated the guidelines on how banks should verify that someone logging on to a bank's website is the real owner of a particular account. The new guidelines became effective Jan. 1, 2012.
Under the earlier guidelines in place since 2005, banks were expected to require more than just a password to allow access to an Internet bank account; people logging in also needed to clear a second hurdle, such as correctly responding to a series of questions that only the account owner and the bank knew the answers to.
Under the 2012 guidelines, banks are also expected to have additional layers of stronger security — both before account access is granted and before money can be transferred out of that account.
"For example, your bank may check that the computer you are logging in from is located where you live and not in a foreign country, or it may put a hold on fund transfers that don't match your payment history until the bank can verify the legitimacy of that transaction," explained Jeff Kopchik, an FDIC senior policy analyst who specializes in technology issues.
While most of these new security measures will operate behind the scenes, your bank may contact you about the new controls and any changes in online banking procedures. For that reason, there is a concern that criminals may attempt to repeat scams that surfaced when the 2005 guidelines were issued. Back then, criminals pretending to be bankers sent e-mails asking consumers to "enroll" in a new security program. The fraudulent e-mails asked consumers to provide certain sensitive personal information (such as a password) or to click on a link that appeared to be legitimate but actually installed malicious software — often called malware — that allowed the crooks to spy on the individual's computer.
Any new security procedures that HomeStreet Bank implements in response to the new guidelines will not require you to take any action via email, so be wary of any e-mail that appears to be from HomeStreet or any other bank that asks you to provide information such as your password or that asks you to click on an embedded link.
If you receive such an e-mail and have any concern about its authenticity, contact your bank directly.
Also on Jan. 1, 2012, federal examiners began reviewing banks' assessments of their online banking risks as well as the new security measures they put in place.
Information Security: How does Phishing Work?
Before you open an attachment or a link in an e-mail from an address that you do not recognize, stop for a moment and look at it with a skeptical eye. Security breaches usually start with a phishing email aimed at installing malware on computers or nabbing user ID and passwords. Here are some best practices that we should all know:
- Look for unprofessional spelling and` grammar errors.
- Treat any e-mail you don't expect to receive with suspicion.
- Check for odd-seeming phrases or out-of-the-ordinary topics of e-mail messages based on your knowledge of the sender.
- Hover your cursor over links to see if you recognize the email source of the address. If you don't it could be phishing.
Don't let a phishing scam catch you! If you suspect a message is a phishing scam, forward it to Corporate Information Security for further investigation.
Information Security: Protect Your Password!
What's your login password? TRICK QUESTION! No one should ever ask you for your password. Not in person, over the phone, or in an email.
Your password is like your signature, providing access to all your account information.
Best practices: Change your password frequently, never share your password, and use unique passwords on all your financial sites.
If you need more information, please feel free to contact Corporate Information Security.
Strong Passwords Protect Your Privacy
Your sign-on password may be easier to hack than you think. According to Corporate Executive Board IT Leadership Exchange, more than 99% of passwords can be found within the top 10,000 most commonly used passwords.
Using the same password for multiple websites increases your chances of losing or compromising sensitive information. Instead, vary passwords between online accounts, just as you use different keys for your car, home and work file drawer. Make your information more secure by creating a password that is complex to everyone else, but easy for you to remember.
What is the right password?
Creating a strong computer password is both an art and a science. If you create a password that has too many similarities to your name, address or your pet's name, you run the risk of losing valuable information. Create a password that has too many different variables or is challenging, and you may not remember how to access your account.
Suggestion for creating a strong password:
Follow these steps to create a strong password and help protect your privacy
- Start with a phrase that's important to you - a line from a special song, a memorable event, an inspiring quote or a phase such as “It Was A Dark And Stormy Night,” and then take the first letter of each word (iwadasn).
- Randomly replace letters to generate a password with upper-case letters, lower-case letters and special characters. Here's what that could look like: 1W@dA$n.
Remember your personal system, and then alter it slightly for different websites - such as by adding a relevant tag at the beginning or end. Create new password systems for critical accounts, such as online banking: BANK1W@dA$n.