Q&A: How to protect your financial data in the wake of the Equifax breach

Dear Liz: Do I have the right to notify the credit bureaus that I do not want any of my financial information stored in their files? They don’t seem to be that secure. I rarely borrow money and the three financial institutions I deal with have all the data they need to lend me money if I need some. I do finance a car on occasion, because if they want to lend me money at less than 1%, why not?

Answer: The short answer is no, you have no right to stop credit bureaus from collecting information about you. You also can’t prevent them from selling that information or keeping it in inadequately secured databases.

One thing you can do is to freeze your credit reports at all three bureaus to prevent criminals from using purloined information to open credit accounts in your name. But that will cost you.

The only bureau currently waiving the typical $3 to $10 fee for freezing credit reports is Equifax, the credit bureau whose cybersecurity incident exposed Social Security numbers, dates of birth and other sensitive identifying information for 143 million Americans. The other bureaus, Experian and TransUnion, are still charging those fees.

You’ll have to pay an additional $2 to $10 each time you want to lift those freezes, which you’ll probably need to do if you apply for new insurance, apartments, cellphone service, utilities and, of course, credit. Financial institutions may indeed have plenty of information about you, but probably wouldn’t lend you any money without access to your credit reports or scores. Freezes also are a bit of a hassle because you need to keep track of a personal identification number, or PIN, to lift the freeze.

Just in case you weren’t irritated enough by this state of affairs, understand that freezes won’t stop other types of identity theft, such as someone getting medical care in your name or giving the police your information when they’re arrested. Still, instituting freezes is probably the best response to the most devastating breach yet.

Close any cards you used at Target during the breach

Dear Liz: My debit card was part of the recent Target data breach (my credit union called me). I’ve read articles telling me to pull my credit reports. Here’s the thing: I already requested two of my three free credit reports in early December. When I read about the Target incident, I requested the third one. So now, if I pull a credit report, I’d have to pay for it. I’m very concerned about this, as my finances are tight.

Answer: The information that was stolen in the Target breach — and immediately put up for sale on black-market sites — is not the kind of personal information that’s typically needed to open new accounts, said John Ulzheimer, credit expert for CreditSesame.com. So buying your credit reports or investing in credit monitoring, which is how you would spot new account fraud, isn’t strictly necessary, he said.

The information that was stolen can be used in what’s known as “account takeover,” which means the bad guys can take over existing accounts and make fraudulent charges. In the case of a debit card, that means they can drain your bank account. With a credit card, you wouldn’t have to pay the fraudulent transactions, but dealing with them could still be a hassle.

Either way, you would be smart to close any debit or credit card used at Target between Nov. 27 and Dec. 15, the time of the breach, and ask for a replacement, Ulzheimer said.