Equifax, one of the three major credit reporting agencies, suffered a data breach from mid-May through July, impacting 143 million Americans. While this isn't the largest breach, in terms of the number of affected people, it is one of the most serious, as the information taken is everything a potential identity thief would need.
To make matters worse, Equifax doesn't appear to have responded in a swift manner to notify consumers of the threat. The breach was discovered on July 29 and it's just hitting the news now. And, according to Bloomberg, three Equifax executive sold shares worth almost $1.8 million in the days after the company discovered the breach (though the company claims the executives had no knowledge of the breach at the time).
The hackers were able to access the Equifax data through a security flaw in the Equifax website. Security expert Brian Krebs says "Equifax may have fallen behind in applying security updates to its Internet-facing Web applications. Although the attackers could have exploited an unknown flaw in those applications, I would fully expect Equifax to highlight this fact if it were true — if for no other reason than doing so might make them less culpable and appear as though this was a crime which could have been perpetrated against any company running said Web applications." We should expect better security from a company that is essentially the Fort Knox of our identity information.
What the hackers stole
The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. These are the four key pieces of information that are used to take out loans, open credit card accounts and more. Also stolen were about 209,000 people's credit card numbers, and personal identifying information on another 182,000 people from Equifax's credit dispute documents.
What you should do about the Equifax breach
You can find out if you were affected by visiting www.equifaxsecurity2017.com and clicking on the "Potential Impact" button. There you'll be asked for your last name and last six digits of your social security number. When you check, make sure you're on a secure computer (i.e. no hotel or any other public computer) and are using a secure internet connection (check out our tips on how to use public Wi-Fi securely here).
According to Equifax, I was not impacted by the breach. But whether or not you were impacted, you'll be given the option to enroll for a free year of the company's TrustedID Premiere service.
Do it, but note that the free monitoring only lasts for one year and the impact of this breach won't magically go away after a year. And credit monitoring isn't the best solution to this issue because you'll only be alerted AFTER someone steals your identity, rather than preventing it from happening in the first place.
The better option is to place a "security freeze" on your files with all three major credit reporting agencies: Equifax, TransUnion and Experian, as well as the lesser known Innovis. A security freeze is designed to prevent credit reporting agencies from releasing your credit report without your consent, making it impossible for anyone to apply for credit in your name. It does also make it more cumbersome for to apply for a loan, credit card or mortgage, so keep this in mind if you're in the process of buying a house or financing a car. You'll need to lift the freeze, which you can do by logging in to your account with a PIN that's issued when you place the freeze.
[Image credit: data breach concept via BigStockPhoto]
From Susan Steinberg on September 08, 2017 :: 5:32 pm
Even though they were the ones who got hacked, Equifax wants to charge me to place a security freeze on my file. So do TransUnion & Experian. Does anyone agree with me that Equifax should pay for the cost of these freezes?
Reply
From Josh Kirschner on September 08, 2017 :: 6:01 pm
Equifax wants you to get their service free for a year, after which they will charge you a hefty fee of $16.95 a month(!) to continue your protection. The security freeze is the cheap way out and offers far better protection.
Reply