Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | The Best Coffee Grinder | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

The Equifax Data Breach: What Everyone Should Do Now

by on September 08, 2017
in Privacy, News, Computer Safety & Support, Blog :: 20 comments

Equifax, one of the three major credit reporting agencies, suffered a data breach from mid-May through July, impacting 143 million Americans. While this isn't the largest breach, in terms of the number of affected people, it is one of the most serious, as the information taken is everything a potential identity thief would need. 

To make matters worse, Equifax doesn't appear to have responded in a swift manner to notify consumers of the threat. The breach was discovered on July 29 and it's just hitting the news now. And, according to Bloomberg, three Equifax executive sold shares worth almost $1.8 million in the days after the company discovered the breach (though the company claims the executives had no knowledge of the breach at the time).

The hackers were able to access the Equifax data through a security flaw in the Equifax website. Security expert Brian Krebs says "Equifax may have fallen behind in applying security updates to its Internet-facing Web applications. Although the attackers could have exploited an unknown flaw in those applications, I would fully expect Equifax to highlight this fact if it were true — if for no other reason than doing so might make them less culpable and appear as though this was a crime which could have been perpetrated against any company running said Web applications." We should expect better security from a company that is essentially the Fort Knox of our identity information. 

What the hackers stole

The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. These are the four key pieces of information that are used to take out loans, open credit card accounts and more. Also stolen were about 209,000 people's credit card numbers, and personal identifying information on another 182,000 people from Equifax's credit dispute documents. 

What you should do about the Equifax breach

You can find out if you were affected by visiting www.equifaxsecurity2017.com and clicking on the "Potential Impact" button. There you'll be asked for your last name and last six digits of your social security number. When you check, make sure you're on a secure computer (i.e. no hotel or any other public computer) and are using a secure internet connection (check out our tips on how to use public Wi-Fi securely here).

Check your SS number of Equifax

According to Equifax, I was not impacted by the breach. But whether or not you were impacted, you'll be given the option to enroll for a free year of the company's TrustedID Premiere service. 

Equifax results page

Do it, but note that the free monitoring only lasts for one year and the impact of this breach won't magically go away after a year. And credit monitoring isn't the best solution to this issue because you'll only be alerted AFTER someone steals your identity, rather than preventing it from happening in the first place.

The better option is to place a "security freeze" on your files with all three major credit reporting agencies: Equifax, TransUnion and Experian, as well as the lesser known Innovis. A security freeze is designed to prevent credit reporting agencies from releasing your credit report without your consent, making it impossible for anyone to apply for credit in your name. It does also make it more cumbersome for to apply for a loan, credit card or mortgage, so keep this in mind if you're in the process of buying a house or financing a car. You'll need to lift the freeze, which you can do by logging in to your account with a PIN that's issued when you place the freeze.

[Image credit: data breach concept via BigStockPhoto]



Discussion loading

AGGGGHHHHH!!

From Susan Steinberg on September 08, 2017 :: 5:32 pm

Even though they were the ones who got hacked, Equifax wants to charge me to place a security freeze on my file. So do TransUnion & Experian. Does anyone agree with me that Equifax should pay for the cost of these freezes?

Reply

avatar

Oh no, it's worse than that.

From Josh Kirschner on September 08, 2017 :: 6:01 pm

Equifax wants you to get their service free for a year, after which they will charge you a hefty fee of $16.95 a month(!) to continue your protection. The security freeze is the cheap way out and offers far better protection.

Reply

gravatar

Unable to join a lawsuit?

From emma on September 08, 2017 :: 5:49 pm

I heard that if I go to their site, it’s buried in the small print that I have to agree to arbitration to use this serivce?  I won’t be able to join a class action law suit?

Reply

avatar

Yes, that's true

From Josh Kirschner on September 08, 2017 :: 5:58 pm

The language on in the Equifax terms requires you to use arbitration. It’s unclear if that would only cover issues involving the service or would wrap in other issues, such as damages caused by the breach. My legal intuition says “no”, that a court wouldn’t see that as a reasonable extension of the terms for signing up for a credit monitoring service. But I’m not a lawyer, so those who are should feel free to chime in.

Class action suits from past breaches have taken a long time to resolve, and it’s unlikely consumers would see much remuneration from a class action. This is one area where I see stricter regulation of credit agencies as the best way to approach this problem.

Reply

gravatar

thanks!

From emma on September 08, 2017 :: 6:05 pm

Thanks for the response.  I never assume consumers get anything from class action suits wink  I’m hoping the company and the officers suffer some serious monetary pain for this (although it looks like the CEO and others made out like bandits selling their stock right after this happened).
I don’t hold out much hope for any regulatory improvements with this administration.

Reply

gravatar

Buy Back

From Suzy Smith on September 09, 2017 :: 9:04 am

I feel that CEO’s and major stock holders should be forced to buy back the stock at the price they sold plus intetestin the event something bad happens. This would make them be better stewards.

avatar

NY Attorney General says "unenforceable"

From Josh Kirschner on September 08, 2017 :: 6:59 pm

UPDATE: The NY Attorney General, Eric Schneiderman, described the arbitration language as “unacceptable and unenforceable” in a tweet (https://twitter.com/AGSchneiderman/status/906195350532304896) and Equifax has clarified the policy on its site to confirm that it only covers the service, not the breach.

Reply

gravatar

Phishing Attempt?

From Sharon on September 08, 2017 :: 6:56 pm

When I go to http://www.equifaxsecurity2017.com my browser tells me it is part of a Phishing attempt. I don’t even feel safe entering information to find out if I was part of the breach.

Reply

avatar

Yes, that's an issue with the site setup

From Josh Kirschner on September 08, 2017 :: 7:03 pm

As part of its already atrocious handling of this incident, Equifax apparently originally set the site up with an invalid/misconfigured security certificate. That, among other reasons, may be why many antimalware programs blocked it (Bitdefender blocked it for me, too, when I first tried it).

But it is the real site and I’m no longer seeing that warning.

Reply

gravatar

When I clicked the "Potential

From MrsLittle on September 08, 2017 :: 8:02 pm

When I clicked the “Potential Impact” button and put in my info, it just told me an enrollment date, not if I was affected or not. Also, I tried it with both my maiden and married names… It said the same thing both times, but with different dates. I’m pretty concerned!

Reply

avatar

It should work with both

From Suzanne Kantra on September 08, 2017 :: 8:58 pm

It should work with both your married and maiden names, since they would both be on file with your Social Security number. Each time you check it’s going to give you an enrollment date if you haven’t enrolled already, and that will change based on when you check. I’d highly advise going the security freeze route if your information was compromised.

Reply

gravatar

Completed Enrollment

From Diane H on September 11, 2017 :: 9:57 am

I put in my name and info on Equifax and it said I was likely impacted.  I continued for their credit monitoring and it gave me an enrollment date to come back to the site to complete enrollment. I have belonged to creditkarma.com for years and was just reminded that it has free credit monitoring, and there is no charge whatsoever for it.  At what point do you agree to Equifax’s arbitration agreement?  Did I already agree or is that when you go back and complete the registration?

Reply

RE: Initial Equifax Response

From Mike Hixson on September 09, 2017 :: 10:36 am

@MRSLITTLE When the check-your-status first went up, all you got was a date to revisit the site and no status of your exposure.

That issue was fixed yesterday or the day before, so you should return to the site, put your info in (which you can do from the original Techlicious post in this blog) and you will see your status with regard to the breach.  You’ll still need to log in on the given date or after to continue your registration for monitoring.

Reply

Lock SS#?

From Diane Nassy on September 11, 2017 :: 12:10 pm

How about Locking your social security number? Is that not a better way to protect yourself?

Reply

avatar

For employment protection, not credit protection

From Josh Kirschner on September 11, 2017 :: 1:46 pm

Hi Diane,

I had to research this one as I wasn’t familiar with a social security lock. From what I can find, the social security lock will only be helpful from preventing someone from claiming to be you when applying for employment from those employers who use the E-Verify system (https://www.uscis.gov/mye-verify/self-lock). It won’t have any impact on those who use the credit agencies for checking credit (e.g., credit cards, loans, etc). For that, you would need the credit freeze above.

Note that there is a help article on Quicken.com that suggests the social security lock will also prevent fraudulent credit applications (https://www.quicken.com/should-you-lock-your-social-security-number) - I believe the Quicken article is wrong. There is nothing on the official government sites regarding social security lock that in any way suggest it would block credit access. And, based on my understanding of how the credit process works, I don’t see how it could. The SSN lock is not intended for this purpose, the government is not sharing SSN lock info with the credit agencies, and those checking credit use the agencies, not the E-Verify system for employers.

Best,
Josh

Reply

gravatar

Equifax Credit Monitoring Enrollment Complete?

From Diane H on September 12, 2017 :: 9:22 am

I put in my name and info on Equifax and it said I was likely impacted.  I continued for their credit monitoring and it gave me an enrollment date to come back to the site to complete enrollment. I have belonged to creditkarma.com for years and was just reminded that it has free credit monitoring, and there is no charge whatsoever for it.  At what point do you agree to Equifax’s arbitration agreement?  Did I already agree or is that when you go back and complete the registration?

Reply

avatar

When you actually enroll

From Josh Kirschner on September 12, 2017 :: 11:33 am

You haven’t agreed to anything just by checking the impact. You only agree when you actually sign up for the service and you affirmatively agree to Equifax’s Terms of Service.

Reply

gravatar

I'm being hacked

From Kurt on September 12, 2017 :: 12:53 pm

My phone is being redirected constantly saying my connection can be attached ibknow something has been going on for couple months but no one helps and idk what to do if opened files on my phone that had a bunch of Japanese sympols in them idk any help please thanks my phone is a Android zte zmax pro and I’ve had several other old phones that also sane thing happened couple months back and I would actually find recorded calls and pictures that I never did on my phones

Reply

avatar

Check out our story on cell phone hacking

From Josh Kirschner on September 12, 2017 :: 1:06 pm

Our story on cell phone hacking helps you determine if your phone has been hacked and what you can do about it.

Reply

gravatar

1st I was compromised, now I'm not

From Dimitri_fl on September 15, 2017 :: 12:12 pm

I’m thinking they have no idea what was really done.  I initially tried to enroll, and was told I ‘maybe impacted’ and told to wait until 9/15 to be able to enroll.  Poof, 9/15 I try to find out if I was impacted again, and they say ‘no’.  Think they are scamming us to sign up for their Premier ID.  The Brass of the Corp should be charged with criminal intent over this whole mess.

Reply

© Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

site design: Juxtaprose