Millions of Americans have had personal and financial information stolen in an incredibly large data breach at Equifax, one of the three major credit bureaus.
Cybercriminals may have accessed information for as many as 143 million consumers in the U.S., including their social security numbers, names, birthdates, and addresses. A smaller percentage of those individuals may also have had their credit card information stolen.
Think this data breach doesn’t apply to you? Think again.
If you have any type of credit product, such as a credit card, auto loan, or mortgage, then there’s a large chance you could be included in the group of affected individuals. With 143 million amounting to about half of the American population, there’s close to a 50-50 chance that your information has been compromised.
Keep reading to learn more about the Equifax data breach, how you could be impacted, and what steps you can take to prevent any future financial damage.
Equifax Breach: What Exactly Happened?
Discovered on July 29, Equifax just announced the breach on Thursday, September 8.
The cybercriminals had access to Equifax’s data for about two and a half months, lasting between mid-May and late July. During that time, they gained access to an unprecedented amount of information.
Here’s a rundown of the impacted groups:
- Names, Social Security numbers, birth dates, addresses for up to 143 million people, plus driver’s license numbers for some in this group
- Credit card numbers for 209,000 U.S. consumers
- Dispute documents for 182,000 U.S. consumers, which may include personal identifying information
- Some U.K. and Canadian customers may also have had credit card information stolen
In a statement by Equifax Chairman and CEO Rick Smith, he noted that the company immediately worked to stop the breach as soon as it was discovered.
They then hired a cybersecurity firm to perform a forensic review, which revealed the impacted groups. Two areas that weren’t affected by the breach are their core consumer and commercial credit reporting databases.
Still, the aftermath of this event is substantial, despite Equifax’s pledge to invest more in their cybersecurity efforts.
Why Does Equifax Store So Much Personal Information of All Americans?
Equifax is one of three major credit bureaus in the U.S., along with Experian and TransUnion. It is a private company that collects financial information on consumers and then sells that information to interested parties.
Financial institutions and creditors willingly report your information to the credit bureaus, such as your payment history and outstanding balances. Your credit information is then purchased by other creditors and lenders when evaluating your applications for new credit.
To ensure everyone’s information is as accurate as possible, Equifax uses social security numbers to link financial data to the right individual. They also sell consumer products, which is how they obtained credit card information that was accessed by the attackers.
How Equifax is Handling the Data Breach
Because these cyber attacks have the potential to negatively affect as much as half the population, Equifax is offering several free identity protection resources to all U.S. consumers.
The first is a dedicated website called www.equifaxsecurity2017.com where you can sign up for free credit file monitoring and identity theft protection services. The program is called TrustedID Premier and includes the following features:
- Copy of your Equifax report
- 3 bureau credit file monitoring: provides automated alerts of major changes to any of your credit reports
- Equifax credit report lock: prevents third parties from accessing your Equifax report
- Social security number monitoring: performs online searches of suspicious websites potentially listing your SSN
- $1 million identity theft insurance: covers some out-of-pocket expenses if your identity is stolen
Equifax has also set up a dedicated call center to assist customers. The phone number is 866-447-7559 and is open every day from 7:00 a.m. – 1:00 a.m. Eastern time.
How to Sign Up for Equifax Identity Protection Services
To sign up for these services, you first need to check for your potential impact. Ironically, you’ll need to enter the last six digits of your SSN to do this.
Once this step has been completed, Equifax says you’ll receive a message as to whether or not your information has been breached. However, as of this writing, many consumers did not receive any type of impact message and Equifax has yet to address these concerns.
You will, however, receive a scheduled date when you can sign up for the TrustedID services. Mark your calendar, because you’ll need to enroll on this specific day. When you do go to enroll, expect to provide the last six digits of your social again, as well as other personally identifying information to help verify your identity.
While we don’t know what the questions will entail, it’s probably safe to assume they’ll be similar to the prompts when you request your report online. This could include information such as your current loan balances or dates certain accounts were opened. It may be helpful to have your various account log-on information on hand when you go to enroll in the TrustedID Premier program.
Once you’ve completed the sign-up process, you’ll supposedly receive an email within a few days, which will contain an activation link for your TrustedID account. Equifax recommends checking your spam and junk folders to make sure you don’t miss this information.
Other Identity Theft Prevention Steps to Take
Equifax’s handling of this security breach feels messy at best. The process to sign up for identity protection services is vague, prolonged, and invasive considering the nature of the attack.
Luckily, there are additional steps you can (and should) take immediately. Here are our recommendations.
Check Your Credit Reports
Take advantage of the free report you get from Equifax. Also, take advantage of the free annual credit reports you get each year if you haven’t done so already. Since the data breach began in May, your information could already have been stolen, sold, and put to use. Make sure your credit information is correct and that damage hasn’t already occurred from this event.
Freeze All of Your Credit Reports
While Equifax is offering a “credit lock” on your Equifax report, consider placing a freeze on all three of your reports. If anyone tries to open a credit card or other financial product using your social security number, the creditor won’t be able to access your report. Since this is a mandatory step for most credit applications, the identity thief should be denied.
This is a step you can take today, rather than waiting days or even weeks to start your Equifax services.
Set Up a Fraud Alert
If your information has likely been compromised in the Equifax incident, you can also implement a free fraud alert on all three of your credit reports. The temporary alert lasts for 90 days and creates extra steps that must be taken for any type of credit change to take place.
If you have proof that your identity has been stolen, you can implement an extended alert that lasts for seven years. You’ll also be taken off marketing lists for prescreened offers for five years.
Enroll in Comprehensive Credit Monitoring
Consider enrolling in a paid credit monitoring service. Equifax’s free services only last for one year and may not start right away. On top of that, it only monitors your credit reports.
Many services also provide access to your credit score. While the two are correlated, it can be helpful to have access to as much information as possible. Many plans also offer assistance with identity recovery if your personal information has been used illegally.
Compared to the drawn-out implications of having your identity stolen, the small monthly fee could well be worth it.
The Equifax data breach is a big deal. The amount of people potentially affected is outstanding — nearly half the country’s population. And because of Equifax’s data collection processes, there’s no specific target. It doesn’t matter where you shop or what websites store your credit card information. Anyone with a social security number could be affected.
And the amount of personally identifying information is extremely alarming. Hackers now have a full suite of information they need to cause a large amount of damage to millions of Americans. Don’t take the chance that you weren’t affected.
Stop what you’re doing right now. Take the steps we outlined above — sign up for Equifax’s services and take some extra measures on your own, like implementing a credit freeze. Check your credit reports and continue monitoring your accounts.
These are steps we should be taking on an ongoing basis. The Equifax breach is a sobering reminder that in a digital world, our information is never truly safe. We can only try to mitigate the damage as best we can, and maintain regular vigilance to ensure we don’t become victims of identity theft.