The credit score provider Equifax announced Thursday that the personal information of more than 143 million U.S. customers were accessed by hackers between May and July.
Hackers reportedly gained access to the names, Social Security numbers, birth dates, addresses, driver’s license numbers, and other private information of millions of Equifax customers. The company also admitted it exposed credit card numbers of 209,000 customers. Yikes!
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said CEO Richard Smith in a statement.
Cybercrime experts are already calling this one of the largest data breaches in the United States history. With that in mind, we thought it’d be a good idea to breakdown the details of this hack to help those that may have been affected.
What is Equifax?
The company is one of the three largest American credit agencies, and it gathers information about you — without you even knowing — from credit card companies, banks, and other lenders.
“The company organizes, assimilates and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, and its database includes employee data contributed from more than 7,100 employers,” according to the company website.
The site adds that the company “empower[s] individual consumers to manage their personal credit information, protect their identity, and maximize their financial well-being.”
Equifax has been around since 1899 and has essentially become the backbone of the consumer credit reporting industry. According to the U.S. Census Bureau, the population of the country was about 324 million in 2017, meaning that the Equifax data breach affects 44% of Americans.
How can you find out if you’re part of the Equifax data breach?
There aren’t many good options, frankly. Equifax has set up a special website — equifaxsecurity2017.com — to help customers figure out whether their information was compromised. The only glaring problem with this method is that the site asks you to give Equifax even more personal information.
The site first asks for your last name, then the last six digits of your Social Security number. The site claims after you’ve submitted your information that you’ll receive a message telling you whether you’ve been affected.
It doesn’t say how you’ll receive that information or when before you hand over more information. Good grief! But customers who did wearily plug in the requested details have reported receiving messages within the webpage stating they either weren’t or may be impacted. Some customers said they were also directed to click a button to continue enrollment in the credit monitoring service. Monday is the first day to sign up, according to CNN Money, but people are getting later enrollment dates. As of Friday, a Sept. 14 enrollment date was being generated. Customers must visit a special website to enroll on their assigned date and have until Nov. 21 to sign up.
Another sketchy aspect to using an online portal is that there’s been an influx of fake websites set up to phish personal data from concerned Equifax customers.
A Pastebin site lists more than 340 fake websites that could potentially be used to target Equifax customers through phishing.
For now, you might want to hold off on actually submitting any more personal information to third-parties or credit companies.
What are the next steps?
Regardless of whether your personal information was affected by the breach, Equifax suggests customers sign up for credit file monitoring and identity theft protection.
Equifax is providing free credit monitoring for a year through TrustedID Premier. The service focuses on services such as credit file monitoring, credit report locking, Social Security monitoring, and identity theft insurance underwritten by the American Bankers Insurance Company of Florida. You might also want to consider paying for additional years of credit monitoring if you’re really concerned.
If you sign up for the credit monitoring service, you must agree to submit any complaints about the free credit file monitoring and identity theft protection products to arbitration and waive your right to file a class action lawsuit. The arbitration clause doesn’t apply to the “cybersecurity incident,” according to Equifax’s frequently asked questions.
How can you protect yourself in the future?
It’s hard because you essentially have to trust that companies like Equifax will keep your data safe — and there’s not much you can do about it.
One easy step you can take is to keep a close eye on your personal finances. Watch for things like credit applications filed on your behalf or other strange behavior.
If you believe you’re a victim of identity theft, you can file a complaint with the FTC. You should also act fast because thieves can damage your credit status and cost you lots of time and money to restore your good standing with credit agencies. It’s an imperfect system, but unfortunately, it’s one we’re all stuck with.