A major data breach has occurred within the credit bureau Equifax, the result of a intricate hack. Multiple reports from various news outlets indicate that at least 40% of Americans may have been affected by this breach, with hackers potentially having stolen 143,000,000 social security numbers, phone numbers, birth dates, addresses, driver’s licenses, and credit card numbers. Consumers in UK and Canada are also said to have had their data stolen, including the theft of credit card numbers for 209,000 consumers, as well as documents with personal information used in disputes for 182,000 consumers. The hack is said to have occurred between May 2017 and July 2017. Equifax discovered the hack on July 29th, but did not go public with this information until FIVE WEEKS later, on 9/7/2017. Therefore it is important that consumers act on this alert ASAP.
HOW TO FIND OUT IF YOU WERE AFFECTED: Do NOT follow any third party link to Equifax’s website you may come across online. Go directly to Equifax’s website by typing the URL into your browser. Ideally, you should use a secure, personal computer network, not your cellular phone. Click on the top banner on the lead page of Equifax’s website and follow the prompts. Before entering in any personal information into the website, be sure to close out all browser tabs and clear your history and cache completely.
WHAT TO DO IF YOU WERE AFFECTED: After entering some light personal information into Equifax’s website, a pop up message will appear. If the message states that you were potentially affected, call all 3 credit bureaus immediately and freeze your credit until Equifax can provide consumers with more information on the breach. You can also freeze your credit online by visiting all 3 credit bureaus’ websites and utilizing their online tools. The fee is $10 to freeze your credit on each reporting agency (a total of $30). The freeze takes effect immediately, lasts up to 7 years, and can be lifted whenever you choose. While there is an additional $10 fee (a total of $30) to unfreeze your credit, it’s worth it for your peace of mind. You can also find a credit monitoring agency and sign up for at least one year’s worth of monitoring. Do not click on links sent to you via email that claim to be from Equifax, as these could be phishing links. Equifax will send you paper mail if you have been affected by the breach. Change your passwords and enable two-factor authentication whenever possible to prevent your accounts from being hijacked by hackers. Check your credit card and bank accounts, as well as other financial accounts to verify all transactions. (These suggestions came from a friend of mine who is head of security at a major corporation.)
WHAT **NOT** TO DO: Do NOT enroll in Equifax’s TrustedID, even though they offer this option free for one year. This will waive your rights to sue Equifax in a court of law or participate in any class action lawsuits that may arise in addressing any personal damage you may incur or may have already incurred as a result of this breach. (Your forfeiture of your rights is made clear in the fine print should you accept Equifax’s offer for free credit monitoring through TrustedID.) Find another credit monitoring agency separate from Equifax if you feel so inclined to double up on your credit protection.
At present, Equifax is dodging all questions posed by consumers and news outlets, likely in an attempt to minimize the brutal legal ramifications that are sure to come as a result of their incompetence. (I smell at least one class-action lawsuit in the works!) Not only due to Equifax’s negligence and failure to report this breach to consumers in a timely fashion, but also in response to news reports suggesting that 3 top executives from Equifax sold stock they held in the company mere days after Equifax discovered the breach! Don’t wait for your livelihood to be compromised or destroyed before acting on this alert! Be proactive and protect yourself as best as you can.