And the award for ‘Worst Leak of Personal Info Ever’ goes to….Equifax!
This Equifax breach is among the worst data breaches seen so far as it may have exposed as many as 143 million Americans personal and financial data – including social security numbers.
Data breaches have become familiar news items, but not all data breaches have the same impact. If the data breached is just your contact information, that will have little to no effect on your life, but you social security number? That is among the worst information that can be compromised. Social security numbers cannot be changed and can allow thieves to open new credit lines in your name.
Since Equifax is one of the three main organizations that calculates credit scores, it has access to a huge amount of personal and financial data. The breached information includes not only social security numbers, but also names, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers.
The attackers were able to break into Equifax’s systems by exploiting an application vulnerability to gain access to certain files. The data breach was discovered on July 29th and disclosed September 7th. The company says that the hackers had access to the information from mid-May through July, which means your information may already be compromised since it has been at least six weeks since they got their hands on it. Attackers in scenarios like this often move quickly although with information like social security numbers, attackers could wait years to use the information since social security numbers do not change.
This breach could affect more than half of the adult U.S. population for years to come.
How can you protect yourself?
Be on Alert: Check your bank statements and credit reports immediately for any irregular activity. Then keep checking – regularly. Because of the nature of the compromised information, criminals could wait years to open new accounts or make charges since Social Security numbers do not change.
Place a Free Fraud Alert: This lasts for 90 days and requires lenders to verify your identity before it issues credit. It is free, but must be renewed every 90 days. To do this, just call one of the credit card bureaus and ask for an initial fraud alert:
Consider a Credit Freeze: Freezing your credit reports restricts access to your credit report, which makes it more difficult for identity thieves to open new accounts in your name. Most creditors need to see your credit report before they approve a new account. This will not stop criminals from making charges to your existing accounts, only from making new accounts.
However, freezing your credit will also make it difficult for you to open new accounts and is not free. If you are opening a new account, applying for a job, renting an apartment, or buying insurance, the credit freeze will need to be lifted temporarily. It is recommended to freeze credit reports at all three of the major bureaus: Equifax, TransUnion, and Experian. Credit freezes do cost money to place and remove, typically $3 to $10 for each action.
Consider a Credit Monitoring Service – But Maybe Not Equifax’s: Third party services like IDShield or LifeLock track more than your credit file to spot suspicious activity and typically bundle in assistance to help victims handle credit problems. These are paid services, but may be a better alternative to Equifax’s which has fine print and did just get breached.
What’s Equifax Doing?
Equifax is offering a website where you can check if you are one of the 143 million whose data may have been compromised at www.equifaxsecurity2017.com. The site also lets consumers enroll in a free year of TrustedID Premier, a credit monitoring service.
However, these may not be as helpful as they first seem. In order to check whether your data has been compromised, you must enter the last six digits of your social security number as well as your last name. Entering two-thirds of your social security number on a website that just had a breach of this caliber seems questionable.
Equifax has also included some sneaky waivers in their Terms of Service for TrustedID Premier. Signing up for your year of free credit monitoring service will waive your rights to sue Equifax in a class action suit. Be aware that TrustedID Premier is operated by Equifax, so after your year of free credit monitoring expires, Equifax stands to profit when it begins charging for the service.
Please remember our expertise lie in IT and technology, our advice on what to do are suggestions. For more information, here are some resources:
To report identity theft: https://identitytheft.gov/
Information on freezing your credit: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs