Equifax, one of the three giant credit-scoring agencies on Thursday announced that hackers had broken into a trove of personal data that could potentially affect some 143 million U.S. consumers.
“The information primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers,” Equifax said in a statement. “In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
In other words, this is a Big One – a Category-5 breach in the world of data breaches, to borrow a hurricane metaphor. The hack exposed the sort of personally sensitive information that in the hands of criminals allows them to engage in identity theft, fraud and blackmail.
“If you have a credit report, chances are you may be in this breach,” Pamela Dixon, executive director of the nonprofit World Privacy Forum, told The New York Times. “The chances are much better than 50 percent.”
What you should do now
Equifax has provided a site where you can find out if you have been impacted by this incident. Click here and then click on the red “Check Potential Impact” link, and follow directions. It takes just a second to enter the required information and get a result.
My result: “Based on the information provided, we believe that your personal information was not impacted by this incident.” (Phew.)
Whether it says you were affected or not, Equifax is also offering to enroll you free-of-charge for a credit file monitoring and identity theft protection program, which includes:
… 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year.
That only requires a single click on “Enroll.”
The Equifax breach, was first detected on July 29, according to the Atlanta-based company, which then launched its own investigation, and continues to work with law enforcement. The cyberattack was not as large in scale as the one hitting Yahoo in 2016, but the threat to consumers is far more severe because of the nature of the data, The Times noted.
The event, “strikes at the heart of who we are and what we do,” said Equifax Chairman and CEO Richard F. Smith, in an apology to customers.
“I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
What you should do next
This is a reminder that, even if you dodged this bullet, you also must not be complacent.
“When breaches like these happen, consumers need to be diligent — and not just in the short term,” says Matt Schulz, senior industry analyst for CreditCards.com. “Just because nothing looks amiss on your bank statements or your credit report now, that doesn’t mean you haven’t been compromised. Bad guys can be very patient, so it’s important to keep an eye out long after this story fades from the headlines.”
He urges checking your online bank statements and credit card statements on a regular basis, “ideally weekly.”
If you see suspicious activity, the Federal Trade Commission urges you to report it immediately. You can do so by clicking here and following the instructions on the FTC website.
Also review how you use the internet, security features on your computer and other ID theft prevention measures. For a guide, check out: “10 Ways to Protect Yourself Against Identity Theft” and “How to Keep Your Computer and Tech Safe in 2017.”
Have you suffered ID theft or cyberattack? Share your experience, and your solution with us in comments below or on our Facebook page.