Equifax announced today a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. The company learned about the hack on July 29th, however, September 7th was the first day the company publicly announced the hack.
By exploiting Equifax website’s vulnerability, the hackers were able to acquire names, social security numbers, birth dates, home addresses and some drivers’ license information. In addition, credit card numbers for an estimated 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed, according to the company.
Equifax is one of three nationwide credit-reporting companies that track and rates the financial history of U.S. consumers. Unlike other data breaches, not all of the people affected by the Equifax breach may be aware that they’re customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records. Equifax is mailing notices to people whose credit cards or dispute documents were affected.
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information.
Following the breach, the Federal Trade Commission published a blog post with additional steps for protecting from identity theft. The tips suggested by the FTC include the following:
- Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
- Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
- Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
- If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.