The Equifax Data Breach

On September 7, credit reporting agency, Equifax, dropped a consumer bombshell. It revealed that cybercriminals had gained access to the personal information of as many as 143 million Americans between May and July – about 44% of the U.S. population. The culprits were able to retrieve roughly 209,000 credit card numbers, in addition to many Social Security and driver’s license numbers.

How can you find out if you were affected? Visit equifaxsecurity2017.com, the website Equifax just created for consumers. There, you can enter your last name and the last six digits of your Social Security number to find out, but the information provided by Equifax as to whether you are affected by this breach is vague at best.

If you are among the consumers whose data was hacked, Equifax will ask you to return to equifaxsecurity2017.com to enroll in their credit monitoring product, TrustedID Premier. This program will provide you with free credit monitoring for a year, but keep in mind that by signing up for TrustedID you are potentially giving up your legal rights in a class action lawsuit. In order to opt-out of this arbitration clause, you must notify Equifax, in writing, within 30 days from the date of your enrollment that you want to be excluded from the arbitration provision. 

How should you respond? Beyond simply taking Equifax up on its offer of one year of free credit monitoring, you can take other steps.

Check your credit reports now. (Unless you have already done so in the past month). You can get one free credit report per year from Equifax, TransUnion, and Experian. To request yours, go to annualcreditreport.com. Scrutinize your credit card and bank account statements for unfamiliar activity, and sign up for email or text alerts offered by your bank or credit card issuer(s), so that notice of anything suspicious can quickly reach you.

Change the password for your main email account. A weak password on that account is a low bar for hackers to hurdle – and once hurdled, that crook could potentially pose as you to change the passwords on your financial accounts. You may also want to consider adding an additional layer of security with dual authentication features such as security questions, security codes, etc.

Regarding bank, investment, and credit card account passwords, avoid the obvious. Too many people use simple passwords based on their pet’s name, their last name and year of birth, the high school they attended, etc. Sadly, these same simple facts are often answers to security questions for credit card and bank accounts. Ask your bank or credit card issuer if you can use additional, random words or a PIN for passwords or security question answers. That way, you can avoid logging in using data that is in the public record. You want your password to be long and random, to make it harder for a would-be thief to guess.

You may want to consider paying for additional identity theft protection for years to come. This is one way to try and shield yourself from the unauthorized use of your Social Security number, driver’s license number, email accounts, and credit card numbers.

If someone calls you out of the blue claiming to be from Equifax, do not cooperate with them. Unless Equifax is returning your call, they will not contact you by phone. The same applies if you get a random, unsolicited email or text from “Equifax” – do not comply, or you may inadvertently hand over personal information to a fraudster. Stay vigilant, today and in the future.