Everything You Need to Know about the Equifax Data Breach
posted Sep 18, 2017 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog
Equifax, one of the three major credit reporting agencies in the U.S., experienced a data breach this past summer that has just been uncovered. Approximately 143 million Americans’ sensitive information was exposed to hackers from mid-May through July. If you have a credit report, you may be a victim.
According to Equifax,
- The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
- They stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
- They snagged personal information from people in the UK and Canada too.
In response to the attack, Equifax established a website for users to both determine if their information was compromised and, if so, provide various credit protection services for a year.
Clients, co-workers and friends have been asking me if they should utilize this service given that, ironically, they are allowing a company that was “hacked” to provide services against hackers. My response is that it depends on what your appetite for risk is and, more importantly, what were you doing prior to this latest breach to protect your data?
What you should be doing already
Let’s face it. We all want to avail ourselves of the latest technologies and automated conveniences. With this ability comes risk. This risk existed before the latest breach and will exist after. As a result, you should already be doing the following:
- Monitoring your existing credit card and bank accounts closely for suspicious activity. Most major credit card services post transactions for your viewing daily. Get in the habit of visiting these accounts daily.
- Considering placing a credit freeze on your files. This makes it harder for someone to open a new account in your name, but it will not prevent a criminal from making charges to your existing accounts.
- Changing your on-line passwords regularly and using different passwords for different websites.
If you want to enroll in Equifax’s monitoring services?
First things first. If your data has been breached, nothing these services provide will eliminate that fact – which is why you should already be monitoring your accounts. Also, it is unlikely that the breached information will be used in the short term with the heightened awareness that currently exists. It is not uncommon for someone not to feel the impact of a breach like this until months or years later.
Below are the steps for enrolling in Equifax’s program, a couple of things to keep in mind prior to enrolling:
- Make sure you’re on a secure computer and an encrypted network connection any time prior to accessing the site. You are about to give out sensitive information so accessing the site from a guest or public WiFi site should not be performed.
- Even if you are accessing from a secure site – be aware of your surroundings. When I completed the enrollment, entry of the social security number was not protected either by blocking out the characters (i.e. with a “*”) or other data input shielding. As a result, a nosy co-worker or other party can see your social security number as you enter.
The steps are:
Step 1: Find out if your information was exposed by visiting Equifax’s website, www.equifaxsecurity2017.com.
Step 2: Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so the site will tell you if you’ve been affected by this breach.
Other things to note
- Whether or not your information was exposed, U.S. consumers have until November 21, 2017 to get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date.
- Visit annualcreditreport.com to check your credit reports from Equifax, Experian, and TransUnion — for free. Accounts or activity that you don’t recognize could indicate identity theft. Call the Federal Trade Commission and report the theft-- 1-877-438-4338.
- You can also consider placing a fraud alert on your files rather than a freeze. A fraud alert warns creditors that you may be an identity theft victim—hence they should validate that anyone seeking credit in your name really is you.
- As soon as you have the tax information you need, file your taxes. Do this as early as possible---before a scammer can.
Protecting yourself from a breach such as this one depends on keeping a watchful eye on your accounts and having this emergency number at your disposal. FTC- 1-877-438-4338. Don’t hesitate to contact us for further guidance.