Equifax has announced that during the period of May 2017 through July 2017, over 143 million American consumers were exposed to a data breach at the company. During this time, hackers gained access to people’s names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers. The hackers were also able to steal credit card information for over 209,000 people, along with dispute documents which contained personal identification information. The hack was not limited to American consumers; roughly 182,000 people in the UK and Canada may have been affected. Equifax will send correspondence by mail to those who are exposed.
The data breach at Equifax was a major breach event. As one of the three main credit bureaus, Equifax’s services are used by Americans on a daily basis. Sometimes this usage is performed behind the scenes without the consumer’s knowledge. Due to the severity of the data breach, we are recommending the following steps for securing your personal data:
- Find out if your information was exposed. Equifax has setup a website for consumers to use to see if their information was exposed or not. Using a secure computer and an encrypted network connection, visit Equifaxsecurity2017, click on the “Potential Impact” tab, and enter your last name and the last six digits of your Social Security number. You may click on the following link for Frequently Asked Questions.
- Sign up for credit monitoring. Whether or not your information was exposed, Equifax will provide US consumers with a year of free credit monitoring with TrustedID Premier.^^ The Equifax site will provide you with a date when you can come back and enroll. Write down the date and on that date return, to the site and click “Enroll.” You have until November 21, 2017 to enroll. Other popular credit monitoring services are Life Lock , CompleteID or Experian. (These may not be free).
- Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open new accounts in your name. A PIN number is assigned and is needed to unfreeze the account when you want to allow someone to check your credit report (i.e. applying for a credit card or loan). Credit freezes may involve fees, based on state law, but in most states they are free for identity theft victims. For non-victims, it costs about $5 to $10 per credit reporting agency each time you freeze or unfreeze your account. Keep in mind that a credit freeze will not prevent a thief from making charges to your existing accounts.
- If you decide against a credit freeze, consider placing a fraud alert on your accounts. A fraud alert warns creditors that you may be an identity theft victim and indicates that they should verify that someone seeking credit in your name is you.
- Check your credit reports. Equifax, Experian and TransUnion allow consumers to request one free credit report per year. See Annualcreditreport.com for details.
- Monitor your existing credit cards and bank accounts closely. If you see a charge you do not recognize, report the transaction to the credit card company or the bank as soon as possible.
- When possible, file your taxes early. Tax identity theft happens when someone uses your Social Security number to get a tax refund or to gain employment. As soon as you have the tax information you need, file your return before a scammer can. Also respond to letters from the IRS immediately.
^^Upon announcing the offer of free credit monitoring, there was some concern about the language in the terms of use agreement. Equifax has since stated, “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident. Enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action.”
The information contained in this communication (including attachments) is legally privileged and confidential information intended only for the use of the individual(s) named above. If you, the reader of this communication, are not the intended recipient, you are hereby notified that you should destroy this communication and not further disseminate, distribute, or forward this communication. If you have received this communication in error, please notify the sender.