A Breach Too Far: What to do if your data was hacked at Equifax
“Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.”
—“Equifax Says Cyberattack May Have Affected 143 Million Customers,” New York Times
This is a big one.
Data breaches at sites like Yahoo or merchants like Target are bad enough, exposing email addresses, passwords, and other private account information. But this summer’s attack on Equifax—one of the three major bureaus that compile (and safeguard) your credit reports—could hand thieves something more valuable: the most sensitive data from your credit report, including your Social Security number. It’s the sort of information that cybercriminals can use to steal your identity, open a credit card in your name, and charge thousands of dollars.
Federal law often saves people from having to pay fraudulent charges resulting from identity theft, but your credit report and score could still suffer. It’s time to set up some defenses, if you haven’t already.
In the wake of this enormous breach, Equifax created a website, equifaxsecurity2017.com, where you can see if your data has been compromised. All you have to do is provide your last name and the last six digits of your Social Security number—and out pops the good or bad news. Try it. It’s possible that your information was spared, even with 143 million accounts affected. Note that the site also offers a sort of olive branch: complimentary credit monitoring. Skip that.
“The fact that the breached entity (Equifax) is offering to sign consumers up for its own identity protection services strikes me as pretty rich,” cybersecurity journalist Brian Krebs writes on KrebsonSecurity.com. For one thing, he writes, this may be a way for Equifax to profit off its incompetence. The service is free for one year, after which the company could try to sell you additional coverage. And then there’s this: “Credit monitoring services rarely prevent identity thieves from stealing your identity,” Krebs writes. “The most you can hope for from these services is that they will alert you as soon as someone does steal your identity.”
In other words, it’s often hard to tell if your identity has been stolen until it’s already happened. So, what should you do if you’re one of the unlucky 143 million? Your best defense is to stay vigilant. Here are four ways to monitor your finances for signs of criminal activity.
- Check all three of your credit reports via annualcreditreport.com for free once a year. Don’t forget to check your kid’s credit report, too, if you suspect foul play,
- Set up alerts for your bank and credit accounts.
- Sign up for free credit monitoring through sites like CreditKarma.com.
- Keep a lookout for anything unusual. There may be an unexpected call from a debt collector asking about an account you’ve never heard of, or an alert on your phone showing an inexplicable credit card charge. Red flags like these might suggest that you’ve been a victim of identity theft.
If your identity has been stolen, you’ll need to visit IdentityTheft.gov to learn the next steps for reporting the crime and fixing the damage.
Sen. Mark Warner of Virginia, who is vice chairman of the Senate Intelligence Committee, said the scale of the hacking “represents a real threat to the economic security of Americans,” and suggested Congress should reconsider data-protection policies so large companies like Equifax [as well as Experian and TransUnion, the other two major credit bureaus,] “have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans.”
For more on identity theft and what to do if you fall prey, check out Chapter 3 of my book Get a Financial Life.