On Sept. 7, the credit reporting agency Equifax announced that hackers had broken into its computer network, exposing the personal information of up to 143 million U.S. consumers — nearly half the country.
At first Equifax reported that the hack happened between May 13 and July 29. But The Wall Street Journal reported that the cyber-thieves may have entered Equifax’s computer systems as early as March.
Equifax is one of the nation’s three major credit reporting agencies (along with Experian and TransUnion). It gathers and stores information used to create credit scores for consumers doing business with any company that lends money—such as a credit card firm, bank, or mortgage lender.
What kind of personal information was exposed to the hackers?
It appears the data exposed includes Social Security numbers, birth dates, addresses and some driver’s licenses. Equifax also said the breach included credit card numbers for about 209,000 consumers and “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”
Was my data compromised?
Go to Equifax’s website and enter your last name and the last six digits of your Social Security number to find out if your personal data may have been exposed. (The author did, and Equifax said: “Based on the information provided, we believe that your personal information may have been impacted by this incident.”)
What do I do if Equifax says my data may have been compromised?
Act, but don’t panic. If Equifax says your personal information may have been impacted, remember that doesn’t guarantee you’re going to be a victim of identity theft. It’s hard to say how many people will be harmed by this data breach in the end.
But even before the Equifax debacle, identify theft was a big problem. According to National Public Radio and Consumers Union, here are some things you can do:
- Request a free credit report at AnnualCreditReport.com. You have a right, guaranteed by federal law, to a free report every 12 months from each of the three major credit reporting companies. AnnualCreditReport.com is the official site where you can do that.
- Monitor your accounts for any unusual activity. Watch for red flags of potential fraud: Accounts on your credit reports that you didn’t open, incorrect personal information on credit reports, and credit inquiries from companies you’ve never contacted.
- Place a security freeze on your reports at Equifax, Experian, and TransUnion. That makes it more difficult for a thief to open a new account in your name. (Unfortunately, it can’t stop a crook from altering your existing accounts.) Know that there is likely to be an annoying fee (typically $5 to $10) for placing and lifting a freeze on your reports. The Federal Trade Commission (FTC) has a helpful article on the security freeze, and the difference between that and a fraud alert. (It may not be easy to get a freeze right now. Watch what this CNN reporter experienced.)
- Activate two-factor authentication on your accounts, such as email, mobile banking, and savings. It adds an extra layer of protection.
- Learn as much as you can. This article is a good start, but it’s not an end. Knowledge is power, so read everything you can on the Equifax breach, and learn more about protecting yourself. Don’t let the hackers win.
Please make sure to use CUB’s Action Network to tell Congress to hold Equifax executives accountable and pass stronger data privacy protections.