Equifax breach exposes 143M: What you need to know

Sept 08, 2017
Graduate student Capt. Eddie Caberto uses a driving simulation game and automobile network parts to research hacking vulnerabilities at the Air Force Institute of Technology Center for Cyber Research at Wright-Patterson Air Force Base. TY GREENLEES / STAFF

In what is being called one of the largest exposures of sensitive financial data in years, Equifax Inc. — one of the biggest consumer credit reporting agencies — acknowledged Thursday it suffered a “cybersecurity incident” that could affect about 143 million U.S. consumers.

Unauthorized access to the company’s data took place from mid-May through July this year, Equifax said in a statement.

“The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers,” the company said. “In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”

RELATED: New cyberattack rule looms over federal contractors

The company said it “discovered the unauthorized access” on July 29 this year and “acted immediately” to deal with it. The first public announcement on the breach was Thursday.

“Why they waited three months is beyond me,” said Shawn Walker, co-founder and vice president of Miamisburg-based Secure Cyber Defense LLC. “That’s a poor instant response. That’s a PR nightmare that they don’t want to deal with.”

RELATED: UD, Premier team up to create cybersecurity center

Walker said the first step for consumers is simply not to panic.

Equifax is notifying those whose data may have been compromised. “Look out for the notification from Equifax.” he said.

“No. 2, is obviously watch your credit,” he added. “Watch your bank account, watch your (credit card) statements. … You have to watch your finances.”

After a breach like this, hackers can start using stolen data pretty quickly. “As a matter of fact, it’s to their benefit that they do.”

That is especially true now that the breach is public knowledge. “There’s a very good probability that that information has already” been used somehow already, Walker said.

A change in Ohio law allows residents to contact credit bureaus to “freeze” their credit, so that “queries” — or examinations of credit worthiness and other intrusions — cannot be launched against it.

Credit-freezing can be a good step, Walker said.

Nick Clements, co-founder of personal-finance company MagnifyMoney, advised consumers to visit the Equifax Security web site. There, visitors can enter last the six digits of their Social Security numbers to see if they have been impacted.

“If you have been impacted, take advantage of the free monitoring systems” that Equifax is offering those affected, Clements said.

He also advises people to visit this Federal Trade Commission web site.

Finally, Clements believes situations like this one may become the new normal.

“We all need to get used to the fact that our information will get stolen” at some point, he said. “We just need to stay calm and don’t panic.”

He advised anyone worried about the issue to sign up for free credit monitoring.

The Ohio Attorney General has provided these tips for consumers:

Tips for affected consumers include:

• Check your credit report. Monitoring your credit report can help you identify signs of potential identity theft. You are entitled to one free credit report per year from each of the three major credit reporting agencies. Visit www.AnnualCreditReport.com to access those reports. You can pull all three at once, or you can stagger pulling your reports throughout the year.

• Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies — Experian, Equifax, or TransUnion — to place an initial fraud alert, which will stay on your credit report for 90 days. The alert is free of charge and will make it more difficult for someone to open credit in your name.

• Consider placing a security freeze on your credit report. A security freeze essentially puts a lock on your credit so that most third parties can’t access your report. This helps protect you from unauthorized accounts being opened in your name. In Ohio, security freezes are permanent until you lift them. You can be charged a $5 fee per credit reporting agency to place or remove a freeze. Contact each credit reporting agency separately to place a freeze. Note that Equifax is offering a free “freeze” for one year with enrollment in their TrustedID program; however, this will not freeze your reports at Experian or TransUnion.

• Beware of scams related to the breach. Con artists may pretend to have information about the breach or they may falsely claim to want to help you. Some calls or messages may be scams designed to steal your money or personal information. Don’t give out personal information to those who contact you unexpectedly (even if they say they want to help you) and be wary about clicking on links or downloading attachments in messages.

• Monitor your bank accounts. Look for suspicious activity. If you find errors, immediately notify your bank or credit provider.

• When it’s tax season, consider filing early. File your taxes as soon as you have all of the information necessary to file so that there is less of a chance for someone to fraudulently file on your behalf. This is especially important if you know your information has been compromised.