What Went Wrong?
On July 29, Equifax discovered that, starting in mid-May, criminals had exploited a vulnerability in a website application. Although management took immediate action to stop the attack, hackers had already gained unauthorized access to millions of consumers’ names, Social Security numbers, birth dates and addresses, along with thousands of credit card numbers and credit dispute documents that contained sensitive personal information. The attack affected individuals in the United States, Canada and the United Kingdom.
Equifax immediately launched a forensic investigation and began working with law enforcement officials to discover the source and scope of the breach. Equifax has also responded by offering a free year of identity theft protection and credit file monitoring to all U.S. consumers.
Has Your Personal Data Been Breached?
Go to Equifax’s website and click on the “Potential Impact” tab to find out if your personal information has been compromised. The website also allows you to sign up for free data protection and credit monitoring services — regardless of whether you were affected by this particular incident.
Important note: The link requires you to enter personal information. So, access it using only a secure computer and an encrypted network connection.
After you request to enroll in the free service, the website will provide you with an enrollment date. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017, to enroll for the free services. In addition to the website, Equifax plans to send direct mail notices to consumers whose credit card numbers or dispute documents were breached.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith, in a recent statement. He added, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
What Should You Do If a Breach Occurs?
If you suspect a data breach, help protect your identity from thieves and minimize losses by taking these steps:
Call the relevant companies if you suspect that a breach has occurred. Ask for the fraud department and explain the incident. Then change log-ins, passwords and PINs to minimize your losses.
Consider freezing your credit. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts, however. Alternatively, consider placing a fraud alert to warn creditors that you may be a victim of ID theft. Fraud alerts are free from all three major credit reporting agencies and last for 90 days. After the 90-day window, you can renew a fraud alert, if necessary.
Obtain free annual credit reports from Equifax, Experian and TransUnion. Identity theft usually results in accounts or activity that you won’t recognize.
ID theft often happens long after your personal information has been stolen, so don’t allow yourself to be lulled into a false sense of security after your initial response. Ongoing credit monitoring is essential. Proactive consumers continue to watch credit card and bank accounts closely for unusual activity. They also file their taxes as early as possible — before a scammer can.
If your personal data was exposed in the Equifax attack or it’s affected by another breach, contact your financial and legal advisors to guide you through the recovery process.