Security breaches of major companies are unfortunate but happen from time to time. Most of the time, you can protect yourself by changing your password for the affected service or applying an update.
But a recent security breach against Equifax, one of the three major credit reporting agencies in the United States, is much more dangerous than a run-of-the-mill attack. Here's everything you should know about the Equifax breach and what you can do to protect yourself.
Equifax Was Breached?
Around 143 million people in the United States have had their personal information leaked thanks to a security breach at Equifax. Along with Experian and Transunion, Equifax is one of the three major credit reporting companies in the USA. Anyone who has a line of credit -- like a credit card or a home, student, or auto loan -- has their information registered with Equifax. This means that virtually every American adult was affected by this data breach.
We recently discovered a cybersecurity incident involving consumer information. Once discovered, we acted immediately to stop the intrusion.
— Equifax Inc. (@Equifax) September 7, 2017
And the stolen information isn't minor, either. The hackers gained access to Social Security numbers, birth dates, home addresses, driver's license numbers, and credit card numbers. These bits of information could easily be used to steal someone's identity. According to Equifax, the attackers had access to the data between May and July of 2017. They discovered the issue on July 29, but didn't share this with the public until September 7.
The exact details of how the breach occurred are unknown at this time. However, this event will likely result in a deep investigation as three executives at Equifax sold their shares right after the company discovered the hack. They claim that this had nothing to do with the breach, but their actions could result in prosecution for insider trading if that's the case.
How to Protect Yourself
Through no fault of your own, you and most other American adults now have to deal with the fact that key information about you is out there and could be used to steal your identity. You can take a few steps now to keep yourself safe.
The first step everyone should take it placing a temporary 90-day fraud alert on your credit file. This is free and requires a lender to contact you if anyone applies for credit using your name. You can read the government's info about this, then go through the brief process with any one of the three companies and it will apply to all three. Since Equifax clearly isn't trustworthy and Transunion requires you to sign up for an account, you might prefer to do this through Experian.
You can view your credit report at the government-mandated website AnnualCreditReport free once every 12 months. It's wise to review this and make sure that you don't find any incorrect information or potential signs of identity theft.
Place a Credit Freeze
To go further, you can place a security freeze on your file with each of the three agencies. This will completely prevent anyone from accessing your credit file when you try to create a new line of credit. Of course, this also applies to you. So you'll need to temporarily unfreeze your report in the future when you're legitimately using it.
You'll need to place a freeze on your report through each of the three agencies individually. In most states, this costs $10 per company. You'll need to set a PIN when freezing your accounts. Don't lose it, as this PIN is the only way to thaw your accounts. Use each company's site to do so:
By freezing your accounts, you can block someone from using your identity even if they have your information. In the coming months, be sure to keep an eye on your credit card and bank statements to make sure there's no foul play.
Further Equifax Slip-Ups
You'd think that Equifax would immediately set out to right this massive problem, but unfortunately they've committed a few extra blunders. The first problem was waiting over a month to alert the public of this issue.
Equifax then set up an online tool that tells you if you were a victim of the breach. You must enter the last six digits of your Social Security number and your last name to use it. However, in recent days, it's been found that this tool is providing nonsense results. It's thus unreliable and you shouldn't trust it.
Equifax was seemingly using this tool to get people to sign up for its TrustedID Premier service, which is supposed to protect your identity. However, it warned that doing so would void your right to participate in a class-action lawsuit against the company. Plus, we don't think many people would trust an Equifax tool when they clearly have security problems.
Yet another problem came when people started freezing their credit reports. Equifax allows you to choose a PIN or have the system randomly generate one for you. As it turns out, the "random" PINs were actually time stamps. So if you froze your report at 1:15 PM on September 10, your PIN would be 0910171315. This greatly reduces the security of these PINs as the time stamp eliminates many possible combinations and makes them much easier to guess. Thankfully, Equifax has announced that it will address this issue.
A Personal Security Nightmare
Equifax leaking this information thanks to a security attack affects nearly every adult in the US. It's a shame that this happens even though you never chose to provide your information to this company. Additionally, having to pay a total of $30 to freeze your accounts and protect your identity -- including paying $10 to the company responsible for this whole mess -- is frustrating.
Thankfully, freezing your accounts is a huge step in preventing identity theft. Hopefully, we'll soon learn who the perpetrator was in this breach and Equifax will learn from it. For now, though, you should at the very least set up a 90-day fraud alert so you know if someone tries to steal your identity with this leaked information. As always, staying vigilant is vitally important in keeping yourself safe.