Equifax Data Breach: What You Need to Know
By now, you’ve heard about the massive Equifax data breach that hit widespread media headlines on September 7th, 2017. Equifax is one of the nation’s three key credit bureaus that tracks and stores individuals’ credit histories, along with a treasure trove of other personal information such as social security numbers.
While the term “data breach” is increasingly becoming more prominent in headlines lately, this breach stands out in particular, not only for the vast number of people affected (143 million people – nearly half the US population), but also because it was publicly handled so poorly by the company. And let’s not forget the fact that this colossal data breach was so easily preventable.
The vulnerability involved an exploit on their website for which a patch was widely available. Equifax discovered this cyber security threat back in March of 2017, but their failure to fix this security risk resulted in their mid-May through July discovery that hackers had stolen a significant amount of personal data from nearly half of all Americans.
What This Means For You
The question remains, what should you do?
Option 1) Verify if you have been impacted
To find out if your personal information has been compromised, Equifax developed a website that is intended to tell you whether were impacted or not.
However, many consumers are rightfully skeptical of the accuracy of this website due to the mixed results that have been witnessed by countless consumers. Some users entered their information in two separate sessions, only to receive “your information may have been compromised” the first time around and a more definitive “your information has been compromised” during a second submission attempt.
Other users are fearful that the information input into their system will be used later on for marketing purposes or perhaps a future exploit within the organization.
Option 2) Freeze your credit
There are pros and cons to freezing your credit and this solution is widely debated as the best course of action for those who fear their information has been compromised in the breach.
On the plus side, if you freeze your credit, no one can apply for credit in your name – including yourself. This could create delays and issues in the event you need to do any of the following within the freeze period.
- apply for a credit card
- apply for a loan
- seek out insurance
- buy or rent a home
- find a job
- contract a utility company
Freezing your credit is far from pressing the “easy button”. You need to contact each of the 3 major credit monitoring agencies when you want to freeze and unfreeze your credit – and there may be fees associated with doing so. Some people are finding this process to result in more problems, such as one man who wanted a credit freeze, but ended up with a $20/month TransUnion service instead.
If you are interested in freezing your credit, here are specific instructions on how to issue a credit freeze or thaw. And here’s what to expect when freezing your credit.
Option 3) Set up a fraud alert
A fraud alert allows a credit-reporting agency to put a warning on your credit report alerting potential lenders to verify the identity of anyone attempting to open an account in your name. Again, there have been mixed reviews on fraud alerts with some people reporting that they were still able to successfully set up a bank account without proper identify validation – even with a fraud alert set in place. Ultimately, it’s up to the lender to follow through on identify verification since a fraud alert is just that – a warning for the lender.
Option 4) Sign up for credit monitoring
You could opt for a paid service such as LifeLock, Identity Guard or EX Shield. LifeLock has reportedly seen a dramatic jump of over 100,000 customer signups since the Equifax news broke. Similar to other options, there are mixed opinions about this approach from industry experts.
Option 5) Closely monitor your bank account, credit cards – and junk mail
If you do nothing else, be sure to pay close attention to your credit cards and bank statements, not just in the coming months, but long into the future.
Also, rather than tossing out junk mail without a second look, take a minute to verify that what appears to be junk mail is not an actual credit card statement for a card you didn’t authorize.
Option 6) Get notified of credit card transactions immediately
Finally, one way to be identified of fraudulent transactions quickly is to set your credit cards to alert you each time a charge appears on your card.
WATCH OUT FOR CONS AND PHISHING SCAMS
With every tragedy, there are going to be those who take advantage of the situation. Be wary of phone or email solicitations from someone posing as a financial or government institution offering their support in resolving your data breach.
You’ll want to be especially cautious if they ask you for sensitive information such as your home address, social security number or credit card number. Rather than take their word for it, always go straight to the institution themselves and verify the validity of their request.
WHAT THIS MEANS FOR BUSINESSES LONG TERM
There’s no doubt this data breach is going to have long-term, far-reaching ramifications, not only for consumers, but also for businesses. Many businesses of all sizes heavily rely on data managed by the three largest credit bureaus (Equifax, Experian and TransUnion).
Businesses make important decisions based on this data within three major areas:
- Credit: Granting loans to consumers.
- Identity Verification: Verifying job candidates are who they say they are.
- Background Checks: Government entities grant security clearances and work-related privileges.
With much of consumers’ most sensitive information freely floating around the dark web, how can any organization make dependable decisions when the data upon which decisions are made has been unleashed to cyber criminals throughout the world?
But wait, can’t businesses rely on the data from the two other major credit bureaus?
Unfortunately, no. Much of the exposed data is essentially duplicated in the credit files within the other bureaus, even if the data they collect has been done so on their own. This means that since Equifax data has been compromised, this calls into question data at TransUnion and Experian as well.
Naturally, consumers are frightened – and furious. Equifax’s response to the breach has resulted in mass confusion leaving consumers suspicious of the company’s offers to remedy their mistakes.
Or, learn more about what's included in a Network Security Assessment here.
WHAT IS EQUIFAX DOING ABOUT THIS?
Now that the dust has settled, here’s Equifax’s promise to you…
Rego Barros, recently appointed interim CEO of Equifax stated in a public apology letter, “By January 31st, Equifax will offer a new service allowing all consumers the option of controlling access to their personal credit data. The service we are developing will let consumers easily lock and unlock access to their credit files. You will be able to do this at will. It will be reliable, safe and simple. Most significantly, the service will be offered free, for life.”
In addition to this, Equifax is extending the window to sign up for free credit freezes with Equifax through the end of January. They are also extending the sign-up period for TrustedID Premier, the complimentary package they are offering consumers through the end of January as well.
Above All Else
The action you take is purely the one that makes sense to you, and provides you with the most peace of mind. But above all else, be cautious, be alert, and be prepared to guard yourself against scams, phishing emails and spoof websites like the one Equifax themselves mistakenly tweeted out to consumers.
Schedule a network security assessment
Request a security assessment below. We'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.