One of the Largest Data Breaches in US History May Affect You

Equifax is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders – often without you knowing. The information it has about you determines whether you get mortgage loans, credit cards, auto loans, etc. It is critically important personal and private information about you that can also allow someone else to create an account in your name or steal your identity.

In September, more than a month after the company discovered it, Equifax revealed that it had experienced one of the largest breaches of information in U.S. history. Between May and July of this year, more than 143 million people’s most personal information, including social security numbers, birthdates, addresses, driver’s licenses and phone numbers were accessed by criminal hackers leaving almost two out of five Americans at risk for fraud. [1]

Initially, Equifax offered free identity theft protection and credit file monitoring for those whose information had been compromised, but it included a stipulation. You would not be able to sue later, instead you would be forced to take disputes to arbitration. And you could opt out of that provision only if you notify the company in writing within 30 days.

New York Attorney General Eric Schneiderman asked the company to remove the clause as he opened an investigation. It was revealed that three senior Equifax officers had sold off $1.8 million in holdings after the intrusion was discovered in July and before they released the information to the public. Equifax has now dropped the arbitration clause. [2]

A proposed multibillion-dollar class action lawsuit has been filed. All told, Equifax could be facing as much as $70 billion in claims. “We are witnessing uncharted depths of corporate duplicity, as Equifax is now targeting its victims” by using “stealth arbitration agreements,” said one of the attorneys filing suit. Hopefully this “conduct will finally spur Congress to protect victims of identity theft by stopping corporations from using poison pill arbitration clauses to deprive victims of their day in court.” [3]

What You Should Do:

Below are the Federal Trade Commission’s instructions on how to handle this. In past days this site was down but is now up and operational. This is most likely the result of the flood of visits to the site and the number of callers trying to reach them.

The first step they recommend is visiting Equifax’s website: https://www.equifaxsecurity2017.com. You can also call (866) 447-7559 for customer service and they will walk you through this process.

To find out if your information was exposed, click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll.

You also can access frequently asked questions at the site. Here are some other steps to take to help protect yourself: Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. You should be able to view every account open in your name.  If there are accounts or activity you don’t recognize, that could indicate identity theft. Visit IdentityTheft.gov to see what steps you can take next.

Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.

Monitor your existing credit card and bank accounts closely for charges you don’t recognize.

If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.

File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS. [4]

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

(Note: All of the “what to do” information at the bottom of the blog is from the Federal Trade Commission website: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do)


[1] http://money.cnn.com/2017/09/08/technology/equifax-hack-qa/index.html

[2] https://www.bloomberg.com/news/articles/2017-09-08/equifax-s-hacking-nightmare-gets-worse-thanks-to-arbitration-clause

[3] https://www.bloomberg.com/news/articles/2017-09-08/equifax-s-hacking-nightmare-gets-worse-thanks-to-arbitration-clause

[4] https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.gov/blog/2017/09/equifax-data-breach-what-do