Equifax Data Breach - 143 million Americans affected


Thought Leadership

Equifax Data Breach - 143 million Americans affected

David Pickett

Data Breach Image Data Breach Image

 Equifax Breach Overview

While not the largest breach, it's one of the most severe because of the data compromised.  Equifax, Experian, and TransUnion compiles the most sensitive financial information and safeguards it.  No company is immune to an attack, however, this garnered 143 million American's most important records. Names, social security numbers, birth dates, and addresses all exposed to attackers.  In some instances the criminals were also able to obtain driver's license numbers, credit cards, and dispute documents that contained more personal identifying information.  Due to a website application vulnerability the data was available from mid May - July 29, 2017 when discovered.  A ransom demand for nearly $2.5 million in bitcoin was posted on the dark web when the breach became public, however, the .onion site was fake and has been removed.

 Impacted Equifax Consumers

The 2016 census estimates show around 250 million people older than age 18 in the US - not counting those with no credit history.  If 143 million Americans are affected, this means anyone with a credit history ( >57%) is at risk.  Equifax provides a website for consumers to check at: https://www.equifaxsecurity2017.com.  If affected, you have the option to enroll in their TrustedID Premier service for one complimentary year.  This service provides you with copies of your Equifax report, ability to lock your report, three-bureau credit monitoring, dark web scanning for your social security number and identity theft insurance.

Equifax affected image Equifax affected image

 TrustedID Premier Controversy

One thing to beware of is the terms of service for enrolling in the TrustedID Premier service. By doing so it appears you waive your right to any class-action suits that have already begun being filed.  However, it states if provisions in the "arbitration" section are unenforceable or found illegal then claims will instead be decided by the court.  Most people will probably be better off with the year of credit monitoring but this is something to keep in mind.  Equifax issued a statement clarifying the terms of service does not apply to this incident nor is billing information required to sign up.

Identity Theft Warning Signs Unsolicited calls asking to verify account or personal information. Call a company's known legitimate public number if there is any question. Incorrect or unauthorized financial transactions on credit cards or bank accounts. Mail missing, receiving mail that's not yours, or change of address messages that you didn't initiate. Debt collectors calling for a debt that's not yours. If this happens pull your credit reports to check for any lines of credit you didn't open. Tax return already filed with the IRS by someone else with your social security number. File early, don't wait till the last minute. Social security statements that show unknown earnings. Unknown health insurance bills or unexpectedly reaching plan limits, someone may be claiming treatment on your account. Protective Actions You Can Take "Freeze" your credit reports by contacting all three services.  This prevents access to your report for opening new accounts. Be mindful this could impact job applications, renting/purchasing a home, shopping for insurance, etc... until the reports are unfrozen.  There may be a small charge to freeze your accounts. If you do not accept the free year offer of TrustedID Premier service, consider enrolling in another credit monitoring service.  Other bureaus will charge for this but there are some third-party companies (Credit Karma, etc.) that will monitor it for free in exchange for recommending credit-related products to you. Consider additional fraud protection and identity theft insurance past the typical protections such as freezing accounts and alerts mentioned above.  These companies (such as Lifelock, Identity Guard, etc ...) include identity restoration protection and have teams of people to help cancel fraudulent accounts and clean-up the credit mess aftermath if you become compromised. The time spent cleaning up identity can be more costly than the actual theft itself.