The data breach that Equifax reported on Thursday was maybe the most severe breach in several years. And the reason is? Well, three was a ton of extremely sensitive data that is now in the hands of who knows what kind of people. Specifically, the breach exposed full names, Social Security numbers, birth dates, addresses, and in some cases driver license numbers. Essentially, any data that is used by a bank or an insurance company (for example) to verify that you are who you say you are, is now out there. Often times, these types of security hacks are exposed by human weakness. But in this case, the hackers exploited a security flaw on the Equifax website.
With everything going on in the world, this is an extremely scary prospect. Who exactly has this data? What will they do with the data? What kind of responsibility is Equifax going to take? And will that even matter? I don’t want to scare anyone, but this is an extremely open ended question. Not necessarily because it was commissioned by a particular organization. But because of who could now buy the information. And like I said, what will they do with it? The big fear is identity theft, and then that, of course, potentially leading to credit issues.
The breach affects approximately 143 million people in the United States. Which is approximately 44% of the population. But when you remove children and people who don’t have credit histories, that number becomes even higher. Which means, well over half of all residents of the United States, who rely the most on bank loans and credit cards are at a significantly higher risk of fraud. And that’s going to remain that way for years to come.
I’m not sure what’s worse – the breach itself or the way Equifax has handled the situation. It took them more than five weeks to disclose the data loss. Five weeks! Maybe I spoke too soon. Worse than all of that is the fact that three Equifax executives were allowed to sell more than $1.8 million in stock, merely days following the discovery of the breach. Equifax indicates that the executives weren’t aware of the breach at the time of the sale. But the fact that they were allowed to sell their stock, gives the appearance of wrong doing, and suggests that they didn’t move fast enough to contain the damage.
Equifax has set up an online tool that lets consumers check to see if they were part of the data breach. But the ironic part about it all is that it requires that you enter more personal information. Like your Social Security number. And it results in some really vague, inconclusive statements. So, if that doesn’t make you feel confident, you can also call Equifax: 866-447-7559, but you will likely have to verify yourself in the same manner.
If you want immediate results, however, you can go to the online tool and click “Begin Enrollment”. Do NOT click Continue Enrollment. According to the terms of service, enrolling in TrustedID will waive your rights to legal representation, including participation in any class-action lawsuits.
Here’s what you need to know:
- When you begin, you will be asked to provide your last name and the last six digits of your Social Security number.
- Based on that information, you will receive a message indicating whether or not your personal information may have been impacted by this incident. Regardless of whether your information may have been impacted, Equifax will provide you the option to enroll in TrustedID Premier.
- You will receive an enrollment date. You should return to their site and follow the “How do I enroll?” instructions below on or after that date to continue the enrollment and activation process. The enrollment period ends on Tuesday, November 21, 2017.
What should you do if your data has been part of the breach? Monitor your credit. You can sign up for Equifax’s free TrustedID Premier service which is a credit monitoring service and is currently free. But, if you do enroll it precludes you from participating in a class-action lawsuit against the company. The other thing you can do is to place a credit security freeze. This does not affect your credit score and it will not impact prescreened credit offers. In order to place a security freeze, you must request a security freeze with all three credit bureaus: Equifax, Experian, Transunion. The catch with this one, is that it’s not free. The fee varies from state to state, but it shouldn’t cost more than $10 per credit bureau.
The other thing you can do is to stay vigilant. I know, this is easier said than done. But keep an eye on your bank accounts for any suspicious activity. Set up alerts on your bank account for unusual activity.
Equifax has said that it will mail out notices to consumers who may have been impacted. This is a breach of incredible magnitude. Are you going to use Equifax’s tool to see if you’ve been impacted? It’s kind of ironic, don’t you think? Log into our system with your sensitive information so we can tell you if your information was stolen. But at least they’re doing something. Albeit several weeks too late. Could the information have been sold already? Could the information have been used for identity theft in the last 5 weeks? I will be interested to see what action people who have been impacted will take. Will there be a class action lawsuit? If not, what will Equifax do to make up for the breach? So many questions, so few answers right now.