equifax.jpgA huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.  Others in the U.K. and Canada were also impacted, but Equifax hasn’t said how many. The data breach is considered one of the worst ever because of its reach and by the sensitivity of information exposed to the public.

The hackers have accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses. Credit card numbers for about 209,000 U.S. customers were compromised, in addition to “personal identifying information” on about 182,000 U.S. customers.

Equifax (EFX) is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders.   The data breach is among the worst ever because of the amount of people affected and the sensitive type of information exposed.  The company said it found no evidence that consumers in other countries were affected beyond the U.S., U.K. and Canada.

Equifax said the breach happened between mid-May and July 2017.  They discovered the hack on July 29th and promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities.

They reported the breach to the public on September 7th.  They said hackers exploited a U.S. website application vulnerability to gain access to certain files and they are investigating the breach.  New York Attorney General Eric Schneiderman has also launched a formal investigation into the hack.  Consumer Financial Protection Bureau is looking into the breach as well.

Equifax said it will send notices in the mail to people whose credit card numbers or dispute records were breached.   They have also established a dedicated website, www.equifaxsecurity2017.com  to help consumers find out if they have been impacted.  To find out if you are potentially impacted, you can go the website-click on “Potential Impact,” and enter your last name and last 6 digits of your Social Security number.

The company is also offering a program called TrustedID Premier. It says that includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year.  You must complete the enrollment process by November 21, 2017.  Consumers should be aware that buried in the terms of service of this program, is language that bars those that enroll in the Equifax checker program from participating in any class action lawsuits that may arise from the incident.

The best defense against identity theft and credit fraud is to monitor your credit report frequently to check for any suspicious activity, such as accounts you didn’t open, address changes, or anything else that you don’t recognize.

Advertisements