Another day, another data breach. As you’ve probably heard by now, credit-monitoring firm Equifax has been breached, exposing the records of up to 145 million Americans—roughtly half of the US population. In this post, I’ll attempt to answer the most pressing questions about the Equifax hack.
Equifax, one of the three major credit reporting agencies in the United States, has been hacked. Details of the breach are unknown, but the company has disclosed that attackers had successfully compromised its systems and have potentially accessed personal identifiable information of more than 143 million consumers.
What was compromised?
Potentially compromised data includes the Social Security numbers, birth dates, and addresses of 143 million Americans. The breach also affected some driver’s license numbers, according to Equifax, though the company did not say how many were compromised, or who they belong to. Credit card numbers for roughly 209,000 U.S. consumers, were also affected, as well as “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”
Who was affected?
As noted above, 143 million Americans—nearly half the population—were affected in the breach, but the extent of the breach is not just limited to Equifax’s American customers. Equifax has also stated that it believes the thieves had access to “limited personal information for certain UK and Canadian residents.”
Equifax has not specified how many UK and Canadians were affected, but with 44 million UK residents on its books, the number could be substantial.
How do I know if I’ve been affected?
Equifax is hosting a web site that will let you determine whether or not you’re affected, however, many have reported the site as broken, with varied results returned for the same input. The safe bet in this situation is to assume that you’ve been compromised and act accordingly.
What can I do?
Equifax is offering one free year of their credit monitoring service, TrustedID Premier, to anyone who cares to sign up. There have been some reports that by doing so you could give up your legal right to participate in future class actions and remuneration, but Equifax denied these claims in a statement released over the weekend.
However, while credit monitoring is a useful service, it can’t stop a thief—it can only notify you when they take action— and whether you want to trust your information with the very company that compromised it is up to you. If you don’t want to take Equifax up on their offer, you can always use another credit monitoring service such as LifeLock.
What if I want to STOP my identity from being stolen, not just be notified when it is?
The best practice to keep your identity from being stolen is to place a security freeze on your credit files. This will keep potential creditors from viewing your files unless you lift the freeze, which makes it harder for thieves to apply for credit in your name. As the venerable Brian Krebs explains:
“With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file). And because each credit inquiry caused by a creditor has the potential to lower your credit score, the freeze also helps protect your score, which is what most lenders use to decide whether to grant you credit when you truly do want it and apply for it.” – Brian Krebs.
Security freeze laws vary, but they usually cost between $0 and $15 to implement and do not affect existing lines of credit, so you can still use your debit and credit cards. For more information on the ins and outs of credit freezes, check out Kreb’s excellent post here.