Edit Module
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed

Sep 19, 201712:55 PMOpen Mic

Send us your blog for consideration!

Just the Equifax, ma’am

(page 1 of 2)

Two weeks ago, it was reported that Equifax, one of the largest credit reporting agencies in the United States, was recently the victim of a massive cyber attack — an attack that may have compromised the personal information of 143 million people.

The breach itself occurred between mid-May and July 2017 when cyber criminals gained access to sensitive data by exploiting a weak point in website software. As a result, sensitive information like Social Security numbers, birthdays, addresses, and driver’s license numbers were compromised. In addition, 209,000 credit card numbers were stolen, including information from international customers in Canada and the United Kingdom. The attack is so severe, in fact, it’s likely that anyone with a credit report was affected.

Since then, there have been a flurry news stories reporting on the breach. The flow of information has moved so quickly that a lot of confusion has arisen, as well. So, as Detective Joe Friday used to say on Dragnet, let’s get down to “just the facts.” That way, we can figure out what we need to do to protect ourselves.

How do I find out if I was affected?

Equifax has set up a response site, www.equifaxsecurity2017.com. This should be your first stop. Using this site, you can determine if you were affected, and, if you were, how to enroll in the free credit monitoring offer they’ve made from TrustedID (TrustedID is a credit monitoring service that Equifax has partnered with to provide this service to clients free of charge). To enroll, you will need to give them your personal information (Social Security number, name, address, and more).

I’ve had clients ask if this site is trustworthy, and if they should give TrustedID all of this information. First, this site is trustworthy; many reputable government and news outlets have directed their readers to it, including the Federal Trade Commission, USA Today, the Washington Post, and Krebs on Security (a prominent data security blog). Second, yes, you will need to give TrustedID your information in order for them to identify and monitor your particular credit report.

Wait — I heard that if I sign up for free credit monitoring, I’m giving up my legal rights?

That’s not true. Equifax notified the public via their online FAQ: “To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.”

So I signed up for credit monitoring. I’m good, right?

Wrong. As Brian Krebs points out, credit monitoring is inherently a reactive process, not a proactive process. This service will alert you to any changes to your credit reports, but will not prevent access to them (with the exception of Equifax; TrustedID will lock your Equifax report to prevent access by third parties). It’s recommended that you place a credit freeze on all three of your credit bureau reports. Why? Because the data that may have been accessed by the hackers can be sold to cyber criminals, and those criminals can use that information to apply for credit in your name. The lender (a bank, credit card company, etc.) may not use your Equifax report to make their lending decision. They may use TransUnion, Experian, or another bureau. If you freeze just the Equifax report, you’ve done nothing to prevent fraud on your other reports.


Sep 19, 2017 05:12 pm
 Posted by  Anonymous

A question I have is why does Equifax need to keep my data anyway? I don't have or want a mortgage; rarely buy a car or take out a loan and use credit cards sparingly. They get my data from those small print we all don't read when we get a credit card etc.. Their services do not seem necessarily to benefit a lot of us (i mean lets be serious as I am filling out these freeze credit forms I continually need to be checking off I don't want offers sent to me) so why is it we have to agree to hand our data over to these incompetents . Is there any real benefit to us as opposed to the credit sellers? Might make an interesting article in In Business.

Add your comment:
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed
Edit Module

About This Blog

Make your voice heard with IB's "Open Mic." Send your blog entry to Online Editor Jason Busch at jason@ibmadison.com for consideration.



Atom Feed Subscribe to the Open Mic Feed »

Recent Posts

Edit Module