Sep 19, 201712:55 PMOpen Mic
Send us your blog for consideration!
Just the Equifax, ma’am
(page 1 of 2)
Two weeks ago, it was reported that Equifax, one of the largest credit reporting agencies in the United States, was recently the victim of a massive cyber attack — an attack that may have compromised the personal information of 143 million people.
The breach itself occurred between mid-May and July 2017 when cyber criminals gained access to sensitive data by exploiting a weak point in website software. As a result, sensitive information like Social Security numbers, birthdays, addresses, and driver’s license numbers were compromised. In addition, 209,000 credit card numbers were stolen, including information from international customers in Canada and the United Kingdom. The attack is so severe, in fact, it’s likely that anyone with a credit report was affected.
Since then, there have been a flurry news stories reporting on the breach. The flow of information has moved so quickly that a lot of confusion has arisen, as well. So, as Detective Joe Friday used to say on Dragnet, let’s get down to “just the facts.” That way, we can figure out what we need to do to protect ourselves.
How do I find out if I was affected?
Equifax has set up a response site, www.equifaxsecurity2017.com. This should be your first stop. Using this site, you can determine if you were affected, and, if you were, how to enroll in the free credit monitoring offer they’ve made from TrustedID (TrustedID is a credit monitoring service that Equifax has partnered with to provide this service to clients free of charge). To enroll, you will need to give them your personal information (Social Security number, name, address, and more).
I’ve had clients ask if this site is trustworthy, and if they should give TrustedID all of this information. First, this site is trustworthy; many reputable government and news outlets have directed their readers to it, including the Federal Trade Commission, USA Today, the Washington Post, and Krebs on Security (a prominent data security blog). Second, yes, you will need to give TrustedID your information in order for them to identify and monitor your particular credit report.
Wait — I heard that if I sign up for free credit monitoring, I’m giving up my legal rights?
So I signed up for credit monitoring. I’m good, right?
Wrong. As Brian Krebs points out, credit monitoring is inherently a reactive process, not a proactive process. This service will alert you to any changes to your credit reports, but will not prevent access to them (with the exception of Equifax; TrustedID will lock your Equifax report to prevent access by third parties). It’s recommended that you place a credit freeze on all three of your credit bureau reports. Why? Because the data that may have been accessed by the hackers can be sold to cyber criminals, and those criminals can use that information to apply for credit in your name. The lender (a bank, credit card company, etc.) may not use your Equifax report to make their lending decision. They may use TransUnion, Experian, or another bureau. If you freeze just the Equifax report, you’ve done nothing to prevent fraud on your other reports.