A huge data breach happened at Equifax, leaving hundreds of thousands of consumers with their personal information in the hands of nefarious criminals. Equifax is one of the three major consumer credit reporting agencies in the United States. That makes it the caretaker of a veritable treasure trove of personal information for cyber criminals. That information includes Social Security numbers, birth dates, addresses, driver’s license numbers, and sometimes even credit card information. Read on to find out everything you should know about the 2017 Equifax breach.
What Happened with the 2017 Equifax Breach?
According to the consumer notice provided by the company, Equifax fell victim to a cyber criminal attack sometime in May 2017. The intrusion targeted a US website application vulnerability in order to gain access to files in Equifax’s network.
On July 29, 2017, Equifax finally discovered the breach. It acted immediately to stop the intrusion, but the criminals had already been privy to the sensitive information for more than two months. Equifax hired a leading independent cybersecurity firm. That firm is determining the scope of the intrusion and what data the breach impacted. It also notified law enforcement, and the investigation is ongoing.
How Much Data Was Stolen?
The company hasn’t divulged how much data the 2017 Equifax breach included, or how many total consumers it affected. It has revealed that the information accessed includes “names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers.”
On top of that, the breach included credit card numbers for about 209,000 consumers. Finally, there were dispute documents, which can include other personally identifiable information, stolen for approximately 182,000 consumers.
If there’s a silver lining here, it lies in the fact that Equifax has not found any evidence of unauthorized access to its core consumer or commercial credit reporting databases. So your credit information is safe, even if your personal identification details aren’t.
What’s Equifax Doing About It?
Equifax has taken steps to stop the intrusion, as previously noted. The company has also hired experts to conduct an assessment and recommend further steps to prevent something like this from happening again.
The company is also offering free identity theft protection and credit file monitoring to all US consumers, even those not impacted by the 2017 Equifax breach. Equifax has set up a special website to allow consumers to find out if their data might have been accessed, and sign up for the identity theft and monitoring plan. There’s a catch, though.
What Do I Do Now?
You have two choices, really. You can visit the special website Equifax is using to let consumers know if they’ve been affected and to sign up for identity theft protection. There are a couple major problems with this, though.
First of all, you have to be willing to trust Equifax’s servers with even more information. Rather than asking for the typical last four digits of your Social Security number to confirm your identity, the page asks for six digits.
The biggest problem is with the Terms of Use for this website. This is really the most important thing you need to know before you begin to check whether your data was lost/stolen.
Simply by using the special website, you are waiving your right to participate in a class action lawsuit against Equifax. Nobody can say for certain if that clause in the Terms of Use would stand up in court, but you might not want to take the chance.
Up Next: Finding out if you’re affected and finding a trusted identity theft protection product
FYI, they have updated the website with this:
The biggest problem here is we as consumers don’t have much of a choice here. I can’t call Equifax and cancel my account and take my business elsewhere. Nobody gets to pick who gathers this information and control our credit rating. The irony here is if anyone gets their ID stolen it’ll ruin your credit.
Yes, I had to chuckle at the line in the article that said “I Don’t Trust Equifax Anymore, What Other Choices Do I Have…”. The answer is none. They have your credit data. They are one of the places companies check for credit scores. There is not a d****d thing whatsoever you can do about it. The amount of pressure consumers or even the government can apply on them is precisely zero.
Not so sure about that, collateral damage to reputation and share price can deliver the ultimate kick in the pants.
Over this side of the pond, GDPR in the EU and the UK even after Brexit will make companies like Equifax look and act VERY differently towards data security. The fines are big enough to put organisations OUT OF BUSINESS, and rightly so. GDPR is in force from May 2018.
Did you notice in the small print that 44 MILLION UK residents are also impacted?, that is just about every adult in the country 🙁
As more and more companies get their reputations damaged from improper/inadequate security systems, the more these companies are opening themselves up to some serious lawsuits. Providing ID theft protection for one year (or three years) is totally unsatisfactory. Such companies should provide unlimited ID theft protection to their affected consumers with no expiration date. After all all, our identities do not expire, even after we do.