143 million Equifax consumers breached – were you one of them?

It’s never fun to wake up to the news that your personal information may have been compromised. Equifax, one of the three major credit reporting bureaus, announced yesterday that a data breach occurred on July 29, 2017.

What personal information was compromised?

Consumers’ full names, birth dates, Social Security numbers, home addresses, and driver’s license numbers were among the private data stolen. The company estimates that 209,000 US consumers’ credit card numbers and 182,000 documents containing personal identifying information were also intercepted. And it’s not just US consumers who got hit: Equifax estimates a small number of UK and Canadian citizens’ private data was also breached.

Were you among the 143 million Americans breached?

Equifax intends to send a letter to inform consumers who had credit card or personal documents compromised. It has also set up a website for consumers to find out if their information was impacted. Be wary of entering your personal details though as this site, www.equifaxsecurity2017.com, runs on a platform which does not provide enterprise-grade security, according to the security editor at Ars Technica. The form requires you to enter your last name and the last six numbers of your social security number. If you are one of the many unfortunate ones, you will receive an enrollment date. On this given date, Equifax instructs you to return to the website and finish the registration, and receive one year of free credit monitoring. NOTE: By completing the form you are agreeing to the site’s terms of service, which state you will be forced into arbitration. (Update: Since the backlash from consumers over the weekend, Equifax has now removed this clause from the terms of service.) It would be wise to phone the call center on 866-447-7559 to confirm your rights before releasing your personal information.

What additional measures can affected consumers take?

If it’s determined that the data was stolen by criminals, then it could circulate for many years. So you’ll need more than just one year of credit protection.

Here are some additional measures to protect yourself:

  • Sign up for an extended years of credit monitoring: your personal information could be on the black market for years
  • Keep a close eye on your credit accounts: criminal hackers may try to open new accounts with your personal information
  • Understand how to identify phishing emails: the stolen data could be used in a targeted phishing campaign

How did this breach happen?

Even companies that think they are taking all the measures to be secure can be vulnerable. The hackers gained access by exploiting a vulnerability on one of Equifax’s web servers. It’s important for organizations to perform regular risk assessments and penetration testing to help identify these vulnerabilities.

Equifax is taking additional steps to protect against future data breaches. The company’s CEO stated: “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”