Equifax Hack: What Does It Mean for Your Credit?

by Crissinda Ponder
September 19, 2017
Credit: Shutterstock

By now you’ve likely heard of the massive data breach compromising Equifax, one of the “Big Three” credit reporting agencies, and how the incident has compromised up to 143 million American consumers’ sensitive information.

Cybercriminals exploited a “website application vulnerability” to access names, birth dates, addresses, Social Security numbers and even some driver’s license numbers, according to a Sept. 7 news release from Equifax.

Credit card numbers for more than 200,000 consumers were also compromised, as well as personal identifying info for more than 180,000 consumers involved in credit disputes.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Richard F. Smith, Equifax chairman and CEO, says in a statement. “I apologize to consumers and our business customers for the concern and frustration this causes.”

Security breach timeline

Equifax learned of the cybersecurity incident on July 29, and its investigation found the attack took place between mid-May and July 2017. Why it took more than a month to inform the public isn’t immediately clear.

And to make matters worse, it was revealed that three executives sold close to $2 million worth of the credit bureau’s stock just days after the data breach was discovered.

In response to the breach, Equifax is notifying affected consumers via snail mail and offering free credit monitoring and identity theft protection to all U.S. consumers – for one year – through its TrustedID Premier service. And after receiving queries from consumer advocacy groups, the credit bureau also informed affected consumers that they wouldn’t have to accept arbitration and waive their rights to a class action suit – as required by its general policy – in order to use the free tool.

Once consumers were made aware of the cybersecurity incident, many scrambled to freeze their credit files (aka prohibit access and discourage fraudsters from opening new accounts) but were surprised to find the personal identification numbers assigned to those credit freezes weren’t all that secure – the PINs matched the date and time of when they were generated.

Equifax has since adjusted its PIN generation to alleviate consumer concerns.

Investigations piling up

In the days following Equifax’s announcement, the Consumer Financial Protection Bureau, House Financial Services Committee, Senate Finance Committee, Federal Trade Commission as well as some state-level authorities have all launched investigations into the company’s data breach.

Massachusetts Attorney General Maura Healey has also announced that the state plans to sue Equifax over the wide-ranging incident, which potentially affects 3 million of the state’s residents.

“In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen,” Healey says in a statement. “My office is acting as quickly as possible to hold Equifax accountable for the risks that millions of consumers now face.”

Protecting your credit and identity

So, how can you be more vigilant about making sure your credit file and identity are secure?

The FTC advises reviewing your credit reports from all three bureaus – Equifax, Experian and TransUnion – to spot errors or fraudulent accounts. You’re entitled to one free report from each of the bureaus annually. Visit AnnualCreditReport.com for more details.

Freezing your credit is “the best way to protect yourself from at least some of the fraud that could result from this breach,” says Susan Grant, director of consumer protection and privacy at the Consumer Federation of America.

You must freeze your credit file with all three bureaus individually. Once you freeze your credit, keep track of the PIN assigned to each freeze – you’ll need it to unfreeze your file(s) later. And remember that a freeze won’t stop someone from making unauthorized charges on your existing accounts, so monitor your bank and credit card statements.

You could also place a fraud alert on your credit files for free if you’d rather not freeze them. An initial fraud alert lasts 90 days but can be renewed. Once you contact one of the three bureaus to activate a fraud alert, that bureau will notify the other two on your behalf.

Grant adds: “Be aware of crooks who may contact you pretending to be from Equifax and ask you to confirm your personal information to help protect you.” You’ll have to provide personal information, including the last six digits of your Social Security number, to enroll in Equifax’s TrustedID Premier service, but the bureau wouldn’t reach out to you asking for that info.

To determine whether you’ve been impacted by this data breach, visit EquifaxSecurity2017.com.

Crissinda Ponder is a personal finance editor and writer with MoneyGeek.com, who mainly creates and develops content related to homebuying and insurance. She can be reached via email at crissinda@moneygeekonline.com.

You may Like
Leave a Comment
Get Money Tips Straight to Your Inbox