First, Let’s start with the Banklady’s take on the Reasons why the Equifax data breach is a total disaster:
- Security breach on their end.
- They knew a month ago and waited this long to give the details to the people impacted (that’s us).
- It looks like some of their shady executives were dumping stock in the meantime.
- Their website to “help” looks like it was designed by the slowest kid in fourth grade. People are questioning whether to even trust that site.
- Once you enter your information on the makeshift site they made to check to see if you have been on of the people affected it doesn’t even tell you if were impacted for sure.
- The site won’t let you enroll for any help and they won’t send a reminder when that’s ready.
Equifax as we have told you about in the past is one of the nation’s three main credit reporting agencies. They announced a “cybersecurity incident” that could potentially impact roughly 143 million U.S. consumers. They knew about it for weeks before they revealed it to the general population. The news also comes just months after a breach occurred at an Equifax subsidiary earlier this year, exposing W-2 and payroll data to criminals.
Equifax data breach exposes personal info of millions of Americans
According to Equifax, hackers exploited a security vulnerability in a U.S.-based application to gain access to consumers’ personal files. After discovering the breach on July 29 of this year, the company says it “acted immediately to stop the intrusion” and “promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.”
Personal information exposed in the breach
According to Equifax, the information exposed in the breach is more than enough to cause people some serious trouble — with criminals gaining unauthorized access to consumers’ names, Social Security numbers, birth dates, addresses and some driver’s license numbers.
On top of that, hackers were able to access credit card numbers belonging to more than 200,000 U.S. consumers — along with “certain dispute documents” that contain personal identifying information for another 182,000 consumers.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do.” said Chairman and Chief Executive Officer, Richard F. Smith, in an online statement. “I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
How to find out if you were affected by the incident (BUT DON’T)
Equifax has set up equifaxsecurity2017.com to help consumers find out if their information has been exposed. We actually recommend you DO NOT trust them with anything at this point. The company says it is also sending notices in the mail to consumers whose credit card numbers and/or dispute documents were exposed.
In addition to the website, Equifax is also offering consumers the option to sign up for credit file monitoring and identity theft protection — as part of its TrustedID Premier offering — which includes:
- 3-bureau credit monitoring of Equifax, Experian and TransUnion credit reports;
- Copies of Equifax credit reports;
- the ability to lock and unlock Equifax credit reports;
- identity theft insurance;
- and internet scanning for Social Security numbers.
The offer is completely free to U.S. consumers for one year but look below for why you should not use this service. They also offer a dedicated call center that’s open seven days a week from 7:00 a.m. to 1:00 a.m. ET. That number is 866-447-7559. This may be a better alternative to their make-shift site.
Do NOT Trust Equifax
The website equifaxsecurity2017.com, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn’t provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn’t perform proper revocation checks. Worse still, the domain name isn’t registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people’s details. It’s no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
Equifax also wants you to waive your right to arbitration when you check to see if you have been breached because of their horrible company’s mistakes. Many have pointed out that when you enroll in TrustedID atequifaxsecurity2017 you waive the right to participate in class action arbitration or lawsuits according to the TrustedID Premier terms. Here’s a snippet:
This arbitration will be conducted as an individual arbitration. Neither You nor We consent or agree to any arbitration on a class or representative basis, and the arbitrator shall have no authority to proceed with arbitration on a class or representative basis. No arbitration will be consolidated with any other arbitration proceeding without the consent of all parties. This class action waiver provision applies to and includes any Claims made and remedies sought as part of any class action, private attorney general action, or other representative action. By consenting to submit Your Claims to arbitration, You will be forfeiting Your right to bring or participate in any class action (whether as a named plaintiff or a class member) or to share in any class action awards, including class claims where a class has not yet been certified, even if the facts and circumstances upon which the Claims are based already occurred or existed.
Most of the protections offered by TrustedID Premier can be achieved for free elsewhere:
- Equifax credit report: Once per year you can always get your credit report for free via annualcreditreport.com. Additionally, any time you are denied credit (such as when you sign up for a credit card and are denied), you have the right to request the credit report for free. Also, some free credit monitoring tools (such as CreditKarma) offer full (or nearly full) access to your report details for free at any time (typically updated once a month).
- 3 Bureau credit file monitoring: A number of free tools offer credit monitoring, but each is usually specific to one bureau. You can sign up for multiple tools to monitor all three bureaus for free.
- Social Security Number Monitoring: Discover now provides this service for free to cardholders.
- $1M Identity Theft Insurance: I don’t know how to get this for free, but through your insurance company it’s probably cheap. State Farm quoted me $25 per year to cover my household.
- AAA offers free credit protection services to many members. Details vary by location. Some AAA members get nothing, but most can sign up for ProtectMyID Essential for free. Some members (such as those in some areas within California) get ProtectMyID Deluxe for free.
How to protect yourself
With more and more data breaches occurring these days, it’s crucial that you take steps to protect your information from criminals. Whether though massive data breaches like this one or simple email or text scams, criminals are coming after you and your information whenever and however they can. And once they get the info they need, they can wreak havoc on your financial life.
The most effective way to protect yourself from identify theft is with a credit freeze.
A credit freeze allows you to seal your credit reports and use a personal identification number (PIN) that only you know and can use to temporarily “thaw” your credit when legitimate applications for credit and services need to be processed. The added layer of security means that thieves can’t establish new credit in your name even if they are able to obtain your personal information.
Freezing your credit files has no impact whatsoever on your existing lines of credit, such as credit cards. You can continue to use them as you regularly would even when your credit is frozen.
Here are some more tips to help you protect yourself from online scammers:
- Be wary of unexpected emails containing links or attachments: If you receive an unexpected email claiming to be from your bank or other company that has your personal information, don’t click on any of the links or attachments. It could be a scam. Instead, log in to your account separately to check for any new notices.
- Call the company directly: If you aren’t sure whether an email notice is legit, call the company directly about the information sent via email to find out if it is real and/or if there is any urgent information you should know about.
- If you do end up on a website that asks for your personal information, make sure it is a secure website, which will have “https” at the beginning (“s” indicates secure).
- Look out for grammar and spelling errors: Scam emails often contain typos and other errors — which is a big red flag that it probably didn’t come from a legitimate source.
- Never respond to a text message from a number you don’t recognize: This could also make any information stored in your phone vulnerable to hackers. Do some research to find out who and where the text came from.
- Don’t call back unknown numbers: If you get a missed call on your cell phone from a number you don’t recognize, don’t call it back. Here’s what you need to know about this phone scam.
- Be aware of social media scams.