On September 7, the consumer credit reporting agency Equifax announced that it had been the victim of a massive data breach earlier in the year, reporting that the personal information of up to 143 million people was stolen. If you were affected by the breach, or want to find out whether you were affected, here's some information on how to find out and what you can do.
The short version, from the Federal Trade Commission, is that unknown persons hacked into Equifax's servers and, "accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people."
A more detailed account, from Equifax, can be found here.
For a simple timeline of events, keep an eye on Yahoo! Finance's reporting.
For further reporting on Equifax's response to the breach, take a look at The New York Times.
Was My Information Taken?
To see if your personal information was included in the hack, go to this part of the Equifax website and click on "Check Potential Impact."
They'll ask you for your last name and the last 6 digits of your social security number, and tell you whether your information was part of the breach.
What Can I Do About It?
The Federal Trade Commission and several news agencies (like NPR) have given some suggestions about what consumers can do to lessen the risk of loss after the breach. Much of this advice is a great idea even if your information was not taken, too!
Here's a summary:
Check your credit reports.
You can get a free copy of your credit report from each of the three agencies-- Experian, TransUnion, and Equifax-- by going to AnnualCreditReport.com. If you spot anything fishy that could indicate your identity was stolen, you can report it to IdentityTheft.gov and get more help there.
Consider placing a fraud alert.
You can talk to any one of the three credit reporting agencies and ask them to place a fraud alert on your account. All three agencies will see the alert, and anytime a request comes through to pull your credit report (including when you do something like apply for a loan) the lender has to verify your identity before they can continue. It's free to place an alert, it lasts for 90 days, and you can renew it.
Check your existing credit card and bank accounts.
If you see any transactions that are unfamiliar or suspicious, let your bank or credit card company know right away. They may refund any money lost and will usually issue you a new credit or debit card right away.
Consider placing a credit freeze.
A credit freeze is a more extreme version of a fraud alert, and it completely stops any business from accessing your credit report. There are upsides and downsides to placing a freeze, and it requires you to contact all three reporting agencies separately. You usually have to pay a fee to each agency, though Equifax may waive their fee if you were affected by the hack.
The most important thing to know is that credit freezes do not stop someone from using credit cards or bank accounts you already have; it just stops them from opening new accounts.
Consider signing up for free credit monitoring.
Equifax is offering consumers who were affected by the hack a free year of credit monitoring (and other services). To see their offers, check Equifax's website here.
File your taxes early.
This may be a surprising piece of advice, but one of the most common things scammers do with stolen personal information (particularly social security numbers) is filing fraudulent tax returns. So as soon as you have all the tax information you need, start thinking about filing your return. (FYI, tax forms typically arrive at the library around February. Free tax help starts up at the same time as well.)
Want to talk about the data breach? Leave a comment below.