Equifax, one the nation’s three major credit reporting agencies, announced on September 7, 2017 that they had been hacked. They discovered a huge data breach at the end of July, which had been going on since mid-May.
Cybercriminals got into Equifax and took the personal information of 143 million Americans, about half of the U.S. adult population—plus, data was stolen from millions in Britain and Canada.
If you have a credit report in the U.S., there’s a good chance your personal information has been exposed. In this post, I’ll explain what happened and the steps you should take right now to keep your finances safe.
What Happened in the Equifax Data Breach
Equifax was founded in 1899 and is the oldest of the three credit bureaus, along with Experian and TransUnion. Equifax is based in Atlanta, Georgia and maintains information on over 820 million consumers.
Equifax says hackers lifted consumers’ names, birth dates, Social Security numbers, and in some cases, driver’s license numbers. They also stole credit card numbers for over 200,000 people and dispute documents that contain sensitive data for about 180,000.
This isn’t the largest data breach we’ve seen. That dishonor goes to Yahoo, which was targeted in a couple of incidents that affected more than one billion user accounts worldwide. However, the Equifax incident is the largest heist of Social Security numbers.
What disturbs me the most about this breach is that Equifax is in the business of storing our most personal data. Their job is to make sure we have an accurate financial profile so merchants, like lenders and insurance companies, can evaluate us properly.
Equifax has taken a lot of heat from regulators in Washington and some of their employees are also under scrutiny. It was found that three Equifax executives sold stock shares worth a total of $1.8 million a few days after the company discovered the breach.
But what you really need to know right now in the wake of this cybercrime is how to stay safe.
The Equifax Data Breach: What to Do in 5 Steps
- Step 1: Find out if your personal data was stolen.
- Step 2: Sign up for free identity theft protection.
- Step 3: Review your credit reports.
- Step 4: Consider placing a security fraud alert on your credit.
- Step 5: Consider placing a freeze on your credit.
You can find detailed explanations of each step below.
Step 1: Find out if your personal data was stolen.
If your personally identifying information was taken from Equifax, you will not receive notification from them. The only alerts they’re sending are to consumers who had credit card numbers and dispute documents stolen.
You need to be proactive to find out if your sensitive data is in jeopardy by visiting equifax.com.
You need to be proactive to find out if your sensitive data is in jeopardy by visiting equifax.com or their dedicated security site, equifaxsecurity2017.com.
When you click the “Potential Impact” button you must enter your last name and the last six digits of your Social Security number. Then you either get a message saying your data was not impacted or that it was potentially impacted. My data was taken, but my husband’s data was not.
Some people have pushed back on having to enter the last six digits, instead of the usual last four, of their Social Security number on the Equifax site to find out their status. This insures that they get a match for your information from hundreds of millions of records that could be very close to your name or number.
If you’re not comfortable entering your information online, you can call Equifax at 866-447-7559. They set up a call center for this issue and are open every day of the week from 7:00 a.m. to 1:00 a.m. Eastern time.
Free Resource: Credit Score Survival Kit – download this ebook and video tutorial with proven, legitimate tips and strategies to review, repair, and build excellent credit.
Step 2: Sign up for free identity theft protection.
Regardless of whether your data was breached or not, Equifax is offering one year of free enrollment in TrustedID Premier, their identity protection and credit monitoring service. If their system is busy, you may be instructed to return at a later date to complete enrollment.
Equifax’s protection includes monitoring at all three credit bureaus, copies of your Equifax credit reports, identity theft insurance, and scanning for your Social Security number being used online.
See also: 6 Risky Situations When You Should Avoid Using a Debit Card
Step 3: Review your credit reports.
As I mentioned, the Equifax breach started more than four months ago in May. If your data was jeopardized, review your credit reports for signs of fraud sooner rather than later.
Even if your data wasn’t compromised, this is a good time to get your free annual credit report from each of the three agencies (Equifax, Experian, and TransUnion) at annualcreditreport.com. You can also create free accounts at sites like Credit Karma and Credit Sesame to get one or two of your reports as often as you like.
When reviewing your credit report, look for new accounts that you didn’t open, unfamiliar activity, or incorrect data. If you believe a criminal used your personal information to open a credit card, reopen a closed account, or get a loan, report it to the lender immediately.
Even if your data wasn’t compromised, this is a good time to get your free annual credit report from each of the three agencies (Equifax, Experian, and TransUnion) at annualcreditreport.com.
If your credit report looks fine, don’t be fooled into thinking that you can just forget about it. Once a cybercriminal has your information they can use it anytime or sell it later to another thief.
To stay vigilant, put a monthly reminder on your calendar to alert you that it’s time to check in on the status of your credit reports. Also, check your financial accounts—such as checking, savings, credit cards—for unusual activity and investigate any suspicious charges or withdrawals right away.
See also: When to Monitor, Freeze, or Put an Alert on Your Credit