Just How Screwed Are We by the Equifax Data Breach?

The data breach disclosed by credit-reporting agency Equifax today (Sept. 7) may be the worst data breach in history when you combine what was compromised with the number of accounts affected.

Credit: DreamstimeCredit: Dreamstime

According to Equifax, full names, street addresses, dates of birth and Social Security numbers for 143 million people were stolen by online criminals between May and July 2017. That information is all that a data thief needs to completely impersonate someone else — to have credit cards issued, mortgages obtained, loans made, utility accounts opened, even jobs taken or arrest records made in your name.

You can check whether you're affected by this breach at https://www.equifaxsecurity2017.com/potential-impact/. If you get a "thank you" and a date on which to enroll for the TrustedID identity-protection service, you're affected. If not, you'll get a message saying "Not Impacted."

If you've ever taken out a loan or applied for a credit card in the United States, you probably are affected. I just found out that I am, and for the first time in more than a decade of covering information security, I don't know exactly what to do.

MORE: What to Do If You're Affected by a Data Breach

Equifax discovered the breach July 29, and hasn't explained why it waited six weeks to inform the public — or why three company executives reportedly sold $1.8 million worth of Equifax stock in the interim. We'll leave those questions to the proper investigative authorities.  

In the meantime, I would recommend reading through the guide on what to do if you're affected by a data breach. You don't need to worry about changing your passwords or canceling your credit cards for this breach, except for about 209,000 people whose credit-card info Equifax did lose, who will be individually notified by the company. (You can also read up on what to do if your Social Security number is compromised, and why it's so hard to get a replacement number.)

But you and I should contact one of the three major U.S. credit-reporting agencies — Experian, TransUnion and, yup, Equifax — and ask to have a 60-day credit alert put on your file. It's free, can be renewed every 60 days with no limit on renewals, and applies to all three agencies.

People directly affected by the Equifax breach will get one year of TrustedID identity protection, courtesy of Equifax. That's good. (Once the year is up, I'd recommend that anyone affected by the Equifax breach sign up and pay for commercial identity protection services for a few more years.)

However, all these measures may be mainly palliative. The horse has already left the barn — it did so back in June or July, to be exact. My "fullz" — thief-speak for a full set of personally identifying information — is out there to be bought or sold, and yours may be as well. All each of us can really do is hope that his or her own personal information doesn't end up being exploited.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
6 comments
Comment from the forums
    Your comment
  • Bogdobbler
    Signing up for the TrustedID identity protection requires you to relinquish any rights to sue Equifax or join a class action suit against them. That's a pretty shady way to protect themselves while posing as protecting you.
    0
  • Barnbaby
    You might consider putting a freeze on access to your credit reports at all 3 of the credit-reporting agencies. I was charged $10 at each agency. If someone has my information, they won't be able to open accounts, get loans, etc. since access to the credit reports is frozen until I unfreeze them. If you do need to let someone access your credit information, you can temporarily unfreeze the account at the credit agency they are trying to access (such as when applying for a job).
    0
  • dguith
    Problem with even a freeze, these equiforks gave up ALL personal info that could undo your freeze quite easily. All they need is name, birthdate, and address to terminate or change your freeze. Keep checking and for a long time. Hopefully, a class action and criminal charges for withholding info will put them out of business. Write or call your representatives and demand so!
    0