In the U.S., there are three main credit bureaus: Equifax, Experian, and TransUnion. These companies hold financial records, often known as credit reports. These credit reports are placed into a formula (The most common being the FICO model) which will generate your credit score. In September 2017, the credit reporting agency Equifax announced that it had suffered a massive data breach involving approximately 143 million consumer accounts across the United States, Canada and the United Kingdom.
By October 2017, an investigation by the company revealed another 2.5 million impacted accounts. At the time, many people hoped that the news couldn’t possibly get any worse. By March 2018, Equifax provided a frightening update: The hack was bigger than they thought. The Equifax Hack is not the biggest data breach in history–but probably the worst. Why?
Data Taken
The breach lasted from mid-May through July of 2017. The hackers used an app vulnerability to gain access to several different databases within Equifax. Once they had access, they were able to steal consumer details that could help them create false identities, including names, addresses, birth dates and Social Security Numbers. Dispute documents used in approximately 182,000 accounts were part of the theft. Additionally, the hackers gained access to the credit card numbers of approximately 209,000 consumers.
Additional Updates
In March 2018, Equifax announced that ongoing analysis of the situation revealed that the hackers accessed an additional 2.4 million U.S. consumer accounts. That brought the total number of affected accounts to 147.9 million. Equifax discovered the hackers gained access to the partial driver’s license details of these consumers. Some of these accounts also experienced the same level of intrusion as the initial accounts. By May, Equifax revealed to the U.S. Securities & Exchange Commission even more horrifying details about the breach. The hackers gained access to information that Equifax failed to previously report to the public, including approximately 20.3 million phone numbers, 1.8 million email addresses and 97,500 Tax Identification Numbers. Equifax didn’t feel that this information was pertinent in past disclosures since most of it wasn’t stolen with other identifying details that would make it easy for the thieves to commit fraud.
Corporate Responsibility
Equifax’s failures have been revealed through several internal and external investigations. For example, the company didn’t disclose that the stolen dispute documents included full images of driver’s licenses, passports, Social Security cards and state, resident alien and even military ID cards. Federal investigations into Equifax’s handling of the situation revealed that the company didn’t keep its computers up-to-date with the latest security features. After Equifax discovered the hack, the company didn’t follow appropriate procedures to inform authorities and the public and actually withheld crucial details about the extent of the breach.
Identity Protection
Since Equifax is a credit bureau, you can’t simply request that they close your credit report account. You can though take certain actions to protect yourself. To find out if your account was among those breached, visit the 2017 Cybersecurity Incident & Important Consumer Information home page, scroll down and click the red “Am I Impacted?” button. Enter your last name and the last six digits of your Social Security Number in the provided fields and complete the onscreen instructions. You can also block access to your account by anyone other than certain agencies that deal with credit information by setting up a security freeze PIN number or a device-based login and passcode credit report lock.
You can’t prevent these types of massive data breaches from the comfort of your home when a company fails to maintain proper security. That said, you can help reduce the number of these incidents by not compounding the problem through your actions. For example, only use websites that you trust when making online purchases. Never use embedded links in emails to access financial institution and store sites. Instead, visit these sites using browser bookmarks or direct URLs. Protect your logins and passwords by never using them while on public Wi-Fi. And if you know you have some valuable information on your computers or in multiple computers, invest in good firewall security.
To find out more information about protecting your information offline and online, visit the Federal Trade Commission’s How to Keep Your Personal Information Secure page.