As you have most likely heard by now, on September 7th Equifax – one of the ‘Big Three’ credit bureaus in the United States – admitted that its own lax security practices had allowed hackers to steal the personal identities of 143 million US citizens.
From mid-May through July, hackers exploited a US website application vulnerability to steal people’s names, Social Security numbers, birth dates, addresses, and, in some cases, driver’s licenses numbers. They also stole credit card numbers for 200,000+ people and documents containing personal identifying information for 182,000 people.
With a US population of 324 million in 2017, the breach impacted 44% of the population. There is therefore an excellent chance that you and many of your clients were impacted by the breach. The breach was discovered on July 29 but the company waited until last week to actually inform the public.
Equifax has established a dedicated website, www.equifaxsecurity2017.com to help consumers determine if their information has been exposed. Consumers enter their last name and last 6 digits of their Social Security number to determine if they are impacted. Please note that since you will be entering sensitive information this should only be done on a secure computer using an encrypted network connection.
Do not do this step from the public wifi (at Starbucks for example)!
Regardless of whether their information was potentially exposed, consumers can take the following steps to help protect themselves:
1) Experts say the single most effective solution is to freeze your credit. This can be burdensome as you will need to unlock your credit every time you have a legitimate need, but it should prevent most forms of identity theft.
2) If you don’t want to freeze your credit, consider placing a fraud alert on your credit files. A fraud alert will warn potential creditors that you may be a victim of identity theft and that they should take extra steps to verify that the person seeking credit is who they claim to be.
3) Keep a close eye on your bank accounts, investment accounts, retirement accounts and credit cards. Review your statements carefully and follow up with your financial services provider if you notice any unusual or unexplained transactions.
4) Monitor your credit report regularly. Look for recent inquiries and for new credit accounts being opened.
5) Regardless of whether your information was potentially exposed, Equifax is offering consumers a free 1-year subscription to their identity theft protection service. Please note that consumers signing up for this service may be foregoing their right to participate in any class action lawsuits against Equifax over the data breach.
The Terms of Service contains an arbitration clause and class action waiver that forces users to settle any complaints against Equifax individually. As of this date it is still uncertain whether or not the arbitration clause will apply to the data breach, or whether Equifax intends to enforce it if it does.
6) Enroll in another firm’s identity protection service, such as with Experian or LifeLock. This will cost the consumer money, but will preserve their ability to participate in any class action lawsuits against Equifax.
7) File your taxes as early as possible, before a scammer can file your taxes. Tax identity theft happens when someone uses your Social Security numbers to get a tax refund or a job. Respond immediately to any letters from the IRS.
8) Utilize online resources, such as the Identity Theft Resource Center, which provide excellent resources on defending yourself against identity theft. Contact your state Attorney General for more information related specifically to the Equifax data breach.
Keep vigilant as this is not a temporary issue as your personal info will be “out there for many, many years to come!
all the best… Mark