Data breaches are bad but the Equifax data breach may be one of the worst. When hackers stole the data on potentially 143 million American consumers from the credit reporting bureau they took everything they needed to unlock the identities of 44% of the American population. And ironically, Equifax was one of the companies that other companies turned to when they were breached. As their website states: “You’ll feel safer with Equifax. We’re the leading provider of data breach services…”
Hackers reportedly used a website vulnerability to steal everything from social security numbers to credit card numbers from May until the breach was discovered on July 29thmeaning the hackers had access for at least two full months. No reason for the delay in informing the public has been given but in some recent large investigations law enforcement has requested companies to wait to disclose the information.
What makes this data breach one of the worst, even though the scale isn’t as large as say Yahoo’s 500 million, is that consumers did not have to directly give their information to Equifax, instead it was provided to them by nearly every bank, credit card, and loan company to make credit decisions. So if you have ever applied for a credit card, loan, or mortgage, your data may have been compromised.
As standard with breaches, Equifax has offered free credit monitoring services for a year if you sign up by November 21st whether your data was accessed or not. But wait, don’t leave and sign up right now! A caveat to signing up for Equifax’s offer of free credit monitoring service from TrustedID, which is also owned by Equifax, is that the terms of service of TrustedID states that if you sign up you cannot partake in any class action lawsuits against the company. And not wasting any time at all, two Oregon residents have filled a lawsuit against Equifax alleging negligence in securing the personal information of consumers.
While a nice gesture and possibly giving Equifax some legal relief as people scramble to sign up for credit monitoring, the data stolen from Equifax can be sold on the DarkWeb for years to come to steal identities. There is no expiration date on information like name, address, date of birth, and social security number… all of which the hackers took. Consumers will need to remain vigilant in checking bank account information and making sure their identities are not stolen for the near and far future. Signing up for a credit monitoring service is definitely a good idea, perhaps not with TrustedID, but as you look, try to find one that doesn’t just look for new account creation. Find a service that monitors open accounts for changes as well as new account creation. You can also look into identity protection insurance services, such as LifeLock, as an additional layer of protection.
As a notable side note: Questions have been raised about the sale of $1.8 Million in stock by three executives of Equifax following discovery of the breach before it was disclosed to the public. The company reports that none of them knew about the breach. That does make one question the cyber-security incident reporting policies of such a large organization.
(AP Photo/Mike Stewart)