Equifax, one of the 3 major credit rating companies in the US, disclosed last week that their systems were hacked in July publicly exposing 146 million Americans’ names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
What is the impact?
This information can now be used and cross referenced with publicly available information (online directories, public government record, etc.) and other publicly available data-breach data from other high-profile data breaches (Yahoo, Verizon, InterContinental Hotels Group, Dun & Bradstreet, Saks Fifth Avenue, UNC Health Care, OneLogin, Blue Cross Blue Shield / Anthem, etc.) to form complete personal profiles of nearly half the population of the United States. A malicious actor with this kind of information can easily impersonate, steal from and financially ruin an individual.
This data breach is so bad and compromises the personal and financial security of so many Americans, that it cannot just be swept under the rug. While I hope financial and legal remedies are imposed, we should all reach out to our state representatives to ensure that Congress takes on this issue.
What can I do to protect myself and my family?
You must become an active protector of your and your family’s public financial record:
- Get your free annual credit report, review and correct as necessary using the site https://www.annualcreditreport.com/index.action
- Check the credit of yourself and all family members including children (Sometimes children have their identities stolen only to find out when trying to apply for College loans)
- Implement a Credit Freeze with all three credit bureaus. Learn more about Credit Freeze here http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
- Always follow Safe Internet Behaviors outlined in this post
DO NOT do the following:
- Do NOT waste your money on credit monitoring services. There is a great article here exploring the problems and benefits with credit monitoring services like LifeLock, etc. http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/
- Do NOT bother with Equifax’s free 12 month monitoring service offering. You will waive your right to participate in a future class action suits and limit your future ability to take other legal action against them for damages.
- You can use the info at https://www.equifaxsecurity2017.com to learn more about the disclosure but Do Not bother enrolling to determine if you’ve been impacted by this disclosure. You should just assume you have been, either by this disclosure or by another one and take the above outlined steps.
- Do NOT panic, this high profile Equifax disclosure only highlights the risks that were already there. Following the above steps will significantly help protect your financial security.