What do we know so far about the Equifax data breach?
Equifax says it discovered a massive exposure of information that occurred between the middle of May through July, compromising personal information of as many as 143 million Americans and thousands of Canadian and British consumers. The fraudsters gained access to a wide array of information, including names, social security numbers, birth dates, addresses, and some driver’s license numbers, in addition to the credit card numbers of some of its customers. This hack is really in a category of its own.
Why is this breach different from others?
The biggest difference is the breadth of information the hackers have access to. Because Equifax is one of three nationwide credit-reporting companies that track and rates the financial history of U.S consumers, you don’t need to have directly done business with the company to be exposed in this breach.
These companies are provided vast amounts of data on you from banks, retailers and lenders – information about loans and loan payments, credit cards and credit card payments and limits, child support payments, missed rent and utilities payments, your addresses, your employment history – everything that factors into your credit scores.
With access to your name, social security number, address and date of birth alone an identity thief can pretend that they are you! This is what sets this breach apart from something like the Target breach, where they obtained credit card numbers. Credit card fraud is relatively easy to deal with, and you are covered from damages. This information means that someone could even apply for a loan in your name!
How do we know if we have been impacted?
Equifax has set up a website – www.equifaxsecurity2017.com/potential-impact/ – that consumers can visit to determine whether they have been affected. The site asks you to submit your name and the last six digits of your social security number. If you have been exposed, the site will then provide a date when you will be enrolled in free identity theft protection and credit file monitoring services. If you have no, it will see a note that says “not impacted.” However, because this is such a large breach, and because such important personal information is involved, the best approach is for everyone to assume they were impacted and take precautions.
What steps should we take?
First, check your existing credit accounts for suspicious transactions, and pull credit reports from annualcreditreport.com to check for new accounts in your name. You also need to check your bank statements and credit card statements on a regular basis. And I do not mean twice a year. Ideally, you should check your statements twice a month, or even weekly, and you should do it all the time. Fraudsters often wait for the anxiety and awareness of a story to subside before acting.
And in this case, you may want to consider signing up for paid credit monitoring by a third-party service like IDshield or Lifelock, versus the free monitoring Equifax is offering for two big reasons. First, these third-party monitoring companies track more sources to spot suspicious activity and alert you to it. Secondly, the terms and conditions of Equifax’s free monitoring require you to resolve disputes through arbitration, and ban you from participating in class-action lawsuits.
Beyond our financial accounts, are there other actions we should take?
In addition, you should change passwords for all accounts with access to sensitive financial or health information. You will want to use entirely new passwords, and different one for each of your accounts. If you have a hard time doing this, try using a password manager that will create unique passwords for you. You also need to review your other service accounts that your email is linked to, such as subscriptions and shopping accounts to make sure passwords used on those sites aren’t too similar to those you were using on your email account.
What else do we need to know?
I think this may be just the beginning of a long road for Equifax. Bloomberg is reporting that executives in the company sold large amounts of stock in the days following the discovery of the breach. You can be the law enforcement agencies will be looking into this if true, so stay tuned!
Mellody Hobson is President of Ariel Investments, a Chicago-based money management firm that serves individual investors and retirement plans through its no-load mutual funds and separate accounts. Additionally, she is a regular financial contributor and analyst for CBS News.
Share your email below to receive our daily newsletter!