What You Need to Know About the Equifax Data Breach

On Thursday, September 7, 2017, the Associated Press reported that there had been a data breach at Equifax, which is one of the big three credit reporting bureaus. A somewhat vague initial report gave way to more detail on Friday the eighth. Here are the details.

AP describes the attack on Equifax as a “high-tech heist”. Some 143 million Americans’ data was a part of the breach. This exposed sensitive information such as Social Security numbers. The breach was evidently an exploit in a website application.

Delay between Discovery and Disclosure

Exposure meant the hackers had access to files between the middle of May and July of 2017. Apparently Equifax caught the breach on July the 29th but the company waited until September 7 to publicly announce it. There is no information on why there was such a delay, particularly considering the gravity of the situation.

Equifax’s stock dropped 13%, to $124.10 in extended trading subsequent to the company announcing the breach. However, perhaps anticipating the downturn, three Equifax executives seem to have protected themselves by selling shares with a combined value of $1.8 million on August 1 and 2, a mere few days after the July 29 discovery of the breach, per documents that were filed with securities regulators. However, the company says the executives did not know about the breach when they made their trades. These executives are the Chief Financial Officer John Gamble; and Joseph Loughran, Equifax’s president of United States information solutions; plus Rodolfo Ploder, who is Equifax’s president of workforce solutions.

It remains to be seen whether such a move will be seen as insider trading, a legal matter which, under federal law, can fetch treble damages. Insider trading is taken so seriously because it undermines consumer confidence in the fairness and accuracy of markets such as the Dow and NASDAQ. The question of whether the CFO of Equifax, a person charged with knowing about probably every possible crisis involving the company, did not know about the breach, may very well be settled in federal court.

Details on the Stolen Data

The stolen data includes:

·      consumers’ names

·      birth dates

·      Social Security numbers and

·      addresses

In some instances, this also includes driver’s license numbers.

Along with the personal information taken in its breach, Equifax reported the credit card numbers for approximately 209,000 American consumers were also taken. Plus “certain dispute documents” were stolen, which contained personal information for about 182,000 United States citizens.

Furthermore, the company warned that hackers could potentially also have some “limited personal information” regarding Canadian and British residents. The company does not believe any consumers from other countries were affected. Also, the company does not believe its core reporting databases were compromised.

The Danger of Identity Theft

The biggest risk which consumers are facing with regards to the breach is the very real threat of identity theft. Identity theft is an enormous problem in our world today. It can wreak havoc on your personal and business credit scores and your overall reputation in the community.

Given that the thieves have full names and addresses, plus birth dates, and Social Security numbers, then it is possible for them to open up new charge card accounts and bank accounts, and even fill out W-2 forms in your name, thereby having the IRS unwittingly send the tax bill to you for work that they did (and even work they may have otherwise done legitimately).

Plus you know there’s just got to be a market for this sort of extensive and complete information, for anything from voter fraud to even diverting packages and mail you ordered online or elsewhere.

Steps Equifax is takin

Equifax realizes this is a big breach – AP believes it’s the largest data breach in history involving Social Security numbers. However, it’s not the largest data breach in history, as that questionable prize belongs to Yahoo. That company was the target in a pair of digital burglaries in 2015 and 2016 which resulted in over 1 billion accounts being compromised.

Equifax’s CEO, Richard Smith, has apologized for the incident, calling it “a disappointing event for our company”, a phrase which seems a lot like it could be the understatement of the year.

The company also took some proactive steps. They established a website, https://www.equifaxsecurity2017.com/ , where consumers can look up if their personal data could have been a part of the breach. Consumers can also telephone toll-free (866) 447-7559 for additional information. Rival Experian is also offering a free credit monitoring service to all American consumers for one year.

What You Can Do

You should take a breach of this size very seriously. One way you can help to protect yourself is to keep private information offline as much as possible. Hence you might want to edit some of your profiles, particularly on major social media sites such as Facebook and Twitter.

Also, be sure to contact your banks, creditors, and any place which sends you bills (such as the cable company) and make certain they have your correct address. You may need to do this more than once – filling out a change of address form or card is standard operating procedure for identity thieves. They do this so they can get away with using your identity for as long as possible. If you stop getting your bills, contact those providers ASAP.

Another thing you can do is use a credit monitoring service. These services can be costly, so do whatever you can on your own before investing in one. These services can come with fraud alerts. However, you can do this yourself if you believe your information has been compromised. This is also true for credit freezes. However, if you are too busy to monitor your own identity closely, and you have the means to pay for such a service, this can be worth it. Because Equifax is only offering free credit monitoring for one year, you may need to consider a paid option in 12 months.

In addition, do two things:

1)    Inform your local police department and fill out their form (either in person or online; this depends on your precinct). Make sure to get a file number from them.

2)    Make use of that police report and contact the Internal Revenue Service. This helps to protect you in the event that you get a tax form for a job you didn’t do. Make the record early with the IRS and it will help to keep them from blaming (and auditing) you if they cannot collect taxes on that W-2.

Lastly, if you need to, you can dispute your company’s Equifax report by following instructions here and your personal credit report by going here.

We will be watching the Equifax Data Breach story closely as it affects personal credit and that can often mean it affects business credit as well.