The Equifax Data Breach

by | March 6th, 2018

man wearing mask in a hoodie on laptop

In October 2017, we learned of a data breach that occurred with Equifax, a consumer credit bureau, that impacted over 143 million consumers. According to the consumer information website hosted by the Federal Trade Commission, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.”

Equifax, along with TransUnion and Experian, make up the three major credit reporting agencies that store credit information, which includes your name, living addresses, and personal identifiable information (PII), such as your birthdate, driver’s license number, and social security number. As a consumer, we have no control as to which credit agency stores our information, nor can we validate the security of how that information is stored. When the Equifax data breach occurred between mid-May through July 2017, it was estimated that hackers had access to the consumer database that stored PII as well as credit card numbers for customers in the U.S., UK, and Canada.

It’s been widely published that hackers exploited an open-source software application that was used by Equifax for its consumer databases. According to a story on Wired.com, unfortunately, this database software had vulnerabilities, which Equifax didn’t take precautions to address, allowing hackers to compromise the system. According to the Privacy Rights Clearinghouse, which has been chronicling data breaches since 2005, there’s been about 8,000 data breaches that have been made public since 2005, impacting over 10 billion records.

The Equifax data breach impacted over 143 million consumers, a large number, but not as large as the Yahoo Inc. data breach that impacted over 1 billion consumers back in 2013—the largest published data breach in history.

What Can You Do to Protect Yourself?

Since it’s evident data was most likely compromised in the Equifax data breach, there are four actions that consumers can take to protect their information from data breaches. These actions are derived from advice provided by the Federal Trade Commission and other resources:

1. Request Your Credit Report

Whether you believe your data has been exposed in the Equifax data breach or not, you should request a copy of your credit report from each credit bureau. As a consumer, you are granted one free credit report annually from each credit bureau; visit annualcreditreport.com from a secured computer and network (not a public computer or public wireless network). You will want to check for any inaccuracies and pay attention to all accounts and activity to make sure you have not been a victim of identity theft.  It you find evidence of identity theft, you should visit IdentityTheft.gov to find out what to do.

2.Consider a Credit Freeze

If possible, put a credit freeze on your files through the credit bureau; you will have to contact each of the three major credit bureaus to do this. A credit freeze would not prevent hackers from gaining access to your current information; however, if  hackers try to open new accounts in your name (identify theft), having the credit freeze in place should prevent them from doing so.

3.Set Up Fraud Alerts

If you decide not to put a credit a freeze on your credit accounts, you can place a fraud alert on your files. A fraud alert warns creditors that you may have been a victim to identify theft; however, it does not prevent a hacker from stealing your account information.

4. Regularly Monitor Your Accounts

Monitor all your credit cards and back accounts. You should take advantage of your financial institution’s free monitoring capabilities, which may include putting alerts in place for activity that fits a certain threshold (e.g. any purchases over $100 would send an alert to your phone and/or email address). In addition, some banks now allow you to add two-factor authentication that requires you to enter a code sent to your mobile phone and/or email address, which you can then use to access your account. The constant monitoring may not prevent your data from being compromised, but along with other prevention capabilities discussed in this article, it will provide a layered defense in protecting your identity and stolen information from being exploited.