On Thursday, Sept. 7, Equifax announced a data breach that could potentially impact 143 million U.S. consumers. Among the information that was accessed were names, Social Security numbers, birth dates, addresses, and more. Here are the details of what happened and what you can do to protect yourself.
Equifax reported that unauthorized access of certain files occurred from mid-May through July 2017, which could potentially affect millions of consumers. The criminal activity was detected on July 29, and the company says that it acted right away to stop it.
Criminals obtained information such as names, Social Security numbers, birth dates, addresses, and driver's license numbers. Credit card numbers for more than 200,000 consumers and credit report dispute letters for about 182,000 consumers were also accessed.
However, the company says that no unauthorized access on Equifax's core credit reporting databases (consumer or commercial) has been detected.
Equifax also plans to send direct mail notices to consumers whose credit card numbers or dispute documents (which contained personal identifying information) were accessed.
How to protect yourself
To help protect consumers who may have been affected, Equifax is offering free credit file monitoring and identity theft protection for one year to all U.S. consumers. It may be a smart idea to take advantage if you don't already use a credit monitoring service.
According to Matt Schulz, CreditCards.com's senior industry analyst, "When breaches like these happen, consumers need to be diligent -- and not just in the short term. Just because nothing looks amiss on your bank statements or your credit report now, that doesn't mean you haven't been compromised. Bad guys can be very patient, so it's important to keep an eye out long after this story fades from the headlines."
In other words, the best defense is to monitor your credit report frequently to check for any suspicious activity, such as accounts you didn't open, address changes, or anything else that you don't recognize.
You may want to consider a fraud alert
If you believe that your identity has been compromised, or if you just want to be on the safe side, you can place an initial fraud alert on your credit report. Doing so is free, and all you need to do is to contact one of the three credit bureaus (Equifax, Experian, or TransUnion), and they will inform the other two.
In a nutshell, a fraud alert makes it tougher for would-be thieves to open fraudulent accounts in your name. Lenders see the fraud alert when checking your credit, and then must take additional steps to verify that it is actually you opening the account.
An initial fraud alert lasts for 90 days, and can be renewed or cancelled as needed. Equifax offers an "automatic fraud alert" feature, which automatically renews the fraud alert every 90 days.
A credit freeze is a more effective step
Freezing your credit makes it virtually impossible to open an account in your name, as it will deny lenders access to your credit report. This means that they won't be able to complete a credit check and therefore won't be able to open an account. Unlike a fraud alert, a credit freeze won't expire until you choose to remove it.
You must place a credit freeze with each bureau individually, and doing so can come with a fee, depending on what state you live in (usually less than $10 per bureau). However, if you're already a victim of identity theft, a credit freeze is 100% free.
If your identity is stolen
Aside from placing a fraud alert or freezing your credit, if you see a fraudulent account show up on your credit file, there are a few important things to do, according to the Federal Trade Commission.
- First, it's important to create an identity theft report, which you can do at identitytheft.gov, or by calling the FTC at (877)438-4338. This can serve as proof that your identity was stolen and gives you certain rights when trying to do damage control, such as the ability to close fraudulent accounts and have them removed from your credit report.
- Next, call the fraud department of the company where the account was opened and explain that someone stole your identity. Ask them to close the accounts right away to prevent further fraudulent charges.
- Once you have an identity theft report, you can go to your local police station and file a report. Be sure to get a copy of it.
- If you find fraudulent charges on your current credit accounts, call the fraud department and explain which charges aren't yours and ask that they be removed.
- Write to each of the credit reporting agencies, explaining which information came from identity theft, and ask them to block that information. Include a copy of your identity theft report.
- If your identity has been stolen (and you have an identity theft report), you can place an extended fraud alert that lasts for seven years. You'll need to contact each of the three credit bureaus.
Note that this is not an exhaustive list, and depending on your situation, there may be other steps you can take. You can find the FTC's suggested situation- and account type-specific steps to take on the agency's website.
The bottom line
To be perfectly clear, the Equifax data breach shouldn't be a cause for panic, as many people who have their information stolen never experience any issues.
That said, it's important to keep an eye on the situation and take additional steps as appropriate. If you don't already have a credit monitoring service, it may be a good idea to take advantage of the free year of Equifax's services being offered, just in case any suspicious activity takes place.