Please ensure Javascript is enabled for purposes of website accessibility

143 Million Americans May Be at Risk of Identity Theft Due to Equifax's Data Breach. Here's What to Do Now

By Jordan Wathen - Updated Sep 11, 2017 at 2:50PM

You’re reading a free article with opinions that may differ from The Motley Fool’s Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More

Hackers may have collected the Social Security numbers, birthdays, addresses, and even drivers licenses of 143 million people from a data breach at Equifax.

Equifax, one of the three major consumer credit bureaus in the United States, announced on Thursday that hackers may have accessed the personal information of more than 143 million people.

The company said it learned in July that hackers accessed data including the names, Social Security numbers (SSNs), birthdays, addresses, and in some instances, driver's license numbers, of 143 million people -- precisely the information someone could use to open accounts in your name.

What it means and what you can do

The company said that it "has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases." That means information about how much you owe the bank on your mortgage, or late payments on a dental bill five years ago, wasn't accessed in the hack, at least as far as we know now. 

Illustration of a hacker stealing personal information

Image source: Getty Images.

The bad news is that if you have a credit file at Equifax because you have a car loan, credit card, student loan, a mortgage, or some other financial account, the number of people affected suggests that is highly likely your personal information (name, address, SSN, and/or birthday) is in someone else's hands. But don't panic. In a perverse way, the fact this data breach affects so many people somewhat mitigates the risk that your information is used to open new accounts in your name.

For its part, Equifax launched EquifaxSecurity2017.com where you can see if your personal information was accessed, and enroll in Equifax's TrustedID Premier product to monitor activity on all three of your credit reports for free.

The downside is that the website requires you submit your last name and last 6 digits of your social security number. If exposing your name and the most important digits of your Social Security number to a company that just reported a major data breach doesn't sound like a good idea... well, I can't argue with the logic. Luckily, there is another way to keep tabs on your credit reports.

Go straight to the source

The Fair Credit Reporting Act (FCRA) requires credit bureaus to provide you with access to your credit reports once per year, completely free. You can access your reports by visiting AnnualCreditReport.com, a website that was set up for the express purpose of providing consumers with free access to their reports as required by law.

Of course, as with anything that is free, it has a key limitation: You can only pull each report once per year. Thus, to maximize this free benefit, consider pulling one report now, and then log-in again a few months later to pull another report from a different bureau. Because financial companies often report accounts to more than one credit bureau, if not all three, it's likely that any fraudulent accounts will be reported to multiple credit bureaus, making it possible to catch them by pulling just one report at a time.

If you find any accounts you don't recognize, you can work with the credit bureau, through the AnnualCreditReport.com website, to have this information removed from your report. You can also reach out to the financial company to report suspicious activity. It's really pretty simple to use, and surprisingly intuitive for a quasi-government website.

Other smart steps to take now

It's my personal view that this data breach will likely be a multiyear mess that will take a lot of time to sort out. If someone does actually have names, birthdays, and SSNs of 143 million people, banks and other financial institutions will have to find a new way to verify that people are actually who they say they are. 

There is only so much you can do now, but as an additional precaution against fraud, consider changing passwords and security questions on bank accounts, credit cards, and other important financial accounts, as well as any email accounts that are associated with them.

Given the data breach includes information like addresses and birthdays -- data commonly used for security questions to authenticate your identity -- you may want to change your security settings for your accounts as well.

Here's a tip: It's OK to tell your bank your mother's maiden name is "Pg#2!QEs," or something similar. Security questions are a secondary password, not part of a lie detector test. Just make sure you write down your mom's made-up maiden name somewhere you can find it later, lest you get locked out of an account that is actually yours.

 

Invest Smarter with The Motley Fool

Join Over 1 Million Premium Members Receiving…

  • New Stock Picks Each Month
  • Detailed Analysis of Companies
  • Model Portfolios
  • Live Streaming During Market Hours
  • And Much More
Get Started Now

Stocks Mentioned

Equifax Inc. Stock Quote
Equifax Inc.
EFX
$194.61 (1.80%) $3.45

*Average returns of all recommendations since inception. Cost basis and return based on previous market day close.

Related Articles

Motley Fool Returns

Motley Fool Stock Advisor

Market-beating stocks from our award-winning service.

Stock Advisor Returns
330%
 
S&P 500 Returns
115%

Calculated by average return of all stock recommendations since inception of the Stock Advisor service in February of 2002. Returns as of 05/23/2022.

Discounted offers are only available to new members. Stock Advisor list price is $199 per year.

Premium Investing Services

Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.