The Equifax Data Breach — Everything You Need to Know So Far

On September 7th 2017, Equifax — one of the three major U.S. credit agencies — announced that sensitive personal information of 143 million people was hacked, exposed, and stolen. While most of those 143 million are U.S. residents — a staggering 44% of the nation’s population —  this major data breach also includes some Canadian and United Kingdom residents.

As one of the largest data breaches in U.S. history, it’s particularly important to understand how serious this security threat is to everyone. “On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said one identify theft and fraud tracking expert. U.S. Senator Mark Warner and vice chairman of the Senate Select Committee on Intelligence also said that this would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”

According to their website, “[Equifax] organizes, assimilates and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, and its database includes employee data contributed from more than 7,100 employers.” And while Equifax has found “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” the fact that nearly 44% of the U.S. population’s secure information is no longer secure is staggering and alarming.  

Keep reading as we cover everything you need to know about protecting yourself, your credit score, and your finances — personal or business related — following the Equifax data breach.

Exposed in the Equifax Breach

For the 143 million exposed Equifax customers, it’s reported that hackers gained access to the following sensitive information:

  • Names
  • Social Security numbers
  • Birth dates
  • Addresses
  • Driver’s license numbers
  • Other private information
  • Credit card numbers (around 209,000 consumers affected)
  • Dispute documents with personal identifying information (around 182,000 U.S. consumers affected)

If you’re thinking about the possibility of ruined credit, identity theft, driver’s licenses made in your name (and all that can entail), countless credit cards in your name, and more, you’re not alone.

How the Equifax Breach Happened

The Equifax security breach occurred because cyber criminals “exploited a U.S. website application vulnerability to gain access to certain files,” said Equifax. On the surface, many are calling this a “relatively unsophisticated attack,” as the “same web application vulnerabilities from decades ago are still some of the primary vectors that are leveraged by hackers in modern attack scenarios.” Learn more about what exploits and vulnerabilities are in our blog, Exploits: What They Are and How to Protect Your Computer.

Quick Timeline of Equifax Breach

Mid May-July 2017: Hackers access consumer information on Equifax.

July 29, 2017: Equifax discovers the breach.

After July 29, 2017: Equifax states they acted immediately to stop the intrusion with the help from an independent cybersecurity firm.

August 1, 2017: Three top Equifax executives sell Equifax shares or exercised options to dispose of stock worth about $1.8 million. Equifax said the executives were unaware of the breach upon selling.

September 7, 2017: Equifax announces the cybersecurity breach.

September 7, 2017: Equifax states that their investigation is substantially complete, but remains ongoing. They expect the investigation to be complete in the coming weeks. They also state that they will send direct mail notices to consumers whose sensitive information was impacted.   

Were You Affected by the Equifax Breach?

Finding out if you’re among those impacted by the Equifax data breach has proven a bit lacking. However, Equifax set up the website to help consumers find out if their information was compromised and to sign up for a year of free credit monitoring through TrustedID Premier.

Once on, you must enter your full name and the last six digits of your Social Security number. You should then receive a message whether or not you’ve been affected. However, users have stated they entered a bogus name with the digits 123456 and still received a message that they may have been affected. If you do enter your actual information and plan to continue with credit monitoring, you may be prompted to sign up immediately or at a later date. The last day to enroll is November 21, 2017.

Things to consider:

  1. Many consumers are already leery about submitting personal information to and signing up for credit monitoring with a company that already failed to keep their information secure.
  2. Phishing scams, including phishing domains for Equifax, are on the rise. Over 1000 fake websites (as of September 13, 2017) targeted at concerned Equifax consumers have already been discovered. They’re mostly variations of the real website, so make sure your spelling is accurate! See the full list of Equifax scam websites here.
  3. There is no waiver of rights for this cyber security incident. Equifax stated: “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.” Additionally, “[we] confirm that enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action.” Review Equifax’s other updates and FAQ.

Protect Yourself in the Aftermath and the Future

Whether you decide to put your trust in a credit monitoring company or not, there are a few things you can do on your own to protect your identity, credit, credit score, and finances.

  1. Consider freezing your accounts after signing up for credit monitoring. With a freeze in place, credit can only be extended after the applicant (you) provides a unique pin number. Equifax is now generating random PIN numbers for this, but they weren’t always. Full story here.
  2. Watch your personal or business finances closely. Report unauthorized activity immediately.
  3. Monitor your credit report. Review personal information and check for credit card applications filed in your name.
  4. Review these tips from the Federal Trade Commission (FTC).
  5. Visit the Federal Trade Commission (FTC) to learn more about protecting yourself from identity theft. If you’re a victim of identity theft, immediately file a complaint with the FTC.
  6. Read our blog and contact us to learn more about how to make sure your business is secure and impenetrable to security breaches like these.

Learn More about Cyber Security for Businesses

While this is attack was focused on gaining secure personal information, it was taken from a business — one that apparently didn’t take the proper precautions to ensure that their systems were secure. Use this major incident as a reason to ensure that your business — and all of its secure information — isn’t a future target. Eliminate vulnerabilities in your system. Make sure you contact Integracon to learn more about managed security suites and other IT solutions.