The Federal Trade Commission says that if you have a credit report, there’s a good chance you’re one of the 143 million American consumers whose personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies. The hackers got information including names, addresses, birth dates, Social Security numbers, credit card numbers and driver’s license numbers. According to a report by CNBC, given the size of the breach, representing 44 percent of the entire U.S. population, experts say people should assume their information was compromised. So what should consumers do now?
Consumer Reports suggests consumers protect themselves by following these steps:
- Find out whether your information was compromised. Equifax has set up a website that allows consumers to determine whether their information was potentially compromised. Click on “Am I Impacted?” on the home page. You’ll then need to enter your name and the last six digits of your Social Security number.
- Sign up for credit monitoring. Equifax will provide free credit monitoring to all U.S. consumers whether or not their information was part of the breach. Equifax is offering five separate services under the program, all free and found on the company’s website.
- Freeze your credit. Credit freezes go further than credit card monitoring in that they prevent anyone from opening a new credit account in your name. Unfortunately, that includes you, so when you apply for credit you will need to unfreeze your credit before you do so.
- Check your accounts. Even if you follow all these steps, you may need to monitor your own accounts for fraudulent activity indefinitely.
If you have a credit report, the Equifax breach affects you
Additionally, the Federal Trade Commission recommends placing a fraud alert on your credit files and filing your taxes early, before the scammers can file a return under your name and Social Security number.
Many experts are suggesting credit freezes. However, that step is not enough. Adam Levin, writing in USA Today, says, “Credit freezes do not mitigate all threats. First of all, you are still vulnerable to attacks on existing accounts. You are also more susceptible to spear phishing emails and texts now, since fraudsters now know where you bank, where you have debt, and who financed your car. They no longer have to guess which bank you use, thereby making the whole process of defrauding you much more expedient—a real win for scam artist productivity.”
U.S. Senator Elizabeth Warren is initiating an investigation into the data breach. She also plans to sponsor a bill that will give consumers the right to freeze and unfreeze their credit at no cost. There are other investigations going on by members of Congress, the New York Attorney General, the Consumer Financial Protection Bureau and other government agencies. Dan Guido, CEO of cybersecurity firm Trail of Bits, speculates that this may mark the beginning of a “post-authentication era,” where traditional identifying information becomes useless in establishing identity. “There’s no sense in treating this like confidential information anymore,” he says. “When you call up your cell-phone company they typically ask for this information, like your Social Security number or your driver’s license number. And it’s simply no longer possible to accurately identify people using these typical trust markers.” Although there have been data breaches that affected more people, such as the Yahoo breach, the sensitivity of the information accessed in this breach is likely to have greater repercussions. The effects of the Equifax breach will be felt for a long time to come.