A monumental data breach at credit reporting company Equifax led to the theft of a huge mix of social security numbers, credit card numbers, drivers license numbers, birth dates and home addresses for about 143 million people in the U.S. That’s about 45 percent of the U.S. population.
Equifax is a credit reporting agency that collects and manages data about millions of consumers and businesses worldwide.
If you’ve ever gotten a credit check before, there’s a pretty high chance that your information was stolen. Here’s a rundown of the latest information you need to know about what went wrong, who was responsible, and how to protect yourself.
How do I know if I was affected?
You can call the company at 866-447-7559 or go to their breach response website. You will type in your last name and the last six digits of your social security number, and the site will tell you if you’ve been affected. You’ll then be offered a temporary fraud monitoring service.
What do I do if my information was stolen?
If your information was stolen, Equifax can freeze your credit, which will prevent identity thieves from opening up new accounts in your name, as nobody will be able to run a credit check on you without contacting you first. Equifax actually charged people for this after the breach was made public, but has since waived fees after massive public backlash.
In addition to a credit freeze, Equifax is offering a year of free credit monitoring, which could alert you to suspicious activity on your accounts. Many bank and credit card companies also provide this service to their customers.
But the watch will never end, and you’ll need to be wary at all times from now on, experts say. That information is now out there, forever, and you’ll need to find other ways to monitor your credit and your identity after these short-term services are up.
“If any of the data was exposed, you will be living with that for the rest of your life,” Rich Mogull, who runs the security research firm Securosis, told the Associated Press.
What happened here?
Equifax reported that it’s security team observed “suspicious network traffic” in late July, which it investigated and blocked. Later, the company took the faulty web application offline. On August 2, Equifax hired a cybersecurity firm to investigate the breach.
Over the next several weeks, the firm, called Mandiant, discovered that 143 million U.S. consumer’s private information had been disclosed, along with 209,000 credit card numbers. Some in the U.K. and Canada were also affected.
Who is responsible?
It’s not clear who was responsible for the breach. The company is working with the FBI as the agency conducts an investigation.
Some have called for company executives to be held responsible, and even Congress has demanded answers from executives. Apache, which created the web application that was compromised, said that the breach was a result of Equifax’s failure to promptly update the software with security patches. The vulnerability was identified and patched on the same day, but Equifax still hadn’t corrected it two months later when hackers broke in.
“Our top priority is doing everything we can to support affected consumers. Our team is focused on this effort, and we are engaged around the clock in responding to millions of inquiries from consumers,” wrote Equifax CEO Richard Smith for a USA Today article.
Equifax announced Friday that two key technology executives were retiring effective immediately, and they were replaced with interim officers.
Bloomberg reported that the U.S. Department of Justice is investigating whether three executives at Equifax violated insider trading laws after it was revealed that they had sold nearly $2 million worth of Equifax stock in the days before the breach was announced to the public.
Scott Berson: 706-571-8578, @ScottBersonLE