On September 7, Equifax, one of the three national credit reporting agencies (credit bureaus), reported a data breach that may have compromised the personal information of 143 million individuals. That’s almost half the population of the U.S. The compromised data is said to include Social Security numbers, birth dates, addresses and driver’s license numbers. In some cases, the compromised data may also include credit card numbers. The number of people impacted and the sensitivity of the breached information may make this the most significant data breach ever.
Here's what you need to do in response to the Equifax breach:
- First, determine if your information has been impacted by visiting the special website set up by Equifax: https://www.equifaxsecurity2017.com/potential-impact/. You will need to provide the last 6 digits of your Social Security number. Consumer advocates initially had a number of concerns about using this website. For the most part, these concerns have been resolved. If you feel uncomfortable entering your information on this website, it’s best to assume that your personal information has been compromised, given the size of the breach.
- Contact any one of the three credit reporting agencies -- Experian, Equifax, or TransUnion to request a fraud alert. When you request a fraud alert from one credit bureau, it will notify the other two for you. Your credit file will be flagged with a statement that says you may be a victim of fraud and that creditors should take additional steps to verify your identity before extending credit. The initial fraud alert lasts for 90 days. The fraud alert may be renewed on or after the 91st day for another 90 days. You can continue to renew a fraud alert indefinitely. You may cancel a fraud alert at any time.
- When you establish the fraud alerts, you will receive a follow-up letter from each credit bureau. Each letter explains how you can order a free copy of your credit report from that credit bureau. We suggest that you take advantage of this offer and order your credit reports.
- When you receive your credit reports, look for signs of fraud such as credit accounts that are not yours. Check to see if there are numerous inquiries on your credit report. If a thief is attempting to open up several accounts, an inquiry will be listed on your credit report for each of those attempts. Usually identity thieves do not succeed in opening all of the accounts that they apply for, only some. So multiple inquiries that you yourself have not generated are a sign of potential fraud. Also, check that your address(es), phone number(s), and employment information are correct. If you notice any fraudulent activity, file a dispute with the credit bureau.
- Consider placing a security (credit) freeze on your credit reports. A security freeze provides the greatest protection from identity theft. It is stronger than a fraud alert because it prevents anyone from accessing your credit file until and unless you authorize the credit bureaus to release your report. Be aware that this might be inconvenient if you will be applying for new credit, renting an apartment, or seeking employment involving a background check, since you will have to lift the freeze on your credit file for these situations. There also may be a small fee to place and/or lift the freeze. Brian Krebs' post How I Learned to Stop Worrying and Embrace the Security Freeze is an informative primer on security freezes.
- Monitor all of your financial accounts on an ongoing basis. If your financial institution offers it, set up text or email alerts of any activity. If you notice any unusual activity, ask your card issuer or bank to cancel the card/ account and issue you a new one.
- Be suspicious of any email or phone call that you might receive about the breach that requests any personal information from you. The compromised data could enable criminals to target you using your personal information.
Privacy Rights Clearinghouse provides an extensive Consumer Guide that can help you take steps to respond to this and other data breaches. Krebs on Security also has a guide The Equifax Breach: What You Should Know.