Everyone should be worried about the latest cybersecurity breach.
Equifax, one of the main credit score providers in America, announced Thursday that the company was the victim of a large-scale hack that exposed the personal information, including Social Security numbers, of an estimated 143 million Americans.
Hackers gained access to names, Social Security numbers, birth dates, addresses and some driver’s license numbers. About 209,000 customers’ credit card numbers were also exposed, as well as dispute documents containing personal information for about 182,000 customers.
With a hack that could affect up to 44 percent of the American population, people are understandably anxious to find out if they are among the many whose information is now at risk of identity fraud or being sold on the black market, an underground online marketplace where criminals sell personal information that can be used to get credit cards, take out loans or make purchases.
“When this type of stuff happens, it’s like, ‘Oh, crap,’” Alex McGeorge, head of threat intelligence at the security firm Immunity, told Wired. “Your Social Security number doesn’t change, so this data is going to get resold on the black market and hold its value for a while.”
To find out if you’ve been affected, you can check on a website Equifax has set up in response to the hack: www.equifaxsecurity2017.com.
The website above will lead you to a link to let you see if you were impacted by the hack. In order to do so, you have to provide your last name and the last six digits of your Social Security number.
Once you do that, victims of the breach will be scheduled for enrollment in the company’s “complementary” credit-monitoring service, TrustedID Premier, for one year. After the year is up, users may have to pay for the service if they don’t proactively cancel. The terms of use say customers must have internet access and a credit or debit card to sign up.
The terms of use for TrustedId says that customers using its products are subject to mandatory, binding arbitration. However, on Friday, Equifax clarified on its website that the “arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”
When several HuffPost staff members attempted to check their status, they received one of two messages: One confirms that the user was not affected by the breach and the other message says you may have been affected. Both provide a link to enroll in the company’s credit-monitoring service, TrustedID Premier.
In the meantime, you can protect yourself by doing the following:
1. Freeze your credit.
Enabling a credit freeze restricts who can see your credit report, preventing lenders and others who you aren’t already familiar with from accessing your information. To do this, call each of the three major credit monitoring bureaus: Experian (888‑397‑3742), TransUnion (888-909-8872) and Equifax (800-349-9960).
2. Activate a free 90-day fraud alert.
According to the Federal Trade Commission, you are allowed to activate a free 90-day fraud alert with one of the three credit bureaus, which will make it harder for identity thieves to steal your information. You can also renew it after the 90-day period is over.
3. Check your credit report.
Although Equifax announced the security breach on Thursday, it discovered the actual breach on July 29. That means that hackers may have had personal information for a few months before they were caught. Check your credit report using a verified credit report company to see if there have been any accounts opened under your name without your permission.
CORRECTION: An earlier version of this story listed an incorrect contact number for Equifax. Language has also been changed to note that all three credit score companies, not just one, must be contacted to initiate a credit freeze.
This article has been updated with new information about Equifax’s responses to customer inquiries and its credit monitoring service.
Related
Before You Go
