On 9/7/2017 Equifax announced a massive personal data breach potentially impacting approximately 143 million United States consumers. The breach is a result of cyber criminals exploiting a website application vulnerability to access this valuable information. This cyber incident is quite serious due to the nature of the data that was accessed.
The breach, which was discovered in July, includes consumer names, Social Security numbers, birth dates, addresses, and driver’s license numbers. During investigation of this cyber intrusion, Equifax also identified unauthorized access of credit card numbers for approximately 209,000 U.S. consumers.
Identity theft is one of the quickest growing criminal activities in the United States. The information stolen could be used to establish false credit accounts under your name and ultimately cause long term damage to your credit standing. A cybercriminal may use the data to file a false tax return in your name and receive a refund.
What can I do to protect myself?
Equifax will eventually send notification to victims via postal mail. In addition, they have setup a website at www.equifaxsecurity2017.com/ that will allow you to verify that your information was in fact compromised. The website will also allow consumers to enroll for up to one year of free credit monitoring.
If you find yourself a victim of identity theft, the Federal Trade Commission has established a website https://www.identitytheft.gov/ where you can report the incident and create a personal recovery plan.
You may consider placing a “credit report freeze” at the three major credit bureaus (Equifax, Experian, and Transunion). This will prevent access to your credit reports without your consent. There may be a small fee to enable or disable this security mechanism. Freezing your credit report does not impact existing credit accounts but may help prevent establishment of new credit without your knowledge.
Reviewing your credit and online accounts for suspicious activity on a routine basis is good practice. When available, enroll in account alerts from your financial institutions to receive real time email and text alerts when certain activities occur.
Subscribing to an identity protection service will allow for regular monitoring for suspicious activity on your credit reports, new credit accounts, address changes, or the appearance of your information on the Internet black market also known as the “dark web”. Identity Force, ID Shield and LifeLock are three popular identity protection services.
Cybercriminals will certainly view the cyber incident as an opportunistic event. It won’t be long before email phishing campaigns will be sending messages that appear to be from legitimate companies. These messages will likely offer a service or information related to the breach with the hidden intent of getting their victims to give up personal data such as a social security number or install malware to take control of the victim’s computer. When in doubt do not click any email links or attachments, but go directly to the company’s website via your web browser. If you choose to call the company to verify the email, do not use any phone numbers in the email. Look up the number by using your browser to go directly to the company web site.