Yesterday, Equifax, one of the nation’s largest credit-reporting companies, released a statement saying a massive cybersecurity breach this summer compromised the personal information of almost 143 million Americans, CNN reported. Equifax was said to have discovered the hack on July 29, but waited until Sept 7 to warn consumers.
Equifax stores, tracks and rates the financial history of U.S. consumers. Their servers store data on loans, credit cards, child support payments, employer history, addresses, and other information that impacts credit scores.
The data breach, which lasted from mid-May through July according to the Federal Trade Commission, exposed the personal information of not only American citizens, but people in the UK and Canada as well. In addition to accessing names, Social Security numbers, birth dates, addresses and driver’s license numbers, hackers also stole the credit card numbers of roughly 209,000 people, and dispute documents containing personal information of 182,000 people, the FTC reported.
Previous breaches like this—such as Target’s breach in 2013 and Yahoo’s two hacks in 2013 and 2016—have made headlines, but Equifax’s hack is much more serious. Forbes reported that, according to a cybersecurity engineer for Equifax, the company was using “decade-old” security software on its infrastructure. For a company that makes a living from protecting and monitoring valuable personal information, this is a dangerous moment.
Affected consumers are struggling to reach Equifax for answers and are complaining that Equifax’s attempts to mitigate the situation by informing potential victims are falling short. Equifax has set up a website where consumers can find out whether or not their personal information was affected in the breach, but to do so, they must enter the exact sensitive information they are now cautioned against giving out: their last name and the last six digits of their Social Security number.
If users choose to enter that information, one of three messages appeared: that the user had been impacted by the breach, that they had not been, or an unclear message stating that their information “may have been impacted.” All users had the option to enroll in Equifax’s TrustedID Premier service for a free year of credit monitoring.
What else can worried consumers do? Do not rely on credit monitoring alone. Consumers should consider placing a credit freeze on all personal files, which will make it harder for identity thieves to open false accounts. The FTC also recommend placing fraud alerts on all files, filing taxes early and consistently checking credit reports from the three credit reporting bureaus: Equifax, Experian and TransUnion.