In our continuing effort to be the source of information, we would like to assist all of our clients in identifying how the Equifax Data Breach may have impacted your identity and credit information and what you can do to protect yourself. In our commitment to always give value, please feel free to forward on to your friends and family
THIS IS WHAT WE HAVE LEARNED
Equifax confirms that the hackers obtained names, Social Security numbers, birth dates, addresses and some Driver’s License numbers of approximately 143 million people.
WHAT DOES THIS INTRUSION AFFECT?
Equifax confirms that your Credit Score and Credit History has not been affected or modified. They shared that this information is housed in a different system from the information that was hacked. At first it felt like the news was one more in an long string of massive data breaches that has included Yahoo, Google, Verizon, the IRS, the Department of Homeland Security, Anthem, Target, Neiman Marcus, JPMorgan Chase, Home Depot and too many others. Equifax itself has been breached four times in the last two years. But this breach looks to be a bit more severe than most of these others, and it will have consequences in multiple areas and for a long time to come. Here’s why…
Identity theft. Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers were exposed in the breach, in which criminals exploited a website application vulnerability to gain access to Equifax files. In addition, credit card numbers for about 209,000 U.S. consumers and certain dispute documents with personal identifying information for roughly 182,000 U.S. consumers were vulnerable. Equifax says the unauthorized access occurred from mid-May through July 2017. “This isn’t just email addresses and credit card numbers,” said Nick Clements, who formerly ran a fraud department at Citigroup and today runs the consumer finance site MagnifyMoney. “When credit card account data is compromised, card issuers are notified, card numbers get retired, the cards are reissued and that’s more or less that.”
“I don’t even blink anymore when it happens,” Clements said. “No big deal.” But with a consumer’s Social Security number, date of birth, name, address, and in some cases driver’s license number, a fraudster can open a new credit account relatively easily. This is about fraudsters being able to go out and open a brand new account in your name, and potentially selling Social Security numbers,” Clements said. “The thing that wakes people up, at least wakes me up, is that it’s a lot of numbers and the nature of the information means the type of damage that could be done is a lot more serious than just taking over a credit card. In addition, this stuff takes time,” he said. “If names and Social Security numbers and dates of birth are out there, they will be used at some point for years to come. No one should take reassurance that a few weeks in, they don’t detect a high level of activity. There’s a long shelf life here. This is a company that sells identity theft protection services, and then 143 million people lose their information, so even people who are charging money to help protect people from identity theft become a target,” he said. “It makes you realize your data is just as safe as an individual. I work under the premise my data will be stolen and I need to live with that reality.”
New account opening. This breach heightens the risk of fraudulent account openings at a time when banks and fintech companies are increasingly allowing consumers to open new accounts on mobile devices in faster time frames — often in less than 10 minutes. When banks and fintechs open accounts online, they typically use information provided by credit reporting agencies to help verify identities and meet Bank Secrecy Act obligations, pointed out Scott Sargent, an attorney with Baker Donelson’s Financial Services Transactions Group. “Banks and fintechs will need to closely evaluate their processes in light of the Equifax breach to make sure the information they are getting is still accurately verifying their online customers,” Sargent said.
Authentication. This incident may call into question the industry’s dependence on consumer data for authentication. “Financial institutions and other similar businesses that rely on personally identifiable information are being confronted with an environment where all of this data is being bought and sold, fed by these types of events,” said Al Pascual, senior vice president, research director and head of fraud and security at Javelin Strategy & Research. That means they can no longer rely strictly on PII any longer as a means of verifying identity. In a way, this breach ties in nicely with the New York State Department of Financial Services’ cybersecurity rules for banks, which require them to use multifactor authentication — the use of something besides a user name and password to grant people access to applications, be it a one-time passcode, a biometric, knowledge-based authentication or something else — or even stronger controls.
HOW DO YOU FIND OUT IF YOUR INFORMATION WAS HACKED?
Equifax has established a website https://www.equifaxsecurity2017.com/ where you can input your name and information and Equifax will notify you immediately as to whether your information was impacted. There is some chatter on FB and other social media that checking on this from this site makes you agree to not be part of a class action law suit. Use your own due diligence. Note that I had to go in multiple times before I could enter all my information (if you have not entered your email and other information, you have not gone all the way through the process). The website is definitely overloaded right now. You can also call them at 866-447-7559 (expect a very long wait).
WHAT TO DO IF YOUR INFORMATION WAS IMPACTED
• Equifax is offering every affected consumer a credit monitoring service, free of charge, for a year (see above). Follow the website prompts and you can activate the service. The call center at 866-447-7559 will be open 7 AM- 1:00 AM (ET) every day and Equifax personnel can answer your specific questions.
- Make sure that your passwords do not contain the information that may have been hacked (ex. birth date or part of Social Security number).
- Check your monthly bank and credit card statements and make sure all charges belong to you.
- Contact your credit monitoring service regularly and make sure that no one has opened up new accounts falsely in your name. There are services that will give you a monthly update on your credit as well as those that will immediately contact you should your credit report be pulled.
- Possibly put a freeze on your credit report. The Federal Trade Commission states: If you’re concerned about identity theft, those reported mega-data breaches, or someone gaining access to your credit report without your permission, you might consider placing a credit freeze on your report. https://www.consumer.ftc.gov/artic…/0497-credit-freeze-faqs…
The big thing to remember here is that your SS # and DOB could be out on the dark web for years to come, and having a freeze is very inconvenient when you are purchasing anything in which your credit report needs to be pulled… but it will decrease your chances of identity theft.
Stay vigilant, review your monthly statements, and contact any credit provider or bank immediately with any questions or concerns. You owe it to yourself and your family to keep your credit and identity safe. We have seen first-hand the life-altering effects of identity theft, and unfortunately the system works in a manner that you are “proven guilty until you can prove innocence.”
When we can be of further assistance, we are always happy to hear from you.