As many people know, one of the three major credit bureaus, Equifax, experienced a data breach of 143 million people’s personal information from late May – late July 2017, and went public with the news on Sept 8.
Equifax, like TransUnion and Experian are corporations that create our credit reports. To do so, they perform non-optional financial surveillance on our accounts in the US. They compile your name(s), address and social security number to link you to an accurate list of financial accounts you’re responsible for.
It is this first set of information — the private, personal information, that was fully leaked. A partial list of credit card numbers was also leaked. Somehow the full (proprietary) list of our accounts was protected.
THIS IS REALLY SERIOUS, MY PEOPLE.
I’m a web security worker in my daytime life, so please trust me.
More on the ethics of this massive f&*kup later. For now, here’s your steps to see if you need to take action.
Find out if you or someone you care about is affected:
- Put the oxygen mask on and check for yourself here: www.equifaxsecurity2017.com (note: this will take you to a page that also wants you to enroll in a service. The service is optional.)
- Find out if vulnerable friends or family members (mom doesn’t use the internet?) have been affected.
If you don’t want to find out, please assume your data has been leaked and proceed accordingly.
If you or someone you care about has been part of this data breach:
- Get a copy of your credit report now.
- AnnualCreditReport.com is the federally-sponsored service to do this. You can pull one report from each credit reporting org annually without hurting your credit, so you might want to space out the reports you request into a report from one of the three agencies, spaced out every four months.
- Your bank or credit card may also offer a credit report pulling service.
2. Put a temporary Fraud Alert on your account now. This is a 90-day window in which any new accounts will need additional verification before they can be created.
- Contact any of the Big Three Credit Reporting agencies, and ask for a Fraud Alert to be placed on your account (they’ll inform the other two).
- Equifax is hard to reach but they’re at 866-640-2273
- You can request a fraud alert online from TransUnion: https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp
- …and, don’t forget the “other” credit reporting company, Innovis: https://www.innovis.com/fraudActiveDutyAlerts/index
3. Check ALL your bank accounts and credit accounts now.
- If possible, add alerts for large purchases or withdrawals.
4. Then, with a snapshot of your credit accounts to review, alerts, on, and three months of Fraud Alert giving you some time, decide what you need to do within the 90 day Fraud Alert window. Some options include:
- Review your credit report and ensure that there’s not already suspicious activity. If there is,Visit IdentityTheft.gov to find out what to do.
- Sign up for a credit monitoring service through your bank or credit card
- Sign up for a free credit monitoring service like Credit Sesame or Credit Karma
- Sign up for a paid credit & identity monitoring service like LifeLock or the one Equifax is offering for free for the first year (though paying them after the free year is up may seem extra bitter).
- Add two-factor authentication to all your bank and credit card accounts.
- Set up a regular time to pull and review your credit reports AND credit card statements. If you didn’t like looking at your own spending before, think about how unhappy you’ll be if you look and see someone *else’s* spending now.
- Consider freezing — though it’s a hassle, it may offer peace of mind — from Equifax, Experian and TransUnion as well. It will be a few bucks, but NO new accounts can be opened without a special PIN and two-factor authentication.
Read more on what to do from the Federal Trade Commission here, from the NYT here, or the Washington Post here.
A few FAQs:
- “So what?” Your name, SSN, and address are all that’s needed to open credit accounts that malicious actors can then spend on. It’s possible, but hella annoying, to get those cleared. Also, someone can file your taxes on your behalf and get your tax return. LOLZ FML.
- “Haha whatever take my debt” — if only. What will happen, dear one, if your information is used maliciously, is that you will have MORE debt. We don’t want that. You need to start paying attention, and now is a good time.
- “I just don’t want to think about money stuff or check.” Ok, you’re far from alone. Again, if you haven’t or don’t want to check if you’re affected — please assume that you have had your SSN, name, and address leaked, like 143 million other people in the US.