Almost 6 months ago today, Equifax announced one of the largest, yet most heinous breach of consumer data in the history of the Internet (and United States, frankly). An approximated 145 million US consumers have been compromised in this breach – with attackers gaining access to critical personal information such as: social security numbers, birth dates, driver’s license numbers, and, get this, credit card numbers. Short of bank pins, or credit card security codes, this silver platter, data smorgasbord freely opens up essentially everything on these unknowing consumers. And we bet that is not the ONLY data Equifax is keeping on us consumers.
Let’s dive in and find out what’s transpired during the past few months and what we can do to stay safe.
What does Equifax do for US Consumers?
Equifax is a private, consumer data collection and aggregation company focused on gathering and providing creditor information to banks, government, business and, frankly, anyone who requests it as long as they are doing so in compliance with the Fair Credit Reporting Act (FCRA) laws. Simply, a request for your information can be made by your employer, your land lord, your niece or nephew – and Equifax would package it up and provide them with extensive data on you.
What do we know about the Equifax breach?
For starters, we know that almost 50%, or ~145 million people, of the United States population’s data was breached, leaked and compromised by unknown actors sometime between May and July 2017. Exactly three months these attackers claimed access to your most secret financial and personal data through the Equifax system. Talk about being “pwned” and further, completely “owning” a system.
However, in a strange course of events, it took Equifax months to report this breach to the public. On September 7th, 2017, Equifax’s communication team released this notice – only claiming some data and less than 250,000 affected persons. We’ve since learned that those initial, self-reported numbers were so low it might have well been a lie.
Check out this crafted, double-talk from their FAQ page:
After discovering the incident, the company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Because this incident involves a substantial amount of personal identifying information, the investigation has been complex and time-consuming. The forensic investigation has now been completed, and we are sharing the final numbers.
We provided the best estimate possible based on the information available at the time. Since then, we have been working with a cybersecurity firm to conduct a complex and time-consuming investigation. The investigation is now complete and these are the final numbers that will be reported.
To make matters worse for Equifax, they announced that their systems storing data on their Canadian and UK friends were also compromised. You can learn more from the Equifax Security FAQ page but essentially, and in our opinion, there is a good chance that everyone in the US is undoubtedly compromised. Yay!
Equifax lobbying efforts
Equifax sale of stock right after learning about the breach
what’s Equifax doing about it?
– lobbying their way out of any responsibilities
what’s congress doing about it?
We should probably consider limiting private companies data collection practices.
We all witness or have been a part of data breaches stemming from hacks or poor security practices from big, big companies. Over the past decade, the data has become most of these companies’ core business and we’ve slowly learned that they have access to OR collect as much data on each individual as they possibly can to build a “profile” on each and every one of us. Then, to boot, they will share and sell that information to their “partners”. We all have credit cards that disclose data and information that we can and can not limit. Just to sell us more junk we don’t need.
Equifax and the other credit reporting agencies are no different. Lots of data, lots of partners and lots of legislation they’ve lobbied for in their favor. Moreover, we have to be careful to understand there are MORE than 40 agencies out there than the widely-known, Equifax, Experian and Transunion. It’s frightening how much data is being collected under your nose.
If you have a spare 20 minutes, NPR’s Planet Money has a great talk regarding the uprising of the credit bureaus and the power they weld.
Our job as consumers is to begin limiting their data collection and storage practices through our own senators and congressmen (and voting with our wallets).
What can I do to protect my credit profile and accounts?
- Find out if you have been impacted by searching for your NAME and SSN at the Equifax Security Website.
- Get a free copy of your credit report at the OFFICIAL Annual Credit Report website. It should be noted that MANY scam or pay-to-play websites are lurking on the internet that are fake or otherwise malicious. Be careful!
- Place a security freeze or lock on your credit reports at Equifax, Experian, and TransUnion.
- It doesn’t hurt to check your ChexSystems profile as well. Many banks rely on ChexSystems to verify customers attempting to get new accounts.
- Consider placing fraud alerts on your reports and accounts.
- Be pro-active and aware of your accounts!
This list of protections and/or preventative thoughts are just a few things you can do but is not completely exhaustive. Please take your own precautions as you see fit and as the master of your financial universe.
how to protect yourself going forward?
– check your credit report frequently
– opt out of your credit card and bank data sharing, privacy and marketing policies
– write, call or visit your US representatives and senators
– get local: US reps and senators talk to state-level reps and senators. Contact your state-level reps and senators too!
– take those extra steps in the future to safe guard your life and personal data