What to Do About the Equifax Credit Data Breach


Equifax knows you — even if you don’t know Equifax. It’s one of the three large credit bureaus that collect information on all your financial transactions from banks, credit card companies, merchants, mortgage lenders, landlords and utilities — just about every company to which you make payments or from which you borrow. And much of that information, on almost every adult in America, has just been exposed to hackers.

The potential impact is extensive. Information gained by the hackers includes addresses, social security numbers, birth dates and in some cases driver’s license numbers. The breach happened in late spring but only now is being disclosed.

The only truly surprising thing about the huge breach of security at Equifax is that it took so long to happen. Equifax allows protected public access to its data to individuals seeking information about their own credit reports and to merchants seeking to grant “instant credit” at point of purchase. That access creates greater vulnerability to a breach. Equifax knew that but obviously failed in some way to secure the information.

Equifax created a special website for individuals to check to see if their information has been compromised. To find out, go to www.EquifaxSecurity2017.com, and click on the “Potential Impact” tab. You’ll need your last name and the last six digits of your Social Security number to do that. You’ll receive a notification — the company doesn’t say how or when — that you have been affected. You’ll also be given a date, likely within a few days, when you can go back to the site and sign up for the free protection service Equifax is offering.

Users have reported two big problems with this site. First, many have tried and reported it as unresponsive or found that they could put in fake names and numbers and get a response! Even worse, the “terms of use” section of the site seemed to suggest that by signing up to see if your information was compromised, you automatically agree to an arbitration clause that would prevent you from joining a class-action lawsuit. Equifax says that won’t apply to this “cybersecurity incident,” but it might be wise to simply assume you are a victim.

So, here’s what you should do now.

–Start checking your banking and credit information regularly. It has been a few months since the breach, so the hackers have a good head start. And they also can be patient. Check your existing bank and credit card balances online at least weekly. And don’t file your paper statements without opening and scanning them.

–Go to AnnualCreditReport.com to get your totally free copy of your credit report. It’s not just the balances on your existing accounts that need watching. This time you are looking for newly opened accounts, something that could easily be done with the information that was stolen.

–Don’t wait for the Equifax free credit monitoring offer. Sign up elsewhere, and pay the small price. It will be a relatively low cost compared to benefit if the protection company notifies you that your information is being sold on the “dark web” or has been used to open a new account in your name.

–Consider “freezing” your credit. Contact each of the three bureaus. It will cost you a small amount to freeze and later un-freeze your credit report. But it will protect against someone using your personal information to open new accounts. Of course, if you are buying life insurance, refinancing your home, buying a car or even applying for a job — typical situations in which a credit report would be pulled — you’ll have to selectively unfreeze your report for this purpose.