Equifax, one of the major credit reporting agencies, released information on September 7, 2017 that a cybersecurity incident may have potentially impacted approximately 143 million U.S. consumers.
Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents.
Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.
Please see the Equifax website for more details and ways to protect yourself:
Although this is not the largest breach that has ever occurred, it is the largest in respect to the severity of personal information taken. It has been reported that 44% of Americans are affected. At this time, it’s unknown who was behind the breach. If taken by criminals, the potential for attempted fraud is a real threat.
Here are some practical tips for individuals whose information may have been compromised:
- Personal credit reports should be monitored for new loans that were applied for on your behalf. You are entitled to a free review of your credit report with each of the 3 credit bureaus once per year at www.annualcreditreport.com.
- Monitor all monthly statements for any unauthorized payments.
- Monitor your existing credit card and Credit Union/ bank accounts closely for charges you don’t recognize; such as address or phone number changes.
- Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
- If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
- File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS. The IRS will only contact you through the mail.