CSGO Lotto settles FTC’s first lawsuit against social media influencers
How to make (or not make) tomato sauce

What should you do about the Equifax data breach?

Credit ReportEquifax, one of the nation’s three major credit reporting agencies, has experienced a data breach that exposed people’s names, Social Security numbers, birth dates, addresses and, in some cases, the driver’s license numbers of 143 million American consumers.

The breach lasted from mid-May through July, according to Equifax. The hackers also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.

The Federal Trade Commission recommends consumers visit Equifax’s website, www.equifaxsecurity2017.com, and take the following steps:

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll.

However, Mike Litt, consumer advocate for U.S. PIRG, said consumers should know the risks and limits of what Equifax is offering and consider getting credit freezes with all three national credit bureaus instead.

Equifax’s response to its breach fell short to begin with, Litt said, but to make matters worse, there’s an arbitration clause in its agreement for the free services it’s offering.

“While the FAQ section of their website says the arbitration clause only applies to disputes that might arise from the services provided, the language in the actual agreement as of today is vague,” he said. “It is unclear in the agreement whether or not Equifax also intends to bar victims of the data breach from joining class action lawsuits.”

Equifax should get rid of the arbitration clause in this agreement, Litt said. Until Equifax removes this clause or at least clarifies these terms in the agreement itself, consumers should hold off on accepting Equifax’s package.

In the meantime, he said consumers should consider the following actions:

  • Request free credit reports at all three credit bureaus to spot any unauthorized activity. The official website authorized by the government for requesting these free reports is annualcreditreport.com.
  • Place credit freezes on their credit reports with all three credit bureaus. Steps for doing this are available here.
  • Place free, renewable fraud alerts on your credit report if you decide not to place credit freezes on your credit reports.
  • Visit identitytheft.gov, the government’s website that will walk you through checklists of actions you can take to recover from identity theft.

The types of stolen information, particularly Social Security numbers and dates of birth, can be used for new account identity theft against everyone whose information was breached. This means scammers could open fraudulent credit accounts and rack up thousands of dollars of debt in your name.

Most Americans aren’t aware that they can actually prevent identity thieves from opening new credit accounts in their names by placing freezes on their credit accounts at all three national credit bureaus, Litt said. Credit freezes help prevent new account identity theft because they keep potential creditors from seeing consumer credit history, without which new accounts usually aren’t opened.

Equifax’s package includes credit monitoring at all three bureaus for only one year. Equifax should make it clear that monitoring only alerts people to fraudulent activity after it has occurred, and they should offer it indefinitely, not just one year, he said.

Equifax’s package also includes something similar to a credit freeze, a “credit report lock,” but only for Equifax reports. Fraudsters could still try to open credit accounts with companies that use the other two credit bureaus for credit checks. Equifax should make clear the benefits of the credit freeze and offer it for free with all three bureaus, not just itself, Litt said. Equifax should reimburse consumers who place freezes on their own.

Litt said it took Equifax a long time to alert the public about the breach. Equifax discovered the breach on July 29. It has left people vulnerable to new account identity theft for more than a month while it conducted its investigation.

“That’s a problem,” Litt said. “People should have been alerted sooner and been given clear explanations about their options.”

More information about placing credit freezes is available at http://uspirg.org/reports/usf/why-you-should-get-security-freezes-your-information-stolen.

New York Attorney General Eric T. Schneiderman has launched an investigation into the Equifax data breach.

“The Equifax breach has potentially exposed sensitive personal information of nearly everyone with a credit report, and my office intends to get to the bottom of how and why this massive hack occurred,” Schneiderman said.

He encourages consumers to call an Equifax call center at 866-447-7559 to determine if they’ve have been affected by the breach. The call center is open every day, including weekends, from 7 a.m. – 1 a.m. Eastern time. Update: I tried to call the phone number twice and was referred both times to the Equifax website.

In addition to checking your credit reports, placing a credit freeze on your files, and monitoring your existing credit card and bank accounts, Schneiderman suggests consumers file their income taxes early. Since Social Security numbers were affected, there’s risk of tax fraud.

Copyright 2017, Rita R. Robison, Consumer Specialist



Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)