Equifax hack: How to know if you're affected
Security

Equifax hack: How to know if you're affected

Credit monitoring agency Equifax revealed shocking news late Thursday: A data breach of the company’s servers from mid-May through July 2017 resulted in the theft of the personal information of up to 143 million U.S. consumers—a huge chunk of the country’s 324 million population. Equifax says the breach leaked highly sensitive information, too, including “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.” 

That’s everything crooks need to open up credit lines in your name, or worse. And now it’s in nefarious hands.

Equifax hack: Was I affected?

Shamefully, Equifax won’t be contacting most of the 143 million victims directly to let them know they’ve fallen prey to data hackers. The hackers also swiped credit card numbers for 209,000 people, and “certain dispute documents with personal identifying information” for 182,000 more. Equifax will mail those particular victims—far less than 1 percent of everyone affected—a notice that they were affected by the breach.

equifax shame Brad Chacos/IDG

The FAQ page on equifaxsecurity2017.com says Equifax doesn't need to notify hack victims because it issued a press release and made a webpage.

Finding out if you were affected by the Equifax hack is trickier (and murkier) if you’re not part of that sliver. Equifax created the www.equifaxsecurity2017.com website for U.S. consumers to “see if your personal information is potentially impacted.” Let’s be frank: It looks like a fraud site. It’s frighteningly bare-bones and runns on WordPress, the URL differs from Equifax’s main site, some browsers were throwing up phishing warnings due to back-end configuration issues, and Equifax even asks for your social security number to confirm whether it leaked your social security number. Those are all classic signs of a malicious phishing site, but fear not: equifaxsecurity2017.com is legitimate.

Head to the Potential Impact page of the Equifax Security website to find out if you were affected. Simply click the “Check potential impact” button and supply your last name and the last six digits of your social security number.

equifax real boy Brad Chacos/IDG

If the credit agency doesn’t believe you were impacted, it’ll tell you so and pitch you to register for Equifax’s “TrustID Premier” credit monitoring service, which the company will provide for free for one year regardless of whether or not your data was stolen.

thank you Brad Chacos/IDG

Alternatively, the site may report that “We believe that your personal information may have been impacted by this incident” and again prompt you to enroll for TrustID Premier.

equifax fail Brad Chacos/IDG

TechCrunch points out that TrustID Premier’s terms of service—which were last updated September 6, the very day before Equifax disclosed this hack after knowing about it since July 29—state that users waive their right to bring a class-action lawsuit against Equifax. So if that’s something you’re considering, maybe hold off signing up for the free year of TrustID Premier on your “enrollment date.”

Equifax has also set up a dedicated call center at 866-447-7559 for additional questions. It’s open from 7 a.m. to 1 a.m. Eastern time every day, including weekends.

Equifax hack: Monitor your credit report

Regardless of whether you accept TrustID Premier, it’s a good idea to keep an eye on your credit report for fraudulent activity—even if Equifax “believes that your personal information was not impacted.” You can get a copy of your credit report online at www.annualcreditreport.com. You can request a free copy of your credit report once per year from each of the major credit monitoring agencies: Equifax, TransUnion, and Experian. Stagger the requests for every few months and you can keep an eye on things throughout the year.

The FTC warns that www.annualcreditreport.com is the only site “authorized to fill orders for the free annual credit report you are entitled to under law,” so steer clear of others making similar claims. If you see any fraudulent activity on your credit report, notify your bank or credit card company immediately.

IDG Insider

PREVIOUS ARTICLE

«AMD's coveted Wraith Max CPU cooler finally goes on sale in the U.S.

NEXT ARTICLE

Little Snitch 4 review: Mac app excels at monitoring and controlling network activity»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?