Credit reporting agency Equifax just announced up to 143 million records – including yours – may have been compromised in a recent hack. Here’s what you need to do.
Just a public service announcement in case you haven’t already heard: Equifax announced that hacking attempts occurring in May and July of this year may have compromised any of up to 143 million records. Hundreds of thousands of accounts’ personal information, including social security numbers, may have been stolen. I know we hear about stolen information all the time, but credit bureau records contain absolutely all the important keys to opening lines of credit and hacking your precious brokerage and bank accounts where your hard-earned stash of cash is sitting, so this is definitely one to pay attention to.
Basically, if you have ever looked at your credit, you know…ever, you may have been compromised. If you applied for a loan and they pulled your credit for you, you may have been compromised. You should assume you have been compromised unless you get direct confirmation otherwise.
The NY Times covers the breach in more detail.
Here are the recommended steps:
- Optional: Equifax has set up a portal to check whether your information may have been compromised. For extremely sensitive information requests, I recommend you go directly to the source website rather than clicking on third-party offered links to ensure you are not getting spoofed and become the victim of a phishing atttempt. For that reason, I won’t include a link. Visit the Equifax website; they have a banner at the top taking you to the right place. (Update: For any concerns you may have read about in checking your status on the Equifax website , see updates below.)
- Optional: Equifax is offering a year of free credit monitoring. I don’t know the full details of how that will work, but you may consider enrolling. I’ve taken the first step, but you don’t get to the second part of registration for a few days, so I don’t know what the details are. (Update: For any concerns you may have read about using the free TrustedID protect and potentialy waiving legal rights, see updates below).
- Place a temporary fraud alert with all three credit reporting agencies. This can be done for free online with any of the three agencies, who will then report the request to the other two. This will notify any lenders/vendors to be particularly cautious with new account opening requests. It will also remove you from pre-approved offerings for an amount of time.
- Stay vigilant about checking your credit report once every few months, or at the least once a year. All three major reporting agencies are required to offer you a free report each year – you can cycle through one every few months to ensure steady coverage throughout the year.
- Consider implementing a credit freeze. This prevents companies (with the exception of lenders and vendors currently servicing you) from seeing your credit. It is touted as one of the best ways to prevent scammers from opening accounts in your name. It’s a bit of a pain in the butt because you will have to reach out to unfreeze your credit every time you need access to open a credit card, apply for a mortgage, etc. But it is a useful tool for the concerned.
Hope everyone is staying financially safe.
Update: Legal Clarification Developments (11 pm ET 09/12/2017)
You may have heard potential concerns around use of the Equifax site and how that may or may not affect your legal rights. Things have changed rapidly over the course of the past few days. Here is a summary of all the relevant details as I interpreted them.
- There is concern that 1) checking whether your information may have been compromised or enrolling in Equifax’s offer for free credit monitoring means you have agreed to waive your right to a class action lawsuit.
- It appears the offending clause in the therms of use agreement has been removed. Additionally the company has issued a statement clarifying that no one will be giving up their legal rights in this matter. You can read more about it in this CNN article.
Was This Ever A Really A Big Deal?
- I never really thought of this as a huge issue, and I’ll explain why. Practically speaking, Equifax is currently valued at under $18 billion. Assuming there were 140 million individuals compromised, and somehow you sued the company successfully for everything it was worth, the max you would get in a class action lawsuit (assuming no lawyer’s fees, which is a pipe dream) would be $129. Perhaps a more realistic scenario is 30 million individuals, but layer in ginormous lawyer fees. I can’t see you ever getting more than $100-$200 out of the whole thing anyway assuming you’ve got your class action rights and you win, and the judgment is basically for half or more of what the entire company is worth. The point is moot now. Since the company has removed the offending language and issued a statement explicitly clarifying its object, it appears as of today that legal-specific concerns over using the Equifax services have been laid to rest.