A data breach exposed the personal information of 143 million U.S. consumers, including names, Social Security numbers, birth dates and addresses, the credit bureau Equifax disclosed Thursday.
The breach, which the company discovered in late July, also exposed the credit card numbers of 209,000 consumers and personal information from credit dispute documents of approximately 182,000 people. The company’s consumer credit reporting databases were not impacted.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Chairman and CEO Richard F. Smith said in a statement. “I apologize to consumers and our business customers for the concern and frustration this causes.”
Equifax says it will offer free credit monitoring to all U.S. consumers for one year and will notify consumers through the mail whose credit card numbers or dispute documents were exposed.
This data breach almost certainly will rank among the largest in U.S. history, leaving millions of Americans at risk for identity theft.
How it happened
Hackers exploited a “U.S. website application vulnerability” to gain access to personal information between mid-May and July, the credit bureau said. After discovering the breach, Equifax commissioned an independent cybersecurity firm to stop the attack, determine the specific data that was stolen and provide direction to prevent future attacks.
The company did not say why it waited until September to disclose the attack to the public.
What you should do
Equifax has set up a website where you can check to see if your personal information was potentially impacted. Users are prompted to enter their last name and the last six digits of their Social Security number.
Equifax says providing that information is enough for the company to alert you whether your personal data may have been exposed.
Regardless, the credit bureau says it will provide everyone the option to enroll for free in its TrustedID Premier service, which includes credit monitoring at all three major credit bureaus, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and internet scanning for Social Security numbers.
Consider a credit freeze
Even so, what Equifax is offering may not go far enough to protect you from identity theft.
The best way to protect yourself is to enact a credit freeze, also called a security freeze, on your credit reports at all three major reporting agencies: Equifax, TransUnion, and Experian. A credit freeze blocks consumers’ credit reports from being shared with potential new creditors. Without a credit report, most lenders won’t open a new line of credit.
Enacting a credit freeze is a more proactive approach to securing your information than using credit monitoring services, which simply detect fraud but don’t necessarily prevent it.
“Everyone should assume their information has been compromised,” says Robert Siciliano, CEO of IDTheftSecurity.com. “With so many breaches in the past, you can’t be sure your personal data is safe. The best action you can take is a credit freeze.”
Consumers can temporarily remove the freeze when they want to buy a house or take out an auto loan and then enable it again once they have been approved.
Along with preventing future theft, it’s important to make sure your information hasn’t already been used to hack into existing accounts or to create new ones. You should:
Scrutinize all credit card and bank statements. Take note of small, but suspicious, charges. Thieves may charge small amounts to see if account holders notice and, if not, will continue using the card.
Check your credit report from all three credit bureaus. This will help you determine if unauthorized accounts have been opened in your name. Some retailers and companies, such as cell phone carriers, might not require a credit report to open a new account, thus bypassing the protection of the credit freeze. This is where your credit report comes in handy. Bankrate offers a complimentary TransUnion credit report you can access at any time.
Refrain from giving out personal information over the phone or through email. In the wake of an event like this, criminals might take advantage of people’s fear and vulnerability. Also, be wary of clicking on links within emails.