Skip to content

Wayne State University

Aim Higher

Sep 9 / Michael J Barnes

The Equifax cyberattack: Be on the lookout for identity theft

On Thursday, Sept. 7, the national media reported that Equifax, which is one of the three major consumer credit reporting agencies, has been the victim of a cyberattack that affected 143 million customers. Whether you like it or not, this will likely affect you, your spouse, or any number of your family members. Unfortunately, I know many people who seem to walk blindly into what are now the forests that constitute our modern commerce and economy. Some of them feel they are protected because they don’t shop online, or because they don’t pay their bills online, or because they only use their debit card…or, or, or…  That simply is not the case anymore; no one is immune to identity theft.

In the last few years, we have been seeing a rising number of major corporations being hit by this type of attack. We saw the national retailer, Target, experience a security breach in 2013 where the names, credit card numbers, expiration dates, and security codes of approximately 40 million people were stolen by hackers. Yahoo was hit by a couple of these attacks — the information of over one billion account holders was breached.

You may think “I’m not a customer of Equifax; It doesn’t affect me.” This simply is not the case. Whether we like it or not, we are all customers of Equifax. As one of the three major credit bureaus (the other two are Experian and TransUnion), any time you apply for a credit card, a loan, or utilize your bank, your information is being shared with these agencies. They maintain consumer credit information and sell that information to businesses in the form of credit reports. Though they are heavily regulated, they are publicly traded, for-profit agencies.[i]

Media sources have reported that hackers may have gained access to sensitive information, which includes social security and drivers’ license numbers, for 143 million customers. Given that the current adult population of the United States is 245.3 million people, this means that over half the adult population of the U.S. has now had their information stolen and is at risk for identity theft.

A quote from the New York Times indicated that in severity, on a scale from 1 to 10, this attack is a 10. Unlike the Yahoo or Target attacks, thieves were able to acquire information of a more personal nature. They were able to retrieve names, birth dates and addresses; information that would allow access to bank accounts, employee accounts and medical information; the credit card numbers for 209,000 people; and documents used in personal disputes for 182,000.[ii]

What Do You Do? 

It is important that all individuals investigate as to whether their information has been compromised. Equifax has set up a site to help determine whether your data is at risk. That site is: equifaxsecurity2017.com/. You should also acquire a free copy of your credit report from one of the three major agencies. This can be obtained at annualcreditreport.com.  If you think your data has been used, be certain to contact your local law enforcement officials. In addition, if you find that your information was stolen, you should place a fraud alert on your credit files; the FTC has a website with a guide for placing a fraud alert. Equifax is also offering all consumers the ability to freeze their Equifax Credit Reports as well as making use of their Credit Protection Service for free for one year.

It is worth noting that the Attorney General of the state of New York has pointed out that the terms of service for Equifax’s credit monitoring service, TrustedID Premier, say that users give up their right to participate in a class-action lawsuit or arbitration. However, he has also stated that, in the case of this breach, those Terms of Service would not be able to be upheld in a court of law.

As one last point, I would suggest that each of you take the time to contact your elected Representatives and encourage them to examine the policies we have in place for consumer data protection. This type of event demonstrates the importance of making certain that this the industry of sharing your financial data be strictly regulated. The information that these cyber-thieves acquired could affect people for years to come.

Important Websites

 

ADDENDUM

Since my initial writing of this posting, I have read a number of articles on how to best handle the Equifax breach.  In my opinion, the best way to deal with it is to have a freeze put on your credit file with Equifax and the other services.  Because it makes makes it so that no credit report can be run, it stops any thief from opening credit in your name.  If you need to apply for credit you temporarily thaw the account by providing a PIN number (which will need to be kept in a very safe place where you cannot lose it).  Of course, the credit services do not let you freeze an account for free, nor do they thaw it for free.  However, the cost is far less than what you might experience if you are the victim of identity theft.  Equifax has bowed to pressure, however, and will offer credit freezes free for the next 30 days.[iii] If you are still a bit confused about just exactly what to do, I would suggest these articles the New York Times, “Equifaxes Instructions are Coinfusing, Here’s What to Do Now“the Chicago Tribune, “After the Equifax Breach, Here’s How to Freeze your Credit to Protect your Identity.”

 

 

[i] Irby, LaToya. “What You Should Know about the FCRA.” The Balance. 11 May 2016. https://www.thebalance.com/what-you-should-know-about-the-fcra-960639

[ii] Bernard, Tara Siegel, Tiffany Hsu, Nicole Perlroth, Ron Lieber. “Equifax Says cyberattack May have Affected 143 Million Customers” New York Times. 7 September 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html?hpw&rref=business&action=click&pgtype=Homepage&module=well-region&region=bottom-well&WT.nav=bottom-well

[iii] Leiber, Ron. “Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees for 30 Days.” New York Times. 12 September 2017.  https://www.nytimes.com/2017/09/12/your-money/equifax-fee-waiver.html?mcubz=3

2 Comments

Leave a comment
  1. Michael J Barnes / Sep 10 2017

    Since writing this, a helpful article has come out in the NY Times.

    Equifax’s Instructions Are Confusing. Here’s What to Do Now. https://nyti.ms/2xS9zXd

  2. Tom Duszynski / Sep 15 2017

    more details came to light yesterday, thanks to KrebsOnSecurity.

    https://krebsonsecurity.com/2017/09/equifax-hackers-stole-200k-credit-card-accounts-in-one-fell-swoop/

    Credentials for 200K Visa and Mastercard accounts were slurped up by the Bad Guys in mid-May 2017. The affected card holders have not yet been notified, just the financial institutions that issued these credit cards. Take a close look at your credit card statements if you are concerned.

Leave a comment