Data breaches are always big news, especially when they involve companies like Target or Yahoo! Recently, criminals stole the financial information of around 143 million people from Equifax, a credit reporting agency. According to the Federal Trade Commission, the Equifax data breach included “names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s license numbers,” as well as 209,000 credit card records and 182,000 dispute documents.
There’s one major difference between the Equifax data breach and other recent information thefts: victims didn’t have to make an account or otherwise directly conduct business with Equifax to be affected.
Equifax, Experian, and TransUnion are the three major credit reporting agencies in the United States. These companies collect financial information and create a credit report, including a credit score, that—at a glance—tells a potential lender how much financial risk is involved in working with you. Do you pay bills on time? That information’s in there. Have you ever defaulted on a loan? Yup, it’s in your credit report.
When fraudsters use your information to get a credit card and not pay the bill, it lowers your credit score, limiting your ability to apply for a business loan, buy a house, or even sign up for a cell phone. Long story short, having your credit information stolen is very, very bad.
Last Tuesday, USA Today reported that the Equifax data breach was caused by a security vulnerability in Apache Struts, the program Equifax used to “take in and serve up data.” The rub is that the Apache Foundation issued a patch for the issue back in May. So, just like the WannaCry ransomware attack, this might have all been avoided by simply installing the vendor-provided fix.
What Can I Do?
First things first, the FTC recommends going to Equifax’s website, EquifaxSecurity2017.com, to determine whether their information was impacted by the data breach. After logging in—preferably from a secure computer and network—click the Potential Impact tab and enter the requested information.
If this is your first time even thinking about identity theft, don’t panic. You have options.
Check your report on all three major credit agencies: Equifax, Experian, and Transunion.
Your credit reports will show any suspicious activity, like new, unrecognized accounts being opened in your name. Keep in mind that a lack of fraudulent activity does not mean your information hasn’t been stolen, just that fraudsters haven’t yet used it to, say, open and max a credit card and stick you with the bill.
Look into freezing your credit with the credit agencies.
Freezing your credit should keep identity thieves from opening new accounts, but it won’t stop them from accessing current accounts. If you do freeze your credit, you’ll have to contact the credit agencies and have them lift it should you want to take out a loan or get a new credit card.
If you don’t want to freeze your credit, getting a fraud alert is another way to try and secure your information, which can, for example, require phone confirmation before allowing credit requests. Similar to a freeze, this can stop criminals from opening new accounts, but it won’t stop abuse of existing accounts.
Keep an eye on credit card and bank accounts.
One of the best habits you can develop—regardless of whether there’s a big, breaking story about an information breach—is reviewing your monthly credit card and bank statements. Contact them the second you notice suspicious activity.
File your tax return early.
Filing early can help prevent tax-related identity theft fraud. The goal of these criminals is to steal taxpayer information, so they can fraudulently file tax returns and receive tax refunds intended for hard-working taxpayers.
For more information about handling identity theft, visit IdentityTheft.gov/DataBreach.