I sighed when I read the news of the Equifax data breach earlier this week. As most people know, there are three major credit reporting agencies in the states: Experian. Transunion. Equifax. News came out this past week that Equifax had been hacked. As many as 143 million American customers’ data have been compromised.
Chances are: You are one of them.
How to Check If You’ve Been Hacked
You can check by visiting a website that Equifax had set up: http://www.equifaxsecurity2017.com.
[Update/Disclaimer: the site is legitimate and it is set up by Equifax – it is even linked to from their website to address the data breach. As noted in the comments, some have expressed concerns about the site security. If you do not feel comfortable using the link, you can wait for Equifax to notify you].Click on “Potential Impact” tab and enter your last name and the last six digits of your Social Security Number. I plugged in my details. Of course, I expected nothing less:
Note: I have not enroll in the TrustedID Premier because I want to make sure I’m not waiving any rights by enrolling. There appears to be some confusion in regards to whether signing up for the service means waiving rights to class action lawsuits, though Equifax has claimed that the arbitration clause does not apply to this data breach.
Tips on How I Dealt with the Last Data Breach?
I was peeved with the T-Mobile data breach back in 2015. It was the first data breach that impacted me where my SSN might have been exposed. T-Mobile provided a one year credit protection service for affected customers. I did a couple of things:
- Signed up for the one-year credit monitoring.
- Placed a 90-day fraud alert on all 3 of the credit reporting agencies. It absolutely worked but it was also inconvenient when it’s my own legitimate request.
- Looked into changing SSN social security number, but it’s not really a option unless you have been a victim of identity theft and it is continuing to cause “disadvantage”.
In my opinion, the “one year” credit monitoring is quite useless since the compromised data is out there forever. I don’t see how a standard year of credit monitoring is a sufficient response for a major breach. Hackers can try to steal your identity long after the credit protection is over.
More details will come out in the coming days
I don’t want to rehash too many of the details reported elsewhere, but there are these two great articles if you want to learn more: “What You Need to Know about the Equifax breach” and Equifax Cyberattack.
If you are particularly concerned about the data breach, you can take the drastic measure of freezing your account with all three credit agencies. This would provide an added layer of security. Still, this would not prevent a hacker from causing havoc, such as potentially filing a fraudulent tax return for a refund.
I am sure more details will emerge in the coming days.
One thing is clear: If you are impacted by the data breach, you’ll probably want to look into credit monitoring.
You did a huge disservice to equidax users by directing them to the company website without warning them of the potential problems/consequences. See: https://www.cultofmac.com/501198/affected-massive-equifax-hack/
Hello, as I noted in an earlier comment (my thoughts regarding the technical details), their site is not the greatest but it is legitimate. It is even linked to directly from Equifax website to inform users of the breach. If that site does not have like basic security (like behind SSL), then I’d have major problems and there’s no way I would use it myself or link to it.
However, I added an addendum to the post, for those who may not feel comfortable and would prefer to wait for some sort of notifications. Thanks for your feedback.
I entered in Bogus info and it still came back with “You may be affected”. Complete bulls
I don’t claim that Equifax’s website (and quite frankly, their response to the incident) to be great or coordinated. FWIW, other have reported similar experience when they entered bogus info.: http://www.businessinsider.com/equifax-data-breach-site-check-angry-response-2017-9.
I don’t know how well they checker is working, though some people have reported that they do get a different message if they were not impacted by the data breach.
IMHO, think their site isn’t so helpful as far as the data breach is concerned, but it’s meant to be useful in helping to enroll people who might be impacted to the “complimentary identity theft protection and credit file monitoring product”.
It’s a mess, really.
I clicked on that link, and my anti-virus gave me a warning, saying that it had been infected and there was a threat detected.
Hello, it is a legitimate site: https://www.equifaxsecurity2017.com/ (also see: https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/)
A bit on the technical details: Of course, it’d be even better if Equifax actually sign their own certificate on the website, and not have the check be done by a third party (trustedidpremier). I can see why the DNS may cause anti-virus software to flag it as a threat/phishing website.
Should you not feel comfortable with the link (which I can understand since your anti-virus is throwing warnings), you could also just wait it out. I am fairly certain that Equifax will have to notify everyone who have been impacted by the data breach at some point.
Thanks for your comment!