143 Million Consumers Compromised in Equifax Data Breach
On September 7, 2017, consumer credit reporting agency Equifax announced a data breach that potentially exposed personal data for 143 million US consumers. Equifax is one of the three largest American credit agencies, alongside TransUnion and Experian.
From mid-May through July 2017, criminals were able to access personal identifying information, including names, Social Security numbers, birthdates, addresses, and some driver's license numbers. In addition, credit card numbers for 209,000 US consumers were compromised, as well as dispute documents for 182,000 people. During the investigation, Equifax also discovered that limited personal information for some UK and Canadian residents had also been accessed. The hack was discovered on July 29, 2017.
Almost half of all Americans may have been affected by this data breach. Your information may have been compromised even if you haven't signed up to use Equifax. The data breach of a credit reporting agency (CRA) such as Equifax is particularly insidious because many consumers are not aware that their data is stored with a CRA. Equifax and other CRAs acquire their data from credit card companies, banks, retailers, auto and mortgage lenders, debt collectors, and public records in order to generate credit scores. You don't need to have personally signed up with a CRA to have your data stored with Equifax!
What Should I Do?
You can check to see if your data has been exposed by visiting Equifax's 2017 Incident Potential Impact website and clicking the "Check Potential Impact" button. You can fill in your last name and last six digits of your Social Security number to find out if your data has potentially been leaked and receive a date to come back to enroll in free credit monitoring for a year. The Federal Trade Commission also has detailed instructions available here.
Another thing you should do is actively check your bank and credit card statements regularly. If you see any suspicious or unusual activity, report it immediately to your financial institution. Don't become complacent and stop checking a week or two after a breach. Staying aware and vigilant with your accounts is important at all times. Unfortunately, large data breaches have occurred many times in the past, and in the digital age, we should be as prepared as possible to face more in the future.
In addition, you can monitor your own credit by requesting a free copy of your credit report from each of the three major CRAs once a year. If requests are staggered between the agencies, you can check your credit once every four months. Alternatively, you may wish to use services such as CreditKarma to obtain free scores to monitor your own credit. You can also freeze your credit if you choose. If you do this, make sure you freeze it with all three major CRAs, not just Equifax.
Aside: Use Auth0 to Protect Your Users From Data Breaches
Auth0 provides breached password detection that can be enabled simply and easily. The Auth0 security team maintains a database of third party breached credentials. This database is updated daily. On each login, user credentials are checked against the leaked passwords database. If a breach is suspected, the user is notified and cannot log in until they change the compromised password.
Read about Breached Passwords and Anomaly Detection to learn more about how to protect users and their credentials with Auth0. You can also sign up for a free Auth0 account and start protecting your users today!