Sometimes data breach news is kinda overhyped. The notice that credit-reporting company Equifax had a breach that affects up to 143 million consumers is not #fakenews. This is serious stuff, folks.
Here’s What’s Happening
Hackers broke into Equifax and stole personal information from up to 143 million consumers — the vast majority in the U.S. The personal information they took is a really, really big deal:
- Social Security Numbers
In addition, hackers found hundreds of thousands of drivers’ licence numbers and thousands of credit card numbers.
Why It’s a Huge Deal
Those personal facts about each of us are the information pieces that creditors ask for when you apply for a loan, file your income taxes, take out credit cards, etc. That means that millions and millions of us are vulnerable to some really serious credit and identity theft. What’s more, unlike a data breach of usernames and passwords, you can’t change your social security number or your address history.
Why It’s a Huge Deal for YOU
My husband’s first reaction to the news about Equifax was, “Oh, it won’t affect me. I’ve never registered for a credit check on Equifax or used them for anything.” But here’s the deal… if you have HAD a credit check run when you applied for a loan or bought a car or whatever, your info could have been in their system. From the New York Times article:
“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”
What You Can Do About It
Remember a few years ago when retailer Target was hacked? They offered credit monitoring to the people affected by the breach. That was unprecedented and almost crazy at the time.
Get this… because of this breach, Equifax is offering a year’s worth of credit and identity monitoring TO EVERYONE. EVERYONE. That should give you an indication of how big this problem is.
ANOTHER UPDATE: Before you register for the free credit monitoring, READ THIS! They have now clarified on their site that you can check to see if you’ve been compromised (though the answers vary and are unclear… see below). If you sign up for the free credit monitoring, you’re signing away your rights to participate in a class-action suit.
Equifax set up a site where you can check to see if your info was compromised and sign up for the credit monitoring. Kind of. I plugged my name and the last six digits of my social security number (more on that below!) into the form, and I got this message:
I plugged my husband into the form, and the news seemed better.
So it looks to me that my info is compromised, but my hubby is in the clear. But who knows? We really don’t have the full answer or the full scope. Tech reporters are noting confusion about both the answers the site gives and the steps to take to sign up for the monitoring.
Why Whatever We Do Isn’t Enough
There’s so much going wrong here… it’s hard to begin. But here goes…
- Equifax’s system for enrolling us is confusing and unclear.
- And OMG… to register for the system, you have to provide the last six digits of your social security number and your last name. I mean… WTH? According to some tech analysts, this suggests that the last four digits of your number (which we frequently use for PINs and other identifications) might be compromised. And according to me, they have some nerve.
- Equifax is offering everyone one year of monitoring, but the data from breaches like these are frequently held for some time before hitting the black market. And since the personal facts they have are not like passwords that we can change, the data will hold its value for years… and remain a threat to us for…. the rest of our lives?
- Oh, and you should know that three Equifax executives sold large amounts of stock a few days after they discovered the breach (weeks before they told us). Equifax says the stock sales had nothing to do with the breach. Ummm. Yeah.
The Most Frustrating Thing About This Breach
The biggest frustration I have about this breach is that there is NOTHING I/we could have done to avoid this. I have great passwords. I monitor my online presence. I take care of my credit. I guard my personal identification facts. But none of that matters if the systems we trust with this information (even if we didn’t expressly entrust Equifax with our information) don’t take care of our data. We should sign up for the credit monitoring, but I have no idea if it’s going to help.
Ok, so maybe that’s the second-biggest frustration I have… because the biggest frustration is that it seems like there is nothing we can build, nothing we can do to stop cyberattacks. Companies develop iron-clad security systems to keep things safe, and cyber criminals find weaknesses. And then we fix the weaknesses. And then they find different ways in. This is a cycle that no one sees an end to.
Now I need a cupcake.