September 8

The Equifax Data Breach Is Bad. Really.

Sometimes data breach news is kinda overhyped. The notice that credit-reporting company Equifax had a breach that affects up to 143 million consumers is not #fakenews. This is serious stuff, folks.

(Click here for closed-captioned video)

Here’s What’s Happening

Hackers broke into Equifax and stole personal information from up to 143 million consumers — the vast majority in the U.S. The personal information they took is a really, really big deal:

  • Names
  • Addresses
  • Social Security Numbers
  • Birthdates

In addition, hackers found hundreds of thousands of drivers’ licence numbers and thousands of credit card numbers.

Why It’s a Huge Deal

Those personal facts about each of us are the information pieces that creditors ask for when you apply for a loan, file your income taxes, take out credit cards, etc. That means that millions and millions of us are vulnerable to some really serious credit and identity theft. What’s more, unlike a data breach of usernames and passwords, you can’t change your social security number or your address history.

Why It’s a Huge Deal for YOU

My husband’s first reaction to the news about Equifax was, “Oh, it won’t affect me. I’ve never registered for a credit check on Equifax or used them for anything.” But here’s the deal… if you have HAD a credit check run when you applied for a loan or bought a car or whatever, your info could have been in their system. From the New York Times article:

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

What You Can Do About It

Remember a few years ago when retailer Target was hacked? They offered credit monitoring to the people affected by the breach. That was unprecedented and almost crazy at the time.

Get this… because of this breach, Equifax is offering a year’s worth of credit and identity monitoring TO EVERYONE. EVERYONE. That should give you an indication of how big this problem is.

Update: My cyber-speaker friend John Sileo has some great tips.

ANOTHER UPDATE: Before you register for the free credit monitoring, READ THIS! They have now clarified on their site that you can check to see if you’ve been compromised (though the answers vary and are unclear… see below). If you sign up for the free credit monitoring, you’re signing away your rights to participate in a class-action suit.

Equifax set up a site where you can check to see if your info was compromised and sign up for the credit monitoring. Kind of. I plugged my name and the last six digits of my social security number (more on that below!) into the form, and I got this message:

I plugged my husband into the form, and the news seemed better.

So it looks to me that my info is compromised, but my hubby is in the clear. But who knows? We really don’t have the full answer or the full scope. Tech reporters are noting confusion about both the answers the site gives and the steps to take to sign up for the monitoring.

Why Whatever We Do Isn’t Enough

There’s so much going wrong here… it’s hard to begin. But here goes…

  1. Equifax’s system for enrolling us is confusing and unclear.
  2. And OMG… to register for the system, you have to provide the last six digits of your social security number and your last name. I mean… WTH? According to some tech analysts, this suggests that the last four digits of your number (which we frequently use for PINs and other identifications) might be compromised. And according to me, they have some nerve.
  3. Equifax is offering everyone one year of monitoring, but the data from breaches like these are frequently held for some time before hitting the black market. And since the personal facts they have are not like passwords that we can change, the data will hold its value for years… and remain a threat to us for…. the rest of our lives?
  4. Oh, and you should know that three Equifax executives sold large amounts of stock a few days after they discovered the breach (weeks before they told us). Equifax says the stock sales had nothing to do with the breach. Ummm. Yeah.

The Most Frustrating Thing About This Breach

The biggest frustration I have about this breach is that there is NOTHING I/we could have done to avoid this. I have great passwords. I monitor my online presence. I take care of my credit. I guard my personal identification facts. But none of that matters if the systems we trust with this information (even if we didn’t expressly entrust Equifax with our information) don’t take care of our data. We should sign up for the credit monitoring, but I have no idea if it’s going to help.

Ok, so maybe that’s the second-biggest frustration I have… because the biggest frustration is that it seems like there is nothing we can build, nothing we can do to stop cyberattacks. Companies develop iron-clad security systems to keep things safe, and cyber criminals find weaknesses. And then we fix the weaknesses. And then they find different ways in. This is a cycle that no one sees an end to.

Now I need a cupcake.


accounting, business essentials, privacy, security

You may also like

  • I found freezing my credit reports to be a huge pain in the butt. It was actually easy on Equifax, but the other two, not so much. I ended up freezing my husband’s reports, but I had a huge problem trying to log in on TransUnion and they said I have to call them. UGH! I can’t remember the problem I had with Experian. Anyway, they basically ask for your firstborn child to freeze your reports, and since I don’t have any children, it was not easy to do. I gave up and will try again another day after my frustration simmers down.

  • What about LifeLock or other credit monitoring? I don’t want to sign up & possibly not be able to join a class action lawsuit- if that happens. Do I sign in & see if I’m effected or will that ‘tag’ me some way? I don’t trust having to give them more of my SS #… I’m “freezing ” as I don’t know the best course of action… ugh.

    What about my 4 & 6 year old SS#? Do I monitor those too?

  • what the heck!?!?! Work with Realtors and consumers and now…this is going to impact people who are wanting to buy a home or property.. This is such a big deal. It’s a matter of time before the other 2 credit checkers get their data hacked too. Geez! Thanks Beth for the information. I’d like to repost this out to people!

    • Tony, what are we going to do??? This could affect consumers for… I don’t know… a decade? More? Perhaps this is a catalyst to change our crazy system? Or maybe we should all go off grid and specialize in small batch cupcakes. Yeah. Let’s do the cupcake thing.

      via GIPHY

  • Beth, you are simply the best! I started following your blog over a year ago because it was recommended at a conference. I like learning about new apps and gadgets. As usual, you are providing excellent information. I checked both mine and my mother’s (a retired woman with a visual disability). We’ll have to wait to enroll but I’m on it. Thank you!!!

  • So after reading all of the above and the comments that follow, should we sign up for the free credit monitoring or not. We really don’t know if there will be a class action lawsuit and what that entails correct? I’m guessing if we sign up for the free credit monitoring, we are at least covered for 1 year but … what about after that? I’m so confused. I am going to check out Credit Freeze as Ms Hamr notes above.

    • Sandy, I wish I had a good answer for you. I think a credit freeze is a good start. And keep an eye on your accounts. My thought is, though, that whatever is going to happen is going to happen after a period of time, not right away. So. I’m no help.

      • Thank you for your reply. I just bought a new car last week so my credit was pulled for that. I hope that didn’t open me up for any new, fresh fraud instances. 🙁

  • I did this and it said that I am at risk! I’m already being monitored from when Anthem BC/BS had an issue. Geesh!

  • There is another option: Credit Freeze. I don’t want to put a link here, they can also be hacked to send you to another site, but you can go to the Federal Trade Commission site and search for Credit Freeze. Until the SSA hands out pin numbers to go with your social security number none of us are safe from these information breaches

    • You’re right. Their FAQ list now clarifies. If you check to see if you’re in the breach, you’re in the clear — although I still think they’re not at all clear with what they’re saying or not saying when you check. If you sign up for their free monitoring, you are agreeing to not be a part of a class-action lawsuit later.

  • The sign up was sooo confusing. I consider myself pretty intelligent, a good reader, and relatively internet savvy and I still was confused. The website doesn’t contain any new information than the article I read that directed me to it, and in fact, was just a repeat, including the link. Frustrating.

  • I signed up and got the same message as you, but it told me my enrollment date is 9/11/2017! We are kind of having a hurricane here that day, so I hope I don’t miss my window. 🙁

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}