Late Thursday, September 7, 2017, Equifax, one of the big three credit-reporting bureaus, announced that hackers have compromised the information of around 143 million consumers. To put this number into context, 143 million is a little over 44% of the United States population. The information stolen during the Equifax breach includes Social Security numbers, birthdates, phone numbers, addresses, and other sensitive data that can be used to steal someone’s identity.
Equifax is one of the biggest credit-reporting bureaus in America, and the credit report and scores calculated by them are used by financial institutions to determine rates for loans, mortgages, and pretty much anything else involving credit.
As of now, Equifax has not notified consumers of whether or not they were personally impacted by the breach. Equifax set up a site called https://www.equifaxsecurity2017.com/potential-impact/ where you can enroll to find out later if you were impacted by the data breach, but you need to submit your last name and six digits of your Social Security Number. This will also sign you up for a free year of their TrustedID Premier identity theft protection service.
If you don’t feel like using this service, then in the meantime, I would suggest keeping a careful eye on your credit reports via services like Credit Karma, as well as your expenses to make sure no fraudulent charges were made, and no fraudulent accounts opened.
I even tried reaching out to Equifax to find out more about the product, but the representative was would not answer questions about the safety of signing up for the service, and remained silent for the duration of the phone call.
EDIT: According to reports, the Terms of Service on the TrustedID site mention that if you use this Equifax service, you will be waiving your right to join in on a class-action suit.
Personally, I am abstaining from signing up for Equifax’s TrustedID service. I don’t want to give my personal info to Equifax in order for them to tell me whether my personal info was stolen or not, especially since they were the ones who were breached. Furthermore, I refuse to sign up for their paid product and give them that kind of business, even if the first year is free. To recap, Equifax is unabashedly pushing their own product to consumers, after messing up in the first place. Furthermore, doing so protects them against lawsuits from us.
The cherry on top of all this is that Equifax discovered this breach on July 29th, and waited till today to reveal it. During that time, three senior Equifax execs sold shares worth around $1.8 million before revealing the Equifax breach to the public. While it is yet to be determined whether there was a direct connection, if the sale of these stocks were in response to the information about the hack, then not only is this a cybersecurity issue, but also an ethics one.