Published By Janet Gershen-Siegel at September 11, 2017
On Thursday, September 7, 2017, the Associated Press reported that there had been a data breach at Equifax, which is one of the big three credit reporting bureaus. A somewhat vague initial report gave way to more detail on Friday the eighth. Here are the details.
AP describes the attack on Equifax as a “high-tech heist”. Some 143 million Americans’ data was a part of the breach. This exposed sensitive information such as Social Security numbers. The breach was evidently an exploit in a website application.
Exposure meant the hackers had access to files between the middle of May and July of 2017. Apparently Equifax caught the breach on July the 29th but the company waited until September 7 to publicly announce it. There is no information on why there was such a delay, particularly considering the gravity of the situation.
Equifax’s stock dropped 13%, to $124.10 in extended trading subsequent to the company announcing the breach. However, perhaps anticipating the downturn, three Equifax executives seem to have protected themselves by selling shares with a combined value of $1.8 million on August 1 and 2,a mere few days after the July 29 discovery of the breach, per documents that were filed with securities regulators.However, the company says the executives did not know about the breach when they made their trades. These executives are the Chief Financial Officer John Gamble; andJoseph Loughran, Equifax’s president of United States information solutions; plusRodolfo Ploder, who is Equifax’s president of workforce solutions.
It remains to be seen whether such a move will be seen as insider trading, a legal matter which, under federal law, can fetch treble damages. Insider trading is taken so seriously because it undermines consumer confidence in the fairness and accuracy of markets such as the Dow and NASDAQ.The question of whether the CFO of Equifax, a person charged with knowing about probably every possible crisis involving the company, did not know about the breach, may very well be settled in federal court.
The stolen data includes:
In some instances, this also includes driver’s license numbers.
Along with the personal information taken in its breach, Equifax reported the credit card numbers for approximately 209,000 American consumers were also taken. Plus “certain dispute documents” were stolen, which contained personal information for about 182,000 United States citizens.
Furthermore, the company warned that hackers could potentially also have some “limited personal information” regarding Canadian and British residents. The company does not believe any consumers from other countries were affected. Also, the company does not believe its core reporting databases were compromised.
The biggest risk which consumers are facing with regards to the breach is the very real threat of identity theft. Identity theft is an enormous problem in our world today. It can wreak havoc on your personal and business credit scores and your overall reputation in the community.
Given that the thieves have full names and addresses, plus birth dates, and Social Security numbers, then it is possible for them to open up new charge card accounts and bank accounts, and even fill out W-2 forms in your name, thereby having the IRS unwittingly send the tax bill to you for work that they did (and even work they may have otherwise done legitimately).
Plus you know there’s just got to be a market for this sort of extensive and complete information, for anything from voter fraud to even diverting packages and mail you ordered online or elsewhere.
Equifax realizes this is a big breach – AP believes it’s the largest data breach in history involving Social Security numbers. However, it’s not the largest data breach in history, as that questionable prize belongs to Yahoo. That company was the target in a pair of digital burglaries in 2015 and 2016 which resulted in over 1 billion accounts being compromised.
Equifax’s CEO, Richard Smith, has apologized for the incident, calling it “a disappointing event for our company”, a phrase which seems a lot like it could be the understatement of the year.
The company also took some proactive steps. They established a website, https://www.equifaxsecurity2017.com/ , where consumers can look up if their personal data could have been a part of the breach. Consumers can also telephonetoll-free (866) 447-7559 for additional information. Rival Experian is also offering a free credit monitoring service to all American consumers for one year.
You should take a breach of this size very seriously. One way you can help to protect yourself is to keep private information offline as much as possible. Hence you might want to edit some of your profiles, particularly on major social media sites such as Facebook and Twitter.
Also, be sure to contact your banks, creditors, and any place which sends you bills (such as the cable company) and make certain they have your correct address. You may need to do this more than once – filling out a change of address form or card is standard operating procedure for identity thieves. They do this so they can get away with using your identity for as long as possible. If you stop getting your bills, contact those providers ASAP.
Another thing you can do is use a credit monitoring service. These services can be costly, so do whatever you can on your own before investing in one. These services can come with fraud alerts. However, you can do this yourself if you believe your information has been compromised. This is also true for credit freezes. However, if you are too busy to monitor your own identity closely, and you have the means to pay for such a service, this can be worth it. Because Equifax is only offering free credit monitoring for one year, you may need to consider a paid option in 12 months.
In addition, do two things:
We will be watching this story closely as it affects personal credit and that can often mean it affects business credit as well.