The short version: Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults in the country, plus pretty much anyone who’s lived/worked in the US. We’re talking social security, tax file numbers, drivers’ license, credit card numbers…the big stuff. On July 29, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in the web application from mid-May to July of this year.
If you’re an Equifax customer: As scary as all that sounds, what’s done is done. Equifax, cyber-security experts & law enforcement officials are on the case, working to minimize the long-term damage.
The best action now is to protect yourself against fallout:
1. Go to: https://www.equifaxsecurity2017.com/ to see if your data may have been affected.
There was some news that this site was delivering random results, but Equifax announced it has been corrected. At this stage, it’s safest to assume everyone with a credit history has been impacted, so unless that link gives a definite ‘no you’re safe’ response, continue with the following recommendations.
2. Claim the Equifax free year of credit monitoring & identity theft insurance (if you’re a US resident).
If you’re not eligible, consider sourcing your own. As the hacked data will continue to circulate for some time, also consider extending your credit monitoring for a few more years.
3. Keep a close eye on your finances and accounts.
Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.
4. Change all your passwords to be strong, unique and long.
Any of the stolen data may give hackers a free pass into the rest of your bank accounts, email and personal information.
5. Add two-factor authentication where possible.
This is when an account demands a second layer of authentication before allowing access or changes – getting the password correct isn’t enough, the hacker would also need to get the special code sent by SMS.
6. Consider freezing your credit report.
This makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze.