Equifax, one of the largest personal and commercial credit reporting agencies in America, announced Thursday that it experienced a major data breach that could potentially impact more than 143 million Americans.
The data breach, which Equifax reports began in May of this year and lasted through July 29, exposed Social Security numbers, names, addresses and, in some cases, driver’s license numbers. Credit card numbers were also compromised for a little over 200,000 consumers; dispute and other personal identifying information was compromised for roughly 182,000 Americans.
Equifax has set up a site to help those impacted by the breach sign up for a free monitoring product they will be offering for free for one year called TrustedID Premier and issued a formal apology to business and and consumer customers.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and CEO Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”
There are still some lingering questions for business owners and consumers who were potentially impacted by the breach. Here’s a look at what you can do if you think you’ve been affected and how to protect yourself moving forward.
1. The Core Databases That Contain Your Personal & Business Credit Data Weren’t Compromised
Equifax was unequivocal in its statement that the data breach was an exploitation of a website application and an audit has found that its core credit reporting databases weren’t compromised. It’s a common misconception that credit bureaus contain a “file” that is your credit report. The bureaus really have a massive collection of data collected from furnishers like financial institutions, credit card issuers and courts that is then used to compile a report for a consumer when one is requested. These databases were not accessed in this breach.
2. … But That Doesn’t Mean You’re Out of the Woods
However, the personal identifying information that a fraudster can use to steal your identity and damage your credit — your Social Security number, name and more — were potentially accessed through the website application vulnerability. The hackers responsible for the data breach can sell this information to identity thieves or use it themselves to open accounts in your name or in the name of your business. There are many ways just a few pieces of identifying information can be cobbled together to gain access to legitimate accounts you currently have open as well.
3. You Can Get Free Credit Monitoring If Affected
Equifax has set up a website to help those who may be impacted by the breach access a free credit monitoring product called TrustedID Premier, which it’s offering for free to impacted customers. You can go to EquifaxSecurity2017.com to read more about the offering, and to see when your sign-up day is. You have to input your last name and last six digits of your Social Security number to learn when you can come back to the site to sign up for the product. The Equifax release says a customer service line dedicated to answering questions will be available from 7 a.m.-1 a.m. every day, though our calls to the line within those business hours were directed to a message that indicated we were calling outside of its hours of operation.
According to Equifax, the TrustedID Premier offering from Equifax will include “3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers.” That offering isn’t out of the norm for what other major companies like Target have offered their data breach victims in recent years. We emailed and called Equifax to get clarity on how the monitoring product would work for commercial credit data customers who were impacted by the data breach, but a spokesman said the company has no further information to contribute at this point. We’ll be updating the story with any new information we receive.
What’s at Stake for Business Owners?
Business owners rely on their personal credit data as well as their business’s credit reports to obtain financing, business insurance and to open doors to new business partners. A data breach of a business owner’s identifying information carries just as much risk as it does for a consumer, if not more. An identity thief could use a business owner’s personal information to take out loans in the name of the business or the business owner, so keeping an eye on your current accounts and monitoring your credit scores for signs of fraudulent activity, like inquiries you didn’t make, could help you stop a thief before major damage is done. (You can check your personal and business credit scores for free every month at Nav.)
This article was originally written on September 7, 2017 and updated on September 12, 2017.
Have at it! We'd love to hear from you and encourage a lively discussion among our users. Please help us keep our site clean and protect yourself. Refrain from posting overtly promotional content, and avoid disclosing personal information such as bank account or phone numbers.
Reviews Disclosure: The responses below are not provided or commissioned by the credit card, financing and service companies that appear on this site. Responses have not been reviewed, approved or otherwise endorsed by the credit card, financing and service companies and it is not their responsibility to ensure all posts and/or questions are answered.