Equifax Hack

By on Sep 19, 2017 in News

The breach of the Equifax database, which exposed the personal shutterstock_680078878credit history of over 140,000,000 individuals, has left consumers scrambling for answers and wondering what steps to take. While many experts continue to weigh in on the issue, and law firms begin lining up for those class actions lawsuits, you may still be wondering what you can do to mitigate the damage. No doubt an investigation by Congress will provide some relief, and many private companies like Credit Karma and Capital One are already reaching out to beleaguered consumers.

As we wait for the cavalry to arrive, we’ve collected a summary of all the information you need to protect yourself and give voice to your fears and frustrations.

What Happened?

Equifax believes hackers accessed the company’s network sometime between May and July of this year, gaining access to the social security numbers and extensive credit history of 143 million Americans as well some citizens of Canada and the UK. The hack itself came to the company’s attention on July 29, when the intrusion was immediately curtailed. Somewhat suspiciously, three Equifax executives chose to sell almost $2 million in Equifax stock on August 1st and 2nd, almost a week before the company went public about the incident.

On September 7th, Equifax alerted the public about the breach, also issuing a statement denying the three executives knew about the hack. By the next day, company shares lost more than 13% of their value. The following week, the Senate began initial inquiries into the extent of the incident, also searching for evidence of compromised government accounts. By September 14, the Equifax CEO had been called to testify before Congress and the Federal Trade Commission announced it would begin investigating the breach.

Who’s affected?

At this point, if you have ever applied for a job, purchased a car or participated in any economic transaction, you have a good chance of being a victim of the Equifax hack. While consumers with credit cards, mortgages and car loans are surely on the hacker’s radar, anyone in possession of a social security number is at risk. Unfortunately, Equifax (along with Transunion and Experian) do not need prior consent to track consumer information, meaning the financial history of most Americans is now in the hands of shadowy cybercriminals with mal-intent.

Is it really that bad?

While massive hacks have made the news in recent years, unlike the Target, Yahoo or PlayStation hack, the Equifax incursion includes social security numbers and a comprehensive history of almost every financial transaction. Old addresses, previous places of employment, and every credit account you’ve applied for (as well as the companies who decide to check your creditworthiness in anticipation of sending you an invitation to open up an account), all this information is continually collected and updated by these credit reporting agencies.

With such a complete personal profile, cybercriminals can easily create an entire persona capable of applying for more than just a credit card in your name. In fact, the information included in your credit history allows hackers to apply for passports, driver’s licenses, and even create fake prescriptions for opioids and other drugs. In the past, stolen credit card numbers were the hottest commodity on the dark web, but these days it’s the comprehensive profile that sells to the highest bidder. Not only could this impersonation hurt your credit rating, but it could also cause a landslide of red tape every time you apply for a loan, attempt to rent an apartment, even during your job search; and that’s not counting the possible criminal implications, including unpaid parking tickets or fake prescriptions.

What next?

Experts agree, your first action should be to get a copy of your credit report from all three of the major credit agencies (Transunion, Experian and Equifax). Another important tactic to mitigate the damage to your future credit history involves opting out of future credit offers. Opt Out Sevices will allow you to initiate a five-year freeze on unsolicited offers for consumer credit. You can also write to each credit bureau and request a permanent “opt out.”

Next, contact each agency and freeze your credit. You must call each company individually at the following numbers:

  • TransUnion: 1-888-909-8872
  • Equifax: 1-800-349-9960
  • Experian: 1 888 397 3742

Freezing your credit will stop any additional accounts to be opened in your name until you unfreeze your credit report. In some states, requesting a freeze may involve a service fee, but the protection it provides is probably well worth the money. Your current accounts are not affected, though you will have to unfreeze your history if you choose to open new accounts, which may also incur a fee.  Thankfully, placing a freeze on your credit history does not affect your credit score.

Because a long, complicated PIN will be assigned to you when you initiate the freeze, it is unlikely hackers could unfreeze your credit history. Nevertheless, it makes sense to initiate a Fraud Alert on all three of your credit histories. In some cases, you may have to contact your local police station and file a report, but it’s usually not required if you are willing, again, to pay a fee. This website provides a step-by-step guide to initiating a fraud alert.

Is there any recourse?

The class action suits will happen, but the amount of money each individual could receive will most likely be a pittance. While consumers have the option of hiring their own attorney and initiating a civil lawsuit, many legal experts caution the road to victory could be long, and costly. As one attorney pointed out on Reddit, “Equifax was very, very negligent in letting their systems get breached. However, until there’s an actual injury, you can’t win any lawsuit unless there are statutory damages, which almost certainly brings it into the federal court realm….Unless your ID was actually stolen and used to open a line of credit, your best option is to remain in the class action.”

Another possibility involves small claims court. On September 11th, Joshua Browder introduced a chatbot designed to help individuals sue Equifax in small claims court. After answering a few questions, the bot provides a set of forms and directions for how to proceed. While limit on damages varies per state (with the maximum capped at $25,000 in Tennessee), Browder hopes the chatbot will help consumers get their day in court. Many lawyers remain skeptical of the viability of proceeding in small claims court, due to complicating factors like service of legal documents and jurisdiction.

Final Fallbacks

A few final steps can help you proactively secure your identity in the aftermath of the Equifax breach. First, collect your passport, birth certificate and naturalization forms (if applicable). If you do not have these documents, make every effort to acquire them immediately. An official copy of your birth certificate will prove invaluable should you be required to verify your identity. In addition, passports and citizenship paperwork will make it less likely that cyber criminals will be able to use a fake identity to request those documents, hopefully slowing down (if not completely forestalling) any attempts to steal your identity.  Parents in the US should also freeze their children’s credit history at all three agencies as well, even if they are minors with no accounts in their name.

Finally, try to take a deep breath and relax. Assume your information has been compromised and make a commitment to stay vigilant long into the future. In the end, consumers will be tasked with being their own protector and advocate. As Robert Schoshinski, assistant director of privacy and identity protection for the Federal Trade Commission told NPR, “The tools that consumers have are things they have to do themselves.”