Understanding the Magnitude of Equifax Breach
As you undoubtedly know by now, the Equifax breach affected 143 million Americans who’s personal data was compromised. Unfortunately, large-scale breaches are becoming so commonplace, people may not fully appreciate how devastating this hack was… and how much it can impact their personal lives.
This article will delve into the magnitude of the Equifax breach, how it may affect you, and what you can do to protect yourself.
Who is Equifax and Why Do They Have All My Personal Information?
Equifax is one of three major credit bureaus that determines your credit score. (TransUnion and Experian are the other two.) In order to assign you a credit rating, Equifax gathers data about you–your address, income, past expenditures, outstanding debts, etc.–basically, anything it can find out about you.
The more data a credit bureau gathers, the more accurately it can assess how likely you are to pay back your debts. This may sound invasive, but it’s also the reason you can walk into a car dealership tomorrow and buy a car with little or no money down. The dealership will check your credit rating and determine whether you’re good for the money.
Unfortunately, that means–through no fault of your own–your PII was vulnerable when Equifax’s database was hacked.
And it wasn’t just hacked… it was exploited across a three-month period and affected consumers in the United States, Canada, and United Kingdom.
How Equifax Got Hacked
Equifax’s databases were made vulnerable through a flaw in a program called Apache Struts. Apache, the software’s creator, actually issued a fix for this problem way back on March 7th. But, for whatever reason, Equifax failed to install the update, leaving the company open to attack.
Hackers didn’t just exploit this flaw for a few hours or days. Equifax’s breach reportedly lasted from May to July. The breach, and Equifax’s subsequent handling of it, was so bad that Senator Charles Schumer called it “one of the most egregious examples of corporate malfeasance since Enron.”
Not surprisingly, Equifax’s chief information officer and chief security officer have been removed from their posts. The FBI, Federal Trade Commission, and United States Senate have all launched probes into Equifax.
So, besides, the length of time involved, what makes this hack so much worse than previous high-profile breaches?
First, the information stolen was highly valuable to identity thieves and other criminals. This isn’t like the Yahoo breach in 2016, when primarily just email account names and passwords were stolen, (although that was bad, in its own right). The data coughed up by Equifax is much more sensitive and, therefore, potentially damaging to consumers.
Second, the amount of data exposed during the Equifax breach was staggering.
Sensitive data was stolen for 143 million Americans. To put that in perspective, that’s 77% of the adult population of the United States.
In other words, there’s likely better than a 3-in-4 chance that some of your data was hacked! And it doesn’t matter whether you were an Equifax customer or not. It’s probable that your personally identifiable information (PII) was already in their database.
What Type of PII Was Hacked?
There’s no way other way to put it: this breach was as good as it gets for fraudsters. People’s names, addresses, birth dates, social security numbers, credit card numbers, and even some driver’s license numbers were reportedly exposed during the hack.
Imagine the damage you, just an average consumer, could do with a name, address, and credit card number. You could run up a string of fraudulent charges in a matter of minutes.
Now imagine what a professional identity thief could do with all the information that was breached. Remember that new car you were able to buy with no money down?
But the possibilities go well beyond fraudulent purchases. A savvy thief could use the info to take control of your bank accounts, investments, or retirement accounts, open new lines of credit, apply for a replacement passport or birth certificate or social security card–the list goes on.
We all know it can be a lengthy, time-consuming, and expensive process to get fraudulent charges removed from your credit cards and credit history.
So think how much more difficult it would be to recover lost funds if your bank accounts or investments were hijacked and drained overnight.
How Can I Find Out if I Was Hacked?
Equifax has set up a site where you can check whether your information was part of the data breach.
What Can I Do to Protect Myself?
- First, you can check your credit report to see if there’s any suspicious activity. By law, you can get a free credit report each year from TransUnion, Experian, and Equifax. If you detect fraudulent activity, check out this guide for subsequent steps.
- Check your bank statements, financial accounts, credit card activity, etc., for any fraudulent charges or activity. Continue to do this regularly–the fallout from this breach isn’t going to dissipate any time soon.
- Put a lock on your credit. Also known as a “credit freeze,” this will make it difficult for third parties to apply for credit in your name. The credit bureaus normally charge for this, but Equifax is offering free credit freezes through November 21st. Keep in mind this only freezes your Equifax credit files, not your TU or Experian files. You’d have to apply for a credit lock with each of those companies, as well.
- Going forward, you should consider investing in some credit monitoring and identity theft protection. If so, you might want to check out our reviews and comparison chart of the leading companies in each field.