Worst data breach ever? What to know about the giant Equifax hack

Share
More
Worst data breach ever? What to know about the giant Equifax hack

Update: The Equifax terms of use for their credit monitoring service contains language forcing customers to waive their right to sue as part of a class action, as flagged in a tweet by New York Attorney General Eric Schneiderman.

ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

Equifax did not immediately respond to a request for comment.

Criminals may have gotten access to the data of 143 million customers, Equifax announced Thursday.

The hackers exploited an Equifax vulnerability to gain access to information including names, Social Security numbers, birth dates, some addresses, credit card numbers and dispute documents with personal identifying information

The data was exposed from mid-May through July 2017 according to an Equifax investigaton. The breach mainly impacts U.S. customers, but some data for customers from the United Kingdom and Canada was also exposed, Equifax said.

Equifax said it discovered the breach July 29 and acted to stop it right away.

How screwed are you?

It doesn't look good. 143 million people is almost half the U.S. population. Ars Technica called the breach possibly the worst in history because of how sensitive the data is.

Equifax hired a cybersecurity firm to investigate the leak. It launched a website, equifaxsecurity2017.com, where any Equifax customer can sign up for free credit monitoring of reports from all three credit bureaus for one year.

Here's the thing: To find out if you were impacted, you have to enter your last name and the last six digits of your Social Security number into the site, which you may not be inclined to do after these events. Customers have until Nov. 21 to enroll. Equifax also launched a call center at (866) 447-7559, available from 7 a.m. to 1 p.m. Eastern time.

What happens when you sign up?

Not much. I entered my information and the monitoring product, Trusted ID Premier, gave me a date and said, "Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process." Thanks.

The only upside is that Equifax says the breach is over and its cybersecurity firm is figuring out how to stop something like this from happening again. Customers may also want to ask the bureaus to place a fraud alert or security freeze on their credit reports. They can also set up alerts on their bank and credit accounts.

Many have criticized Equifax's response to the breach, with Ars Technica calling it "amateur." It took the company more than a month to notify the public after learning of the breach. In addition, Bloomberg reported that three Equifax executives sold off more than $1.8 million in stock before the company publicized the attack.

The Equifax breach comes on the heels of another big cyberattack, the WannaCry ransomware attack that struck thousands of computers across the globe in May 2017.

The growing prevalence of of cyber attacks has led insurers to begin offering identity theft insurance to individuals. In the past, such products were mostly available only to businesses and organizations.

An identity theft insurance policy can reimburse you for the costs of repairing damage from identity theft, including legal, financial and technical help. Some plans also offer protective measures like an audit of your home computer network.

At a minimum, you should probably at least keep a close watch on your credit score and accounts over the next few months in case of anything fishy.

Image: Martin Dimitrov