As you have probably heard by now, credit reporting company Equifax revealed last week that its databases were hacked in a large-scale breach affecting millions across the US, UK & Canada. While no hacking event is ever good news, some are easier to ignore than others – this isn’t one of them. The sensitive nature of the exposed data now requires immediate action for all those even possibly affected.
The short version: Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults in the country, plus pretty much anyone who’s lived/worked in the US. We’re talking social security, tax file numbers, drivers’ license, credit card numbers…the important stuff. On September 7th, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in the web application from mid-May to July of this year. Since then, there has been a lot of conflicting information floating around the internet. I have gone through and tried to decifer the best course of action to recommend…
The best action now is to protect yourself against fallout:
- Go to:
http://www.equifaxsecurity2017.com(dead link) to see if your data may have been affected. There was some news that this site was delivering random results, but Equifax announced it has been corrected. I have tested it myself and it seemed to be working now. That being said, it’s safest to assume everyone with a credit history has been impacted.
- Claim the Equifax free year of credit monitoring & identity theft insurance (if you’re a US resident). If you’re not eligible, consider sourcing your own. As the hacked data will continue to circulate for some time, consider extending your credit monitoring for a few more years.If you are wary of trusting Equifax with protecting your credit (They dont have a very good track record at this point!), you can instead look at services such as Lifelock to freeze and monitor your credit reports.
- Keep a close eye on your finances and accounts. Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.
- Change all your passwords to be strong, unique and long (you should be doing this anyway!). Now that the hackers have your passwords from the Equifax site, the stolen data may give hackers a free pass into the rest of your bank accounts, email and personal information.
- Add two-factor authentication where possible. This is when an account demands a second layer of authentication before allowing access or changes, like a 6 digit code texted to your phone in order to log in. Even if a hacker has your password, they would need to also have your phone in order to get logged in.
- Finally, and probably the MOST EFFECTIVE mitigation for this issue…Consider freezing your credit report. Check out a very nicely written article HERE about how to do this. Freezing your report makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze. You will have to unfreeze your reports if you ever wanted to get a loan or similar, but how often do you really do that?