Another day, another hack.
But this time, it’s a doozy.
On September 7, consumer credit reporting agency Equifax announced it had experienced a cybersecurity incident potentially impacting 143 million Americans — nearly half the country.
And if that wasn’t enough, on October 12, Equifax also had to take a customer help webpage offline because of security concerns, according to CNBC. A security analyst found an issue on October 11, and now the Equifax security team is looking into another possible breach.
“We are aware of the situation identified on the Equifax.com website in the credit report assistance link,” Wyatt Jefferies, an Equifax spokesman, said in an email. “Our IT and security teams are looking into this matter and out of an abundance of caution have temporarily taken this page offline.”
Equifax will share more information on the most recent security issue when it becomes available. But for now, here’s everything you need to know about the initial breach.
What’s the Equifax data breach?
From mid-May through July 2017, Equifax reported, “criminals exploited a U.S. website application vulnerability to gain access to certain files.”
These hackers accessed the names, Social Security numbers, birthdates, addresses — and, in some cases, driver’s license numbers — of millions of Americans.
They also accessed the credit card numbers of 209,000 people and “dispute documents with personal identifying information” for 182,000 people.
Equifax discovered the data breach on July 29, 2017.
Why is Equifax in such hot water over this cybersecurity incident?
While no data breach is a good data breach, Equifax has handled this one particularly poorly.
First, three Equifax executives sold shares worth nearly $2 million in the days following the data breach’s discovery. According to the company, the trio didn’t know about the incident at the time.
Then, in a statement released on September 15, the company announced that its chief security and chief information officers were “retiring.” Some people questioned Equifax’s use of the word “retiring” and its omission of the executives’ names.
“That’s a very different thing to being fired,” Ed Zitron, a media relations expert, told CNN. “[Equifax’s] not naming them and letting them retire to me suggests that [Equifax] didn’t really want to blame anyone.”
On September 26, the company announced that Chairman and CEO Richard Smith was retiring as well.
Equifax’s delay in informing consumers about the breach and lack of accountability have angered consumers and politicians — and could be a catalyst for change.
“The hack was awful, but then their response to the hack continued to show their incompetence,” Senator Mark Warner (D-Va.) told The Washington Post. “This should be a new impetus to move.”
Several lawmakers have proposed new data security laws in the weeks since the hack, reported the Post. Two such laws are the Freedom From Equifax Exploitation (FREE) Act and the Promoting Responsible Oversight of Transactions and Examinations of Credit Technology (PROTECT) Act.
The first prohibits companies like Equifax from charging customers to freeze or unfreeze their credit reports. The second ends the use of Social Security numbers as credit IDs, creates a national network for credit freezes, and increases government monitoring of credit agencies.
In addition to changing the way data breaches are handled in the future, many people want Equifax to be held accountable for its negligence and poor treatment of consumers.
At least 23 class-action lawsuits have already been filed against the company, USA Today reported. If the cases move forward, qualifying plaintiffs (like you, perhaps) will be included automatically.
Also suing Equifax is Massachusetts Attorney General Maura Healey, who said this breach might be “the most brazen failure to protect consumer data we have ever seen.”
Government regulatory agencies are getting on board too. The Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) both confirmed they’re investigating Equifax.
The CFPB is looking into Equifax’s response to the breach. Although it’s not clear what the FTC is examining, it’s unusual for the public to know about an FTC investigation this early on.
How to check if you were affected by the Equifax data hack
Because the Equifax data breach is so large and the company pulls data from a number of external sources — banks, credit card companies, etc. — it’s essential that you check whether your personal information might have been impacted.
After you enter your information, Equifax will offer you a year of free credit file monitoring and identity theft protection through a service called TrustedID Premier.
Although there were concerns that opting into TrustedID’s monitoring service could mean waiving your right to participate in a class-action lawsuit, Equifax publicly clarified its position.
In a progress update for consumers, the company said enrolling “does not waive any rights to take legal action.” It also noted you won’t automatically be enrolled in or charged for TrustedID Premier after the conclusion of the complimentary year.
To see if you were affected, visit Equifax’s “potential impact” page. There, you’ll be prompted to enter your last name and the last six digits of your Social Security number.
If the company believes your data wasn’t impacted by the breach, you’ll receive this message:
If it believes your data might have been impacted, you’ll receive this message:
Or you might receive a message with an enrollment date for TrustedID Premier like this one:
If your credit card numbers or dispute documents were part of the data hack, Equifax will send you a notice in the mail as well.
What you should do next
Do you think your information might have been compromised in the Equifax data hack?
Equifax is offering a year of TrustedID Premier for free. Other steps you can take after a big data breach like this one include freezing your credit and updating your passwords.
And if someone calls and asks you for information over the phone, hang up. As the FTC pointed out, Equifax isn’t calling — it’s a phishing attempt.
For more information, you can call Equifax’s dedicated phone line at 866-447-7559. It’s open from 7 a.m. to 1 a.m. ET every day.
Stay vigilant, as the hackers might not make moves right away. Keep an eye on your credit report, credit cards, and bank accounts today, tomorrow, and always.
This article was updated on October 13, 2017, and will continue to be updated as new information develops.
Interested in refinancing student loans?Here are the top 6 lenders of 2018!
|Lender||Rates (APR)||Eligible Degrees|
|Check out the testimonials and our in-depth reviews!|
|2.75% - 7.24%||Undergrad & Graduate||Visit SoFi|
|2.57% - 6.39%||Undergrad & Graduate||Visit Earnest|
|2.57% - 7.12%||Undergrad & Graduate||Visit CommonBond|
|2.99% - 6.99%||Undergrad & Graduate||Visit Laurel Road|
|2.74% - 7.26%||Undergrad & Graduate||Visit Lendkey|
|2.89% - 8.33%||Undergrad & Graduate||Visit Citizens|