Another day, another hack.
But this time, it’s a doozy.
On September 7, consumer credit reporting agency Equifax announced it had experienced a cybersecurity incident potentially impacting 143 million Americans — nearly half the country.
And if that wasn’t enough, on October 12, Equifax also had to take a customer help webpage offline because of security concerns, according to CNBC. A security analyst found an issue on October 11, and now the Equifax security team is looking into another possible breach.
“We are aware of the situation identified on the Equifax.com website in the credit report assistance link,” Wyatt Jefferies, an Equifax spokesman, said in an email. “Our IT and security teams are looking into this matter and out of an abundance of caution have temporarily taken this page offline.”
Equifax will share more information on the most recent security issue when it becomes available. But for now, here’s everything you need to know about the initial breach.
What’s the Equifax data breach?
From mid-May through July 2017, Equifax reported, “criminals exploited a U.S. website application vulnerability to gain access to certain files.”
These hackers accessed the names, Social Security numbers, birthdates, addresses — and, in some cases, driver’s license numbers — of millions of Americans.
They also accessed the credit card numbers of 209,000 people and “dispute documents with personal identifying information” for 182,000 people.
Equifax discovered the data breach on July 29, 2017.
Why is Equifax in such hot water over this cybersecurity incident?
While no data breach is a good data breach, Equifax has handled this one particularly poorly.
First, three Equifax executives sold shares worth nearly $2 million in the days following the data breach’s discovery. According to the company, the trio didn’t know about the incident at the time.
Then, in a statement released on September 15, the company announced that its chief security and chief information officers were “retiring.” Some people questioned Equifax’s use of the word “retiring” and its omission of the executives’ names.
“That’s a very different thing to being fired,” Ed Zitron, a media relations expert, told CNN. “[Equifax’s] not naming them and letting them retire to me suggests that [Equifax] didn’t really want to blame anyone.”
On September 26, the company announced that Chairman and CEO Richard Smith was retiring as well.
Equifax’s delay in informing consumers about the breach and lack of accountability have angered consumers and politicians — and could be a catalyst for change.
“The hack was awful, but then their response to the hack continued to show their incompetence,” Senator Mark Warner (D-Va.) told The Washington Post. “This should be a new impetus to move.”
Several lawmakers have proposed new data security laws in the weeks since the hack, reported the Post. Two such laws are the Freedom From Equifax Exploitation (FREE) Act and the Promoting Responsible Oversight of Transactions and Examinations of Credit Technology (PROTECT) Act.
The first prohibits companies like Equifax from charging customers to freeze or unfreeze their credit reports. The second ends the use of Social Security numbers as credit IDs, creates a national network for credit freezes, and increases government monitoring of credit agencies.
In addition to changing the way data breaches are handled in the future, many people want Equifax to be held accountable for its negligence and poor treatment of consumers.
At least 23 class-action lawsuits have already been filed against the company, USA Today reported. If the cases move forward, qualifying plaintiffs (like you, perhaps) will be included automatically.
Also suing Equifax is Massachusetts Attorney General Maura Healey, who said this breach might be “the most brazen failure to protect consumer data we have ever seen.”
Government regulatory agencies are getting on board too. The Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) both confirmed they’re investigating Equifax.
The CFPB is looking into Equifax’s response to the breach. Although it’s not clear what the FTC is examining, it’s unusual for the public to know about an FTC investigation this early on.
How to check if you were affected by the Equifax data hack
Because the Equifax data breach is so large and the company pulls data from a number of external sources — banks, credit card companies, etc. — it’s essential that you check whether your personal information might have been impacted.
After you enter your information, Equifax will offer you a year of free credit file monitoring and identity theft protection through a service called TrustedID Premier.
Although there were concerns that opting into TrustedID’s monitoring service could mean waiving your right to participate in a class-action lawsuit, Equifax publicly clarified its position.
In a progress update for consumers, the company said enrolling “does not waive any rights to take legal action.” It also noted you won’t automatically be enrolled in or charged for TrustedID Premier after the conclusion of the complimentary year.
To see if you were affected, visit this Equifax site. There, you’ll find a tool that allows you to enter your information to see if you were impacted.
If the company believes your data wasn’t impacted by the breach, you’ll receive this message:
If it believes your data might have been impacted, you’ll receive this message:
Or you might receive a message with an enrollment date for TrustedID Premier like this one:
If your credit card numbers or dispute documents were part of the data hack, Equifax will send you a notice in the mail as well.
What you should do next
Do you think your information might have been compromised in the Equifax data hack?
Equifax is offering a year of TrustedID Premier for free. Other steps you can take after a big data breach like this one include freezing your credit and updating your passwords.
And if someone calls and asks you for information over the phone, hang up. As the FTC pointed out, Equifax isn’t calling — it’s a phishing attempt.
For more information, you can call Equifax’s dedicated phone line at 866-447-7559. It’s open from 7 a.m. to 1 a.m. ET every day.
Stay vigilant, as the hackers might not make moves right away. Keep an eye on your credit report, credit cards, and bank accounts today, tomorrow, and always.
This article was updated on October 13, 2017, and will continue to be updated as new information develops.
Interested in refinancing student loans?Here are the top 6 lenders of 2018!
|Lender||Variable APR||Eligible Degrees|
|Check out the testimonials and our in-depth reviews!
1 Important Disclosures for Earnest.
To qualify, you must be a U.S. citizen or possess a 10-year (non-conditional) Permanent Resident Card, reside in a state Earnest lends in, and satisfy our minimum eligibility criteria. You may find more information on loan eligibility here: https://www.earnest.com/eligibility. Not all applicants will be approved for a loan, and not all applicants will qualify for the lowest rate. Approval and interest rate depend on the review of a complete application.
Earnest fixed rate loan rates range from 3.89% APR (with Auto Pay) to 5.87% APR (with Auto Pay). Variable rate loan rates range from 2.47% APR (with Auto Pay) to 5.87% APR (with Auto Pay). For variable rate loans, although the interest rate will vary after you are approved, the interest rate will never exceed 8.95% for loan terms 10 years or less. For loan terms of 10 years to 15 years, the interest rate will never exceed 9.95%. For loan terms over 15 years, the interest rate will never exceed 11.95% (the maximum rates for these loans). Earnest variable interest rate loans are based on a publicly available index, the one month London Interbank Offered Rate (LIBOR). Your rate will be calculated each month by adding a margin between 1.82% and 5.50% to the one month LIBOR. The rate will not increase more than once per month. Earnest rate ranges are current as of Month/Day/Year, and are subject to change based on market conditions and borrower eligibility.
Auto Pay discount: If you make monthly principal and interest payments by an automatic, monthly deduction from a savings or checking account, your rate will be reduced by one quarter of one percent (0.25%) for so long as you continue to make automatic, electronic monthly payments. This benefit is suspended during periods of deferment and forbearance.
The information provided on this page is updated as of 08/21/18. Earnest reserves the right to change, pause, or terminate product offerings at any time without notice. Earnest loans are originated by Earnest Operations LLC. California Finance Lender License 6054788. NMLS # 1204917. Earnest Operations LLC is located at 302 2nd Street, Suite 401N, San Francisco, CA 94107. Terms and Conditions apply. Visit https://www.earnest.com/terms-of-service, email us at firstname.lastname@example.org, or call 888-601-2801 for more information on ourstudent loan refinance product.
© 2018 Earnest LLC. All rights reserved. Earnest LLC and its subsidiaries, including Earnest Operations LLC, are not sponsored by or agencies of the United States of America.
2 Important Disclosures for Laurel Road.
Laurel Road Disclosures
Savings example: average savings calculated based on single loans refinanced from 9/2013 to 12/2017 where borrowers’ previous rates were disclosed. Assumes same loan terms for previous and refinanced loans, and payments made to maturity with no prepayments. Actual savings for individual loans vary based on loan balance, interest rates, and other factors.
Application detail: 5 minutes indicates typical time it takes to complete application with applicant information readily available. It does not include time taken to provide underwriting decision or funding of the loan.
Instant rates mean a delivery of personalized rates for those individuals who provide sufficient information to return a rate. For instant rates a soft credit pull will be conducted, which will not affect your credit score. To proceed with an application, a hard credit pull will be required, which may affect your credit score.
Total savings calculated by aggregating individual average savings across total borrower population from 9/2013 to 12/2017. Individual average savings calculation based on single loans refinanced from 9/2013 to 12/2017 where borrowers’ previous rates were provided. Assumes same loan terms for previous and refinanced loans, and payments made to maturity with no prepayments. Actual savings for individual loans vary based on loan balance, interest rates, and other factors.
3 Important Disclosures for SoFi.
4 Important Disclosures for LendKey.
Refinancing via LendKey.com is only available for applicants with qualified private education loans from an eligible institution. Loans that were used for exam preparation classes, including, but not limited to, loans for LSAT, MCAT, GMAT, and GRE preparation, are not eligible for refinancing with a lender via LendKey.com. If you currently have any of these exam preparation loans, you should not include them in an application to refinance your student loans on this website. Applicants must be either U.S. citizens or Permanent Residents in an eligible state to qualify for a loan. Certain membership requirements (including the opening of a share account and any applicable association fees in connection with membership) may apply in the event that an applicant wishes to accept a loan offer from a credit union lender. Lenders participating on LendKey.com reserve the right to modify or discontinue the products, terms, and benefits offered on this website at any time without notice. LendKey Technologies, Inc. is not affiliated with, nor does it endorse, any educational institution.
5 Important Disclosures for CommonBond.
6 Important Disclosures for Citizens Bank.
Citizens Bank Disclosures
|2.47% – 6.99%3||Undergrad & Graduate||Visit SoFi|
|2.47% – 5.87%1||Undergrad & Graduate||Visit Earnest|
|2.47% – 8.03%4||Undergrad & Graduate||Visit Lendkey|
|2.95% – 6.37%2||Undergrad & Graduate||Visit Laurel Road|
|2.48% – 6.25%5||Undergrad & Graduate||Visit CommonBond|
|2.72% – 8.32%6||Undergrad & Graduate||Visit Citizens|