On July 29th, it was discovered that cybercriminals had “exploited a U.S. website application vulnerability to gain access to certain files,” according to the company. In the statement released on August 7th announcing the breach, Equifax reported that those responsible had managed to access information including names, birth dates, addresses, Social Security and Driver's license numbers. 209,000 people also lost their credit card information, and dispute documents with personally identifiable information were accessed affecting another 182,000 people.
The scope of this attack is staggering, especially considering that the total population of the United States is estimated by the Census Bureau to be 324 million adults. A quick calculation tells us that the 143 million potentially affected makes up a full 44 percent of the country’s total adult population.
As if this situation isn’t bad enough for Equifax, the activities of some of the company leadership are also being called into question. Chief Financial Officer John Gamble Jr., U.S. Information Solutions President Joseph Loughran, and Workforce Solutions President Rodolfo Ploder sold almost $2 million in company shares mere days after the breach was uncovered. While it is not yet clear if the breach and these sales are connected, Equifax has released a statement stating that the men had no knowledge of the intrusion when the sales were made.
The company’s stocks fell by more than 12 percent shortly afterward.
Equifax is currently working with state and federal authorities, including the FBI, and is actively alerting those whose information was accessed through the mail. We suggest that you keep an eye on your mailbox in case you have been breached.
There are plenty of websites and services, including one from Equifax, dedicated to determining whether or not your personal information was accessed--all you have to do is give these sites and services access to your personal information. In light of what has happened, we do not recommend taking this route. Instead, you should be careful to monitor your own financial information and to report any oddities to the proper authorities.
You may also be tempted to enroll in an identity protection service. Equifax themselves are offering a free year of monitoring from their service, called TrustedID. However, there have been reports that enrolling in this service will leave you ineligible to participate in a class action lawsuit against Equifax. If you decide to enroll, make sure you understand all of the fine print. Otherwise, you should make sure to go through and change your passwords and watch your credit statements for suspicious activity. This is especially true if you utilized any of Equifax’s business services, as your business could be affected as well.
If you suspect that your information was stolen, the Federal Trade Commission offers a helpful guide to determining if that is the case. If so, you need to report it to the Federal Trade Commission as well as place a fraud alert on your credit report.