Here we go again. And one can argue that this time it's one of the most impactful breaches yet. It's hard to believe we're talking about another grand security breach - and perhaps the likes of which we've never seen before. My fear is we're getting so accustomed to them that we're losing any appropriate sense of concern.
Today the credit reporting agency Equifax announced that hackers gained access to sensitive personal data - Social Security numbers, birth dates and home addresses - for up to 143 million Americans. This is one of the most major cybersecurity breaches and at a company that serves as one of the three major clearinghouses for Americans’ credit histories.
While the company learned about the breach July 29th, they didn't announce it till now -- more than a month later! According to Equifax, the company's database was breached through a vulnerability on its website, exposing the personal information of an estimated 143 million people, including some in the UK and Canada.
About 209,000 people have had their credit card numbers stolen, while hackers also stole documents with personal information on 182,000 victims, Equifax said in a statement to its investors. Beyond this, Equifax declined to comment on questions seeking more details on what type of data was compromised.
Equifax is one of three major companies that monitor credit scores after massive data breaches. Companies like Target, Home Depot and Sony have offered free credit monitoring through Equifax after they suffered breaches. Now Equifax is offering its credit monitoring service for people affected by its own breach.
How can I find out if I was affected?
Equifax has set up its own program to help people find out if they were one of the millions affected in the hack. The program isn't exactly straightforward, however - it requires a multi-step process that takes place over the course of at least one week. Here's an overview of the process:
Step 1: Head to this enrollment page and click "Begin enrollment." Enter your last name and last six digits of your social security number and head to the next page.
Step 2: If you received an enrollment date, write it down. Seriously, on paper (or, you know, Google Calendar). Equifax does not ask for your email address, so it won't remind you of your enrollment date.
Step 3: On (or after) your enrollment date, head to this page to continue the enrollment process. You have to complete the enrollment process by November21.
If you think the above process is opaque and a bit confusing, you're not alone. These steps, however, seem to be your best protection against the breach right now.
What exactly am I enrolling in?
According to Equifax, those affected are enrolling in a free, one-year subscription TrustedID, which is an identity protection company owned and operated by Equifax. According to this page, the service normally costs $27.99 per month for a family plan.
Should I be worried about identity theft?
The purpose of the free TrustedID enrollment program is to help protect you from identity theft. What we don't know, however, is what happened during the months that Equifax didn't know about the breach (or was preparing to tell the public). Because this gap represents several months that personal data was exposed, we suggest taking extra care in protecting your identity and watching for signs of identity theft
For more information on the signs of identity theft, check out this FTC page.
What do you think? Has this info been helpful? Are you any more or less surprised or concerned after yet another major security breach? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.