News no one wants to wake up to: You may be one of millions of Americans now at risk for identity theft.
On Thursday the credit reporting agency Equifax said it had been the target of a massive cyber attack from mid-May through July.
What is Equifax?
Equifax is one of three credit reporting agencies, or bureaus. The others are Experian and Transunion. Credit reporting agencies collect data on consumers related to all aspects of their financial lives, including bank and credit card account information, mortgages, and bankruptcies. They file this information in something called a credit report.
Credit reporting agencies also create something called a credit score, ranging from 300 to 850; the latter is considered perfect credit. Credit scores affect the cost of loans, and all consumers who have applied for credit have a credit score.
Equifax said cybercriminals gained access to its network by exploiting a website vulnerability, making off with the personal information for 143 million U.S. consumers ( nearly half the country’s population). That information included names, addresses, social security numbers, birth dates, and in some cases driver’s license numbers.
Additionally, criminals walked away with credit card details for 209,000 consumers, and personally identifying information related to credit disputes for an additional 182,000 consumers.
This kind of stolen information is bought and sold by criminals on the black market, and via something called the Dark Web.
Numerous other companies in recent years have suffered big hack attacks resulting in the loss of important customer data. Two such attacks include Yahoo, where names and email addresses for 1.5 billion customers were stolen in 2016, and JPMorgan Chase which lost names and log-ins for about 80 million accounts in 2014. The Equifax hack attack, however, is the most significant such breach in terms of potential damage to consumers, financial experts said.
“On a scale of one to 10, this is a 10 in terms of potential identity theft,” Avivah Litan, a senior security analyst for research firm Gartner told the New York Times on Thursday. “Credit bureaus keep so much data about us that affects almost everything we do.”
The breach is also problematic because credit reporting agencies including Equifax provide services to consumers that monitor credit behavior for risk from fraudsters.
What could this hack mean for me?
- Cybercriminals have stolen up to five vital pieces of information necessary for establishing fraudulent financial accounts. If you’re affected by the break in, hackers could potentially open accounts in your name.
- In addition to credit card accounts, cybercriminals can apply for other loans in your name, including mortgages. Additionally, they can commit medical insurance fraud, or file for tax returns. With your personal information, it’s also possible for cybercriminals to commit non-financial crimes in your name.
- Identity theft resulting in the opening of fraudulent accounts can affect your credit score.
What does this mean for investors?
The breach is bad news for Equifax, a publicly traded company entrusted with some of the most valuable information that consumers have.
As a side note, three top Equifax executives, including the company’s chief financial officer, sold stock worth nearly $2 million immediately following the breach, according to various reports. In response, Equifax said the executives had no knowledge of the break in prior to the sale, the Wall Street Journal reports.
On Friday, Equifax stock fell nearly 15% to $121 in early morning trading .
Note: Global Citizen, an ETF on Stash contains a small amount of stock in Equifax.
What can I do about it?
There are things you can do to protect yourself. Before you start panicking, read this:
Credit monitoring. Equifax says it will provide one free year of credit monitoring services, which consumers can sign up for online. It requires entering the last six digits of your social security number and last name. If you sign up, you’re agreeing to arbitration related to the use of Equifax’s credit monitoring service, but not for the hack attack itself, the company says.
Consider freezing your credit. This is a security measure that will make it more difficult for cybercriminals to open a new line of credit in your name. You can find out more about that here.
Change passwords for all online accounts, and regularly update them. This can include email, as well as financial accounts. Use two-factor authentication when possible. Various online services exist to help you secure your accounts. LastPass is one example. There are many others. Just because it is so important, we will say this again: If any websites you use offer two-factor, turn it on.
Report it. If you become the victim of identity theft, report it to your local police department. Also file a report with the Federal Trade Commission, which can help you create an identity theft recovery plan. You can do that here.
Check your credit report for irregularities. You’re entitled to a free copy every year from each of the three credit reporting agencies.
Contact your local DMV if you believe your driver’s license number was stolen.
Contact the Social Security Administration if you believe someone has obtained, or is fraudulently using your social security number. The agency’s website can be found here.
- Cybercriminals stole the personal details of 143 million consumers from Equifax, one of the three credit reporting bureaus in the U.S.
- Criminals can use that information to set up fraudulent credit accounts in your name, and to commit other crimes.
- If your identity has been stolen, there are steps you can take to recover, including contacting local authorities.
Want to know more about the steps you can take to protect yourself? Click here.
Jeremy Quittner is the financial writer for Stash.