“Based on the information provided, we believe that your personal information may have been impacted by this incident,” Equifax.
This is the message consumers are receiving now when they visit an Equifax site to learn about a massive cyberattack that may have put most of their private information in the hands of thieves.
When you hear this credit reporting giant Equifax has fallen victim to a cyberattack, any doubts you may have about the capabilities of hackers should go out of the window.
The agency revealed on Thursday that hackers had made their way into its system and exposed crucial data on what could amount to half of the U.S.’s population. Personal information, including Social Security numbers, of 143 million people could now be in the hands of some of the most unscrupulous people on earth.
Other information that’s now in the hands of who knows who are birth dates, addresses and even driver’s license numbers. That’s not all. Equifax said that the credit numbers of roughly 209,000 U.S. consumers were assessed, along with personal identifying information for approximately 182,000 U.S. consumers.
Then there’s the UK and Canada. Equifax says it identified the unauthorized access to residents residing in those countries, too. As if any solace can be taken from this, Equifax noted that it “has found no evidence that personal information of consumers in any other country has been impacted.”
In announcing the nerve-racking breach, Equifax said that it discovered the unauthorized access on July 29, and “acted immediately to stop the intrusion.” This included bringing in an independent cybersecurity firm that’s conducting a comprehensive forensic review.
While questions arose as to why Equifax waited more than a month to tell consumers about the breach, industry players say this is typical in breaches like this. That’s because time is allotted to allow the investigation to take place before going to the public. Equifax says its investigation is largely complete.
Adding insult to injury
In what can only be equated to the response from United Airlines’ CEO after one of his passengers was dragged off a plane, Equifax seems to be saying “hold my beer.”
It’s directing consumers who may have been affected by the outrageous breach to sign up for an identity theft protection and credit file monitoring service that is not even immediately available.
I clicked on the link, entered some credentials, and up popped the message I noted above that I had been “impacted.” Next was a message that I had to wait until Sept. 12 to actually enroll.
I don’t know about you, but for me, the thought of having to wait five days just to enroll in a service to hopefully stop the bleeding from a credit bureau breach is quite unsettling.
The service is called TrustedID Premier, and it comes with some catches. One of them that may prove to be the most aggravating to consumers relates to class action lawsuits, which I can only imagine there will be plenty of in light of this breach. When you sign up for the TrustedID Premier, you’re pretty much signing away your right to sue in a class action filing. Instead, you must go through arbitration.
This language is typical in the terms and agreements for financial institutions which frequently find themselves on the receiving end of lawsuits. However, given this massive breach, there are bound to be calls for class action lawsuits to remedy the millions whose personal data has been compromised.
For what it’s worth, the service is “complimentary.”
Investors react along with consumers
Equifax’s revelation shook consumers, and it didn’t sit well with investors either. Investors unloaded the stock (EFX) and sent it plunging almost 17% Friday morning. After the market opened today, the stock was well on its way to its biggest price drop since 1999, according to reports.
Investors are also trying to make heads or tails of some the execs in Equifax’s C-suite unloading shares after the breach. Reports say the company’s CFO, and two other execs sold a total of $1.8 million of their shares in the company on Aug. 1 and Aug. 2, which puts their moves happening just days after the company says it detected the breach.
Equifax maintains these execs had no knowledge “that an intrusion had occurred at the time they sold their shares,” the company said in a statement. No matter, the moves were good for them because they effectively avoided the losses other investors are incurring now since the breach news broke.
What you should do
The fact that an agency that houses the bulk of the most crucial information that thieves thrive on getting their hands was vulnerable to hacks is disturbing. It’s like they have the keys to the bank! Identiy theft may have just gotten easier for crooks.
It will be interesting to learn how this breach occurred, but the ramifications for those affected will be felt for some time to come.
One takeaway from Equifax being hacked is the importance of staying on top of what’s in your credit reports. There are myriad free services that will regularly send you information about credit report, which includes the all-important credit score. Remember, there are three credit reporting bureaus. Experian and Transunion are the other two. Make sure you stay abreast of the files each of them keep on you.
In addition to the website, Equifax has set up a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. to 1:00 a.m. (EST).
Equifax said it expected the review to be completed in the coming weeks. In the meantime, questions will abound about how this happened, and what additional proactive steps this bureau, and others, will take to make sure this does not happen again. Given the bravado, and persistence of hackers to search for ways to breach systems, this is probably just the tip of the iceberg. The onus will be on consumers to watch, like hawks, how our information is collected and used.
In the meantime, in addition to the questions that will abound about how this happened, there will be questions about what additional proactive steps this bureau, and others, will take to make sure this does not happen again. Given the bravado, and persistence of hackers to search for ways to breach systems, this is probably just the tip of the iceberg.
The onus will be on consumers to watch, like hawks, how our information is collected and used.