The Equifax data breach exposed the most secure information of over 143 million Americans. Learn the facts to protect yourself in the aftermath.
In case you’ve been in a digital-time out, Equifax, one of the country’s three major credit reporting agencies, announced one of the scariest data breaches of all time.
According to Equifax reps, the personal information of more than half the country’s population was stolen over a period close to two months long.
Even if you don’t use Equifax for your credit monitoring, it’s certainly monitoring you.
Anytime you open a bank account, get prescreened for a new credit card, or apply for a loan or mortgage, Equifax knows.
Equifax has been storing details about you in their databases for as long as you’ve been old enough to open accounts.
Though you can’t guarantee these serious leaks won’t happen again, you can take proactive steps to lessen the odds they happen to you.
Let’s talk about what really went down with the Equifax hack before we get to what you can do to protect yourself today.
Here Are the Facts We Currently Know About the Equifax Hack (September 2017)
Unlike other one-time hacks, the Equifax data breach occurred from the middle of May 2017 through July. It was discovered on July 29.
The official Equifax breach announcement says:
- Exposed data includes names, Social Security numbers, birth dates, driver’s license numbers, and addresses of 143 million American adults.
- Credit card numbers for 209,000 consumers were exposed.
- Dispute documents with personal identifying information for 182,000 consumers were stolen.
- UK and Canadian consumers are also affected as the hackers had unauthorized access to limited personal information from residents in the UK and Canada.
How did all of this happen?
Equifax claims they’ve been “intensely investigating the scope of the intrusion” with the help of a leading independent cybersecurity firm to determine what information was accessed and which consumers and data have been impacted.
So far they know hackers discovered a vulnerability in a US website application (Apache Struts CVE-2017-5638). This allowed the hackers to gain unauthorized access to Equifax’s secure files.
Once Equifax learned of the attack, they immediately took steps to stop the intrusion and plug up the hole.
But the biggest question everyone still has: Is my confidential information ever going to be safe again?
What Happens to Your Online Security After a Hack Like the Equifax Security Breach?
Data breaches occur because a hacker (or group of hackers) wants to use the stolen information for their own purposes. Most likely they want to sell that stolen information to a group of bigger thugs.
For example, the information exposed in this Equifax hack could allow nefarious individuals to start printing fake driver’s licenses to give to those who cannot obtain them legally.
“This is a goldmine of information for a thief,” Chi Chi Wu, an attorney at the National Consumer Law Center, explains to CNN.
Not only is this priceless information what hackers need to open accounts in your name, steal your tax refunds or other government benefits and checks, and basically ruin your life, it’s never going to change.
Unlike a password or email address you can change or make stronger, you can’t change when you were born. You definitely can’t get another social security number.
That makes the Equifax data breach so much more dangerous for consumers. You cannot change the information stolen from you and it’s out there forever.
On a larger scale, hacks like the Equifax cybersecurity incident contribute to the greater threat of cyberwar.
“Cyberwar is in large part conducted through data mining and cyber-intelligence," Avivah Litan, an analyst at Gartner, explains to NBC News.
“Enemy nation states build databases of Americans that they then use to get to their targets, for example a network operator at a power grid, or a defense contractor at a missile defense company.”
So what should you do?
Assume You’ve Been Affected by the Equifax Hack
Equifax plans to send direct mail notices to those affected by the release of their credit card numbers and dispute information. That accounts for less than 400,000 affected consumers though.
Equifax will not be sending notifications to those who lost their personal information in the hack.
Neal Creighton, chief executive of CounterTack, tells CNBC, “The first assumption a consumer should make is that they are affected.”
Since you have more than a 50/50 shot of being affected, the odds aren’t in your favor.
Head over to EquifaxSecurity2017.com to find out if you’ve been impacted.
Enter your last name and the last six digits of your social security number and you’ll be given one of two statements:
Based on the information provided, your personal information was not impacted by this incident, or it may have been affected.
Regardless of if you’ve been identified as a victim, Equifax is offering free credit monitoring for a year so you’ll be alerted if someone tries to use your exposed information to open accounts in your name.
Many consumers are crying for a long-term strategy since this will continue to be a long-term issue for those who’ve had their identifying information exposed.
“When breaches like these happen, consumers need to be diligent — and not just in the short term,” Matt Schulz, senior industry analyst at CreditCards.com, said.
“Just because nothing looks amiss on your bank statements or your credit report now, that doesn't mean you haven't been compromised.”
Learn How to Protect Your Secure Information in the Future
The Equifax hackers know the world is watching their every move.
Fran Rosch, the executive vice president and general manager of consumer business at Symantec, the owners of LifeLock, the identity-theft protection service, says:
“[The hackers are] going to keep a low profile for a little bit, maybe even for a year, while people have free credit monitoring in place. They’ll strike when we’re not looking.”
Here’s what you can do to protect yourself:
Monitor Your Accounts and Credit Report
Since the breach occurred for quite awhile, hackers and thieves had plenty of time to sell the information they gained and make changes to your account.
Your credit reporting agency should alert you to any new accounts or unauthorized activity going on under your identity.
Stay vigilant and monitor your financial accounts, credit report, and credit card statements. Report any suspicious activity immediately.
You’re entitled to one free credit report every year so check it now and then keep watching it.
Add a free fraud alert to your credit reports and that will require creditors to take additional steps to prove your identity.
Fraud alerts usually expire after 90 days, but they can be renewed. You can also request an extended fraud alert to stay on your credit report for the next seven years.
Independent third party companies will monitor your credit for a small fee each month. They’ll track down less obvious sources of suspicious activity to give you an edge over hackers.
Go a Step Further with the Full Identity-Protection Package
Though the free credit monitoring offered by Equifax may help some feel slightly better, others don’t trust the same people who lost their information to also monitor and protect it.
Polly Mosendz from Bloomberg Technology reports that the number of Americans flocking to identity protection services like LifeLock has skyrocketed since the Equifax hack.
Since the Equifax security breach, LifeLock has noticed:
- 6x the usual website traffic
- 10x the number of new signups every hour
- Over 100,000 new members
What’s even more surprising is that new LifeLock customers are 10 years younger than their average customer and spending more for the premium protection service ($29.99/month) over the standard package ($9.99).
Freeze Your Credit
Whether you’ve been identified as a victim or simply want to take the strongest approach to the Equifax hack, you can always freeze your credit.
After you request the freeze from each of the three credit reporting agencies, anyone (including you!) will be prevented from opening a new account in your name.
Freeze your credit and you’ll need to pay a fee between $5 and $10 to lift it when you want to apply for credit or open a new account.
Chances are high a hacker won’t take the time to deal with this and move on to one of the millions of names they have on their list.
Though it can be a pain in the bum for you to keep freezing and lifting your credit, this route offers the most protection when it comes to lines of credit being opened in your name.
Just don’t forget that a credit freeze doesn’t stop hackers from getting into your existing accounts and charging purchases, stealing your information, or collecting your passwords.
Find a Secure Password Manager
Even though passwords weren’t exposed in the Equifax hack, your passwords are just as vulnerable — and exposed — as your personal information.
If you’re still using your notebook, an old spreadsheet, or your browser to store your passwords, you need to wise up learn all the real reasons everyone needs a password manager yesterday.
From draining your financial accounts to stealing your identity, hackers consider passwords better than gold. How many of your online accounts will be compromised if a hacker steals just one password?
Check out our tips for finding the best password manager by this afternoon and protect your passwords just as fiercely as your social security number… and email address.
Secure Your Email Address
When you learn all the scary reasons to stop giving out your email address, you’ll start yelling at your friends for leaving theirs so vulnerable.
Hackers who have your email address can do everything from make password reset requests to read your confidential emails (which may contain your social security number and other sensitive material).
Since so much of our lives happen via our inbox, your email address could be the key a hacker needs to bring your entire world crashing down.
Never Give Out Your Personal Email Again with Joinesty
As a secure password manager, Joinesty saves your login information (i.e., your username, email address, and password) and fills them in whenever you visit that site.
Joinesty employs bank-level security to protect your data so it’s safer than your browser’s autofill function even though it’s just as easy to use.
Even though we’re a password manager, we have another trick up our sleeve.
Joinesty is the only secure password manager to protect you via secure email address creation too!
Using the Joinesty browser extension’s patent pending technology, we’ll create a unique email for every site you want to use or join.
We’ll inject that unique email address into the sign-up fields, or provide you with a unique email address to copy and paste, so you never have to give out your personal email address ever again.
You won't notice any disruption in your email service. We’ll forward all the emails you receive directly to your inbox.
The next time you hear of a data breach, you know hackers won't have your passwords or your personal email address.
In the age of internet insecurity, we’re the first step in taking back control of your online life. Secure your accounts. Protect your privacy. Live better online.
Start your free 14-day trial of Joinesty and see our secure email address creation feature in action now!