What the Equifax Data Breach Means for You
Considered the worst data breach ever, Equifax lost 143 million records to attackers over the course of several weeks. It dwarfs even Yahoo and Ashley Madison's hacks, which were considered the worst data leaks in the last few years. The data leak didn't even result in a high number of records lost to hackers, but the type of data that was exposed could cost consumers millions in damages.
What is Equifax?
Equifax is one of the "big 3" that reports a credit score to potential creditors. Whether you want a car loan, a credit card, or even a house, your name and social security number are run through three main credit bureaus. Equifax is one of these bureaus along with Experian and TransUnion. They return a score to creditors, and usually the creditor will take all three and average them out to get your mean score. This mean score is the basis of whether you're able to get financing.
Every time you need credit, you fill out a form and highly sensitive data is sent to these credit bureaus to recognize "you" as "you" when you want credit. If you have a bad score, what happens if you use someone else's information? You could then open a loan in another name and default on the loan with no damage to your own credit score.
What Happened with the Breach?
Some accusations are still speculative, but the main issue is the massive amount of sensitive data that was lost from the attack. It's estimated that attackers had continuous access to information for several weeks before Equifax decided to release the information to the public. Only 143 million records were lost compared to the billion credit card numbers lost during the Target attack. However, the data lost in the Equifax data breach includes social security numbers, first and last name, addresses, driver's license numbers, and birth dates.
Every bit of information leaked is enough for an attacker to open credit cards in your name, or they can choose to even get loans in your name. If you understand the importance of good credit, you can see that this could be devastating to your credit score and could severely impact your ability to get a loan in the future.
Equifax has been accused of handling the entire situation poorly. First, it took them five weeks to finally release the information to the public. All corporations are required to make a statement announcing that data was breached. Security experts are unsure why Equifax waited so long to finally go public with the information.
Another interesting observation was that prior to the announcement, executives dumped $1.8 billion in stock. This occurred only a few days before Equifax made the final announcement. As you can guess, their stock plummeted after the statement was released.
Even worse was Equifax's lackluster attempt to notify users. They created the site equifaxsecurity2017.com where users can type their information into a form and receive information on their records. The first problem is that the site is hosted with basic WordPress with little security. The domain wasn't even registered to Equifax initially and even some firewall and DNS filtering systems such as Cisco were blocking the site as a phishing domain. The SSL certificate was configured incorrectly, and traces of usernames were included in some pages. As far as secure websites go, Equifax put together one of the worst sites that it could to then take user information from the public.
Equifax has fixed many of the errors that were on the data breach site, including error codes that could be used to hack into the site's database. It's still recommended that you should proceed with caution before you enter your data into their website form.
What Can Happen to You?
Just think of the last time you went to get a car loan. You filled out a form where you entered your social security number, driver's license number, and much more of your private information. All of this information was leaked from Equifax. An attacker could go to a car dealership with your information and take out a loan in your name.
Most likely, attackers will sell the information on the black market. The Dark Net is a place on the internet invisible to regular search engines. You need the Tor browser to access it. It's an underground area of the internet where you can buy almost anything. You can buy weapons, guns, and -you guessed it--stolen private data. Stolen data that can be used for identity fraud is a big seller for attackers, and they can make a fortune on this attack. They can sell data in batches or sell the entire list for a high price.
Attackers that sell your data will probably sell to someone who would then even resell it again or use it to create credit cards with your information. They create credit cards, load them up until they are filled, and then never pay the bill. For people with great credit, this could mean tens of thousands of dollars in fraudulent charges, which can follow you for years.
The most frustrating part for the US public is that the damage will last for years. It will be a constant battle for those affected, and if you are on the list, you will need to constantly monitor your credit rating every year. It's better to monitor your credit rating than find out that someone has been charging thousands of dollars in your name only to default on the loans.
What Can You Do to Protect Your Credit?
The hardest part about this breach is that there are no passwords or data to change. The only thing you can do is monitor your credit. Plenty of credit monitoring services will offer to send alerts for a fee.
Another option is to get your free credit report each year. You are legally able to get one free credit report a year, so you can monitor your credit on your own. Just make sure you sign up for a monitoring service that doesn't have many hidden charges, and many of them do.
You need to contact the credit bureau to have any fraudulent information removed from your report. It's essential for your financial future to make sure you have a good credit score. It's the foundation of many loans including mortgages, cars, and credit cards.
It is highly recommended that everyone who suspects their personal information has been compromised, obtain identity theft protection as soon as possible. There are several organizations that provide identity theft protection service to US residents. We have selected the best 3 protection plans allowing you to get protected immediately and for free for the first 30 days. Select the most suitable option for you below.
Consumers who have been targeted by scammers over the phone or the internet could have had their identity breached. It is highly recommended that everyone who suspects their personal information has been compromised, obtain identity theft protection as soon as possible. There are several organizations that provide identity theft protection service to US residents. We have selected 3 protection plans allowing you to get protected immediately and for free for the first 30 days. Select the most suitable option for you below.