The biggest hacking story of 2017 will undoubtedly be the fact that Equifax recently announced that hackers had stole the sensitive account information from approximately 143 million people. Equifax is one of the “big three” credit bureaus in the United States, handling the credit information for millions of people that enable loans, credit scores, mortgages, and more. Information stolen includes Social Security numbers, birth dates, addresses, and even some drivers license information. Obviously this is a huge deal, and is enormous in terms of the hack itself as well as how costly this will inevitably be to both the company, consumers, and fallout companies that end up affected by stolen information.
In addition to the stolen information listed, Equifax also admitted that the credit card information for over 200,000 users had been stolen as well. The credit card information stolen includes the account number, expiration date, and account holder’s name–which is enough to purchase information from some online retailers using the stolen information.
Obviously this is very bad news for most Americans, and Equifax’s response to the incident was a far cry from adequate. The company put up a website at https://www.equifaxsecurity2017.com/ in order to allow people to search and see whether or not their data had been stolen in the breach. However according to many sources, the site was hopelessly broken and was giving different results for the same information when entered a second time. For the time being, it would be safest to assume that your information was among that stolen.
It was also reported that https://www.equifaxsecurity2017.com/ was broken or non-responsive at the time the news broke headlines. Conspiracy theorists speculated that it was an attempt by Equifax to throw people off the scent (as they may not want to offer free credit monitoring to the entire United States) and that most would forget about it by the time the hack fell off front page news (given the average attention span of American citizens these days). Many serious security bloggers thought it was a stall tactic or sham. However that remains unconfirmed speculation.
From popular security blog Krebsonsecurity.com:
Others (myself included) received not a yes or no answer to the question of whether we were impacted, but instead a message that credit monitoring services we were eligible for were not available and to check back later in the month. The site asked users to enter their last name and last six digits of their SSN, but at the prompting of a reader’s comment I confirmed that just entering gibberish names and numbers produced the same result as the one I saw when I entered my real information: Come back on Sept. 13.
Certainly seems fishy, and Equifax’s handling of the situation seems to have been completely unprofessional.
What To Do
It doesn’t hurt to sign up for the free credit monitoring that Equifax is offering, but don’t expect that to save you from identity theft. Credit monitoring can only alert you to the fact that someone is opening accounts in your name – you’ll still have to clean up the mess later. Krebsonsecurity.com is advocating a much tougher defense against identity theft – freezing your credit. You will find their guide to freezing your credit here, and it’s very informative.
Basically you will freeze your credit at each of the major credit bureaus. If you need to obtain a new line of credit for something — say a mortgage or a loan — you will have to unfreeze your credit at the institution that the lender uses to check your credit. It may be one, or it may be all. Unfreezing your credit lasts for 24 hours. It’s a bit of a hassle, but it’s much better than having to go through the turmoil of having your credit dragged through the mud by thieves. Not to mention the hours and cost that goes into repairing your credit after your identity has been stolen.