Equifax’s Cybersecurity Breach & Free Credit Monitoring
Equifax announced on September 7, 2017 that they had an incident where consumer’s information was hacked. A potential of 143 million US consumers could be impacted, which is a staggering number.
Information Accessed During the Breach
The information accessed during the hack is as follows:
- Names
- Social security numbers
- Birth dates
- Addresses
- Some driver’s license numbers
- Credit card numbers for 209,000 US consumers
- Certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers
Details on the Breach
The breach was discovered on July 29th but had been going on since mid May. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
You can read Equifax’s full press release here.
Next Steps
Equifax has set up a website (https://www.equifaxsecurity2017.com/) where you can go to see if your data has been breached. From various data points so far, you should receive one of two messages.
If your data has not been breached you will get a message saying the following after filling out your info:
Based on the information provided, we believe that your personal information was not impacted by this incident.
If you your information has been compromised you will get receive the following message:
Based on the information provided, we believe that your personal information may have been impacted by this incident.
You will then be given a date to come back and enroll for your “free” TrustedID Premiere service. Enrollment ends on November 21, 2017.
TrustedID Fears and Issues
There is some fear that if you sign up for TrustedID that you will waive your right to participate in a class action lawsuit. You can find their terms here.
There are already talks of a massive class action lawsuit and we will let you know about that if/when it develops. Although, with a potential 143 million plaintiffs I doubt your payout would be very high. However, it is something you need to consider when making a decision whether or not to use the service.
There are also a lot of ways to monitor your credit for free if you don’t want to opt-in to Equifax’s offering in order to make sure you don’t give away your rights.
Conclusion
This is terrible news for US consumers. I believe Equifax is doing the bare minimum by offering TrustedID Premiere for free. And making people come back on a designated date without any kind of reminder seems inexcusable. To make matters worse it looks like some Equifax executives dumped stock immediately after learning of the breach.
If you are an adult, with any type of credit, there is a good chance your information is at risk. It is imperative that you monitor your credit very closely going forward, whether you decide to use TrustedID or another monitoring service.
Chase Sapphire Preferred® Card
Chase Sapphire Preferred® Card is the old king of travel rewards cards. Right now bonus_miles_fullLearn more about this card and its features!
Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities.
[…] security number is a new protection measure. With all of the corporate hacks, looking at you Equifax, Uber, and Tio/PayPal, extra security is almost a necessity these […]
[…] hacks are becoming more and more common. And for a company to keep it under wraps, similar to the Equifax hack, is […]
If companies force us to settle our scores outside of court, they had best be ready for the way we might choose to settle those scores–in person, at their headquarters in Atlanta, or wherever their employees or contractors live.
EQ site said nothing about my info being affected or not at all but showed the date to apply for Trusted ID.
I think that also means you were affected.
Face it, American companies are based on greeed and low values of ethics. The courts will not protect the consumer involved in this, and Equifax has already stated that it will not take responsibility for it’s problems. Class action lawsuits are virtually useless in these matters, all they do is afford the offending party an opportunity to absolve themselves of their responsibilities for pennies on the dollar to the individuals affected. Here we have a clear situation where consumers need to rely on an organization for their financial health, and the organization just administered bad medicine, and has a callous disregard for their actions. And then they thumbed their nose at their consumers.
Fair points. I wouldn’t be surprised if this leads to Equifax being bought out down the line after the stock plummets, their senior execs get investigated, and they pay out for a lawsuit.
What they should have done is suck it up, admitted they were wrong, and said they would make it right whatever it takes. But we unfortunately don’t live in that world.
The site to check if you’re affected said my info may not have been compromised. I did have to try twice because the first time had no message.
I would rather have a class action to restore any ruined credit, which might not involve all 143 million compromised consumers, but the problem with this is no one can know if this resulted from the equifax breach or some other breach.
Finally, credit monitoring is useless.
Agreed on both points!
My info has been impacted.
The insider selling leaves them open to securities lawsuits and it makes them look bad.
Same for myself and my wife. Yes, the stock dump makes them look bad and trying to get out of lawsuits by offering free monitoring only if you waive your right to sue is downright dirty. Not a good look at all for them. And they have pretty much said they will not help restore any ruined credit from this – only provide monitoring.
“Bear minimum”
Haha whoops – thanks Stvr….updated!
Beware – https://twitter.com/zackwhittaker/status/906178254331142144
I think this is technically wrong. I think you have to actually sign up for the monitoring service not just check if you have been hacked. They have also backed off of it somewhat
You could be giving up some of your rights to sue. At first, Equifax said anyone who gets the credit monitoring service, TrustedID, must agree to submit any complaints about it to arbitration. Those people wouldn’t be allowed to sue, join a class-action suit, or benefit from any class-action settlement.
After public pressure, Equifax added an opt-out provision on Friday. Customers can get out of the arbitration requirement by notifying Equifax in writing within 30 days of accepting the monitoring service.
http://money.cnn.com/2017/09/08/technology/equifax-monitoring-services/index.html
FYI – this came out last night
Update: Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.
https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-know-before-you-check-equifaxs-data-breach-website/?utm_term=.b173a90359a6