Equifax has released a statement announcing that 143 million U.S. consumers may have had their personal data compromised. Equifax state the following:
- Unauthorized access occurred from mid-May through July 2017
- No evidence of any unauthorized activity on Equifax’s core consumer or commercial credit reporting databases
- Information accessed includes:
- Social Security numbers
- In some instances driver licenses numbers
- Credit card numbers were accessed for 209,000 U.S. consumers
- Dispute documents with personal identifying information for approximately 182,000 U.S. consumers were also accessed
- They have set up the following website: http://www.equifaxsecurity2017.com/ where consumers can see if their information is at risk and also the option to sign up for complimentary credit monitoring and identity theft protection. Update: This isn’t working at all currently as made up information comes back with positive results.
- There is some concern that signing up for TrustedID will waive your rights to participate in a class action lawsuit. More on this at TechCrunch. They have now updated the terms to indicate this is not the case.
This is obviously a pretty massive data breach with some potentially serious repercussions for people if their data has been breached. To make matters worse for Equifax it looks like three of their managers sold stock before the data breach was announced. Discover also offers free social security number alerts and new account alerts that might also be of some use if your data was compromised (or just as a general safeguard). I’ve long argued that the fines and punishments for data breaches aren’t in line with the damage down to individuals if their identity or data is stolen. I also think it’s ridiculous that Equifax can use a subsidiary company (TrustedID) to provide the credit monitoring and identity theft protection.