The equifax hack exposes 143 million people to the risk of identity theft

The equifax hack exposes 143 million people to the risk of identity theft

The company Equifax is one of the three big credit agencies alongside Experian and Transunion. It recently announced that it went through a major data breach and nearly all adults in the United States will be affected by it.

The breach occurred on March 7, 2017 but wasn’t discovered until July 29. The hackers were able to exploit the Equifax website to steal the dates of birth, addresses, social security numbers, and other personal data of about 143 million U.S. users. The information of about 44 million British residents and 100,000 Canadian consumers was also jeopardized. The hackers were also able to collect the credit card numbers of 209,000 U.S. consumers.

Many are outraged at the fact that the breach was discovered almost three months before it was announced on September 7.  Equifax has responded saying that the delay was caused due to the huge amount of data that was lost and the time it takes to discover whose identities were stolen.

Equifax also faced criticism for the fact that many of its executives sold 1.8 million dollars worth of shares in the time between the breach and its announcement. Though Equifax issued a statement saying the executives “had no knowledge that an intrusion had occurred at the time they sold their shares,” the social justice department is currently leading an investigation to see whether any insider trading laws have been violated.

Equifax made a site, which was met with anger as anyone wanted to use it would have to submit their social security numbers and last names. The site was also considered unsafe and labelled as a phishing site as it had poor security (a bad TLS implementation) and ran on WordPress. The site also did not use the the subdomain equifax.com and instead registered a new domain for the website. This lead to many fake websites being made, including a site created by software engineer Nick Sweeting. Even Equifax confused the fake site as its own, tweeting it out at least eight times. Sweeting made the site to show how the Equifax site could easily be mistaken for a phishing site. Sweeting told everyone who put their personal information into the website to tweet at Equifax to change their domain “before thousands of people loose [sic] their info to phishing sites!

Many have filed lawsuits against Equifax after the breach, including the law firm Geragos & Geragos, who might be filing a class action lawsuit against the company for 70 billion dollars. This suit may be the biggest class action lawsuit in U.S history.

To identify if your data was compromised you can use some of these steps:

  • Sign up for free credit monitoring: Even if your results did not state that you were affected, sign up. It is better to sign up to several different credit monitoring services. This is because the one year credit monitoring service provided by Equifax will not be enough. Such data breaches can have a life-long impact on the person affected and it is better to be safe than sorry.
  • Get your free annual credit report: You can get your free credit report from https://www.annualcreditreport.com/index.action  and continue to monitor your credit report yourself.
  • Initiate a credit freeze: You can initiate a credit freeze by contacting Equifax, Experian, and Transunion.
  • Join a class action lawsuit: If you find that your data has been breached you can join a class action lawsuit to get your lost money/ information back.

This massive data breach can affect its victims for their whole lives. If you are affected, please take the precautions listed above to be safe.