On September 7, the credit reporting company Equifax announced that a giant cybersecurity breach compromised the personal information of as many as 143 million Americans — almost half the country.  The information included  names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses.

Additionally, Equifax said that credit card numbers for about 209,000 U.S. customers were exposed, as was "personal identifying information" on roughly 182,000 U.S. customers involved in credit report disputes.

The breach occurred between mid-May and July, Equifax said. The company said it discovered the hack on July 29.

Equifax is one of three nationwide credit-reporting companies that track and rates the financial history of U.S. consumers. The companies are supplied with data about loans, loan payments and credit cards, as well as information on everything from child support payments, credit limits, missed rent and utilities payments, addresses and employer history, which all factor into credit scores.

Unlike other data breaches, not all of the people affected by the Equifax breach may be aware that they're customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.

Equifax claims that it is mailing notices to people whose credit cards or dispute documents were affected. However, the information could be used for other nefarious purposes such as identity theft.

Consumers can check Equifax's site EquifaxSecurity2017.com to see if they have been affected and to enroll in a year of free Equifax credit monitoring.

  [Note added by the WACC Webmaster:  But read the Terms of Use carefully; Equifax claims, as of September 12, that the clause requiring forced arbitration has been removed, or "does not apply to this incident".]

The company had also said it will send direct mail notices to consumers whose credit card numbers or dispute information were compromised.  However, that might not be done and in any case there are other steps to take quickly:

Presume the worst.  " The first assumption a consumer should make is that they are affected," said Neal Creighton, chief executive of security firm CounterTack.  “Thieves tend to sell and use such data quickly to capitalize on its value”

Check your existing credit accounts for suspicious transactions, and pull credit reports from AnnualCreditReport.com to check for new accounts in your name, Matt Schulz, senior industry analyst at CreditCards.com, said in a statement.  And keep watching.  "When breaches like these happen, consumers need to be diligent — and not just in the short term," Schulz said. "Just because nothing looks amiss on your bank statements or your credit report now, that doesn't mean you haven't been compromised."


The above is based on information in:




Updated September 13, 2017