Equifax Inc said on Thursday it has taken one of its customer help website pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of more than 145 million people. The move came after an independent security analyst on Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.
Background: What is Equifax?
Equifax is one of three major U.S. credit reporting bureaus. The other two are TransUnion and Experian. There is also a smaller, less well-known credit-reporting agency called Innovis (aka CBCInnovis) that operates slightly different in that its main purpose is to provide mortgage credit reporting services to the financial services industry.
Equifax, like TransUnion and Experian, track the financial histories of consumers and use this information to analyze whether a person is “credit-worthy” by issuing them a credit score. The credit score is based on the credit history contained in the credit report, a record of consumers’ financial histories. Credit reports are comprised of information about your bill payment history, loans, current debt, and other financial information. Credit reports also contain information about where you work and live and whether you’ve been sued, arrested, or filed for bankruptcy.
Credit reports, which are also called credit records, credit files, and credit histories, help lenders decide whether or not to extend you credit or approve a loan, and determine what interest rate they will charge you. Prospective employers, insurers, and rental property owners may also look at your credit report. Typically, the information collected on consumers is sold by the credit bureau (e.g., Equifax, Experian, or TransUnion) to credit card companies and other financial institutions.
The hackers had access to data from May 2017 to July 2017, including names, birth dates, Social Security numbers, driver’s license numbers and credit card numbers.
Who is Affected?
As many as 145.5 million people in the United States were affected, as well as 400,000 in the United Kingdom and 8,000 consumers in Canada. Credit card numbers for approximately 209,000 U.S. consumers and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers were accessed, according to Equifax.
What to do if it is likely that you were impacted by the Equifax data breach
The first thing you should do (if you haven’t already) is to obtain and review your credit report(s) and determine whether there’s been any unusual activity. Next, check whether your data has been hacked using the special website Equifax set up for data breach victims (www.equifaxsecurity2017.com). You will need to provide your last name and the last six numbers of your Social Security number. From there you can sign up for their free credit monitoring service. You won’t be able to enroll immediately; however, but will be given a date when you can return to the site to enroll. Keep in mind that Equifax will not send you a reminder to enroll so you should mark the date on your calendar so that you can start monitoring your credit as soon as possible.
Note: Equifax removed the arbitration clause from the website that was set up for data breach victims. The arbitration clause stated that by signing up for the free I.D. theft protection and monitoring from its TrustedID service a consumer could not take legal action against the company–including participating in any class-action lawsuits that might arise from the breach.
Freeze your credit report accounts at each of the credit bureaus. Freezing your credit reports (make sure to freeze your account at each of the credit bureaus) prevents anyone (including new creditors) from accessing your account. Equifax has waived the fee until November 21, 2017) and has agreed to refund fees to those who have paid since September 7, which is the date that the data breach was announced.
If you do not want to freeze your credit account, you can place a fraud alert on the account. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
Note: Unfortunately, a freeze on your credit report does not necessarily mean that your bank accounts and other identity-related information is safe. Furthermore, if you do need access to your credit report, you will need to pay a fee to “unfreeze” it.
Get in the habit of periodically check your bank, credit card, retirement, and other financial accounts that could potentially be impacted now or down the road and make sure your Internet security (antivirus, firewall, malware detector, etc.) is working properly.
Finally, filing your taxes earlier, rather than later (i.e., at the last minute) helps prevent a hacker from filing a tax return using your stolen identifying information.
Precautions to take if it appears that you were not impacted by the Equifax data breach
Even if the Equifax data breach website states that you were not affected, it’s a good idea to keep an eye on your credit reports, bank accounts, credit card accounts and other financial information. You can freeze your credit accounts as well (see above) and sign up for fraud protection.
Watch out for Equifax-related Scams
If you receive a phone call and the person on the other end says, “This is Equifax calling to verify your account information.” Hang up immediately. It’s a scam because Equifax will not call you out of the blue.
Every year, thousands of people lose money to telephone scams from a few dollars to their life savings. Scammers will say anything to cheat people out of money. Some seem very friendly– calling you by your first name, making small talk, and asking about your family. They may claim to work for a company you trust, or they may send email or place ads to convince you to call them.
If you get a call from someone you don’t know who is trying to sell you something you hadn’t planned to buy, say “No thanks.” And, if they pressure you about giving up personal information–like your credit card or Social Security number–don’t give in. Simply hang up.
Tips for recognizing and preventing phone scams and imposter scams:
- Don’t give out personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number that you know is correct.
- Don’t trust caller ID either. Scammers can spoof their numbers, so it looks like they are calling from a particular company, even when they’re not.
- If you get a robocall, hang up. Don’t press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.
- If you’ve already received a call that you think is fake, report it to the FTC. If you gave your personal information to an imposter, change any compromised passwords, account numbers or security questions immediately. If you’re concerned about identity theft, visit IdentityTheft.gov to learn how you can protect yourself.
Stay safe and take steps to protect your data. If you have any questions or concerns about the Equifax data breach and your taxes help is just a phone call away.