Equifax Data Breach Exposes 143 Million

Share This: Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someone

UPDATE 9/21/2017 

CNN Tech reports that a fake Equifax website went viral via Twitter yesterday. 

The worst part? Equifax fell for it. 

Equifax created a website for consumers affected by the company’s recent breach event called “equifaxsecurity2017.com” to offer a way for consumers to determine their impact, as well as general information about the breach. Additionally, the company has been using Twitter and other social media outlets to respond to breach-related questions and concerns.

The fake website, “securityequifax2017.com,” was created by software engineer Nick Sweeting. Screenshots taken from the company’s official Twitter account show Equifax linking to the phishing website multiple times.  Don’t worry, the phishing site was not meant to steal your data, but to show how convincing phishing sites can be.

Criminals set up these sites to target already-breached victims, hoping to get even more information from them. Equifax’s run-in with this fake website highlights just how common phishing attacks are after data breaches — and how they’re still a risk to victims even outside of email communications.

The good news is that both sites have been shut down as of today. Make sure that website domains are spelled correctly, and that there is a green lock present in the address bar when you’re prompted to enter personal information.

Keep following this story for more updates on the Equifax data breach. Be sure to visit our Resources for more information about data breaches and our Identity Security FAQ page for answers to your Equifax breach-related questions. 

 

UPDATE 9/11/2017

In response to its recent breach, Equifax has offered free identity protection services to all U.S. consumers. However, news reports have commented that the company’s Terms of Use agreement could put affected users in a legal bind.

At first glance, a clause in Equifax’s Terms of Use makes it seem like those enrolled in free post-breach services waive their rights to file a lawsuit against the company. However, Equifax has clarified that its Terms of Use do not apply to the services offered in response to the breach.

EZShield Customers: Visit your online dashboard and review any alerts that could indicate your information was compromised. Contact the Resolution Center for any questions or concerns you may have about this breach.

Keep following Fighting Identity Crimes for more updates on this story.

 

What happened? 

On Sept. 7, Equifax confirmed they had suffered a major data breach, in which criminals accessed consumer files and personal information of around 143 million Americans. The Equifax data breach was executed through a “website application vulnerability.”

Scope of Breach 

When the Equifax data breach was initially discovered on July 29, the company responded by hiring an independent security firm to promptly begin investigating.  Names, Social Security numbers, birthdates and addresses were among the exposed information. Some driver’s licenses were also compromised.

The investigation also found that credit card information of 209,000 U.S. consumers, and sensitive documents belonging to 182,000 U.S. consumers were also exposed. However, Equifax’s core consumer and commercial credit reporting databases were not affected.

Equifax is offering all U.S. consumers free credit and Internet monitoring services for a year. If you already have monitoring services through EZShield, be sure that your information is stored in your Online Identity Vault™, and that your monitoring alerts are turned on. This will help alert you to any malicious use of personal information stolen in the Equifax data breach.

What should I do? 

Next Steps:

  1. Visit equifaxsecurity2017.com and follow the instructions on the site to determine whether your information was exposed. If Equifax indicates that your information could have been affected by the breach, place a credit freeze or fraud alert on your files from all three credit bureaus.
  2. Continue monitoring your financial accounts and credit reports for suspicious activity that could mean fraud or identity theft.

Other Protective Measures to Consider:

  1. Visit your Online Dashboard to securely store your personal information, Social Security number, credit and debit cards. For customers who have monitoring services, keep your eyes peeled for any related alerts.
  2. If you don’t have Internet or Credit Monitoring services on your dashboard, consider adding them or take advantage of Equifax’s free one-year identity theft protection services.
  3. Call the Resolution Center if you have any questions, or you think your information was exposed.

The Importance of Monitoring Services

Internet Monitoring: When your information is exposed in a breach, it is often then sold by criminals online. Internet Monitoring will alert you if your information is found being traded on the Dark Web — allowing you to cancel a card or close an account before more substantial damage is done.
Credit Monitoring: The Equifax data breach is especially concerning because the exposed information includes Social Security numbers. Criminals can then use this information to open new accounts or new lines of credit under your name. Credit Monitoring will alert you of any inquiries or changes to your credit report. 

Continue following Fighting Identity Crimes to stay up-to-date on the latest data breaches and scams, as well as tips from our industry experts on how to secure your identity.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John Burcham, Chief Privacy Officer at EZShield Fraud Protection
John Burcham is Corporate Counsel for EZShield. He is a Certified Compliance and Ethics Professional...
Read more about John Burcham.

4 Comments

  1. Is there any reason why these three “credit reporting” services are allowed to even exist? They keep records on people that are often false or misleading, make credit worthiness a scam due to ways of gaming their systems of ratings, and now are open repositories of our most personal identifying information just waiting for the next hack. Shut them down!

    Reply
    • Hi Jerrold,

      It’s great to see you’re thinking proactively about your personal information. Breaches like this can make us think twice about what information is out there about us and who can access it. Identity crimes are especially prevalent today simply because information exchange is so abundant in our technology-first world.

      Credit bureaus can actually be helpful in preventing fraud and identity theft. No system is perfect, but reviewing your credit files can help you discover fraudulent accounts or unauthorized lines of credit in your name — often signs that an identity crime has occurred. Thankfully, Equifax’s core consumer and commercial credit reporting databases were unaffected by this breach. We suggest that you pull your credit reports from all three credit bureaus (Experian, Equifax, TransUnion) to check for any fraudulent activity or unauthorized accounts. We also recommend placing a fraud alert on your credit files – a tool that helps you find fraudulent activity on your accounts – or implementing a credit freeze so that fraudsters cannot access your files.

      If you have EZShield services, visit your dashboard to secure sensitive information in your Online Identity Vault™, and review any alerts that could mean you were affected by this breach. Reach out to the Resolution Center with any further questions or concerns about your potential impact.

      Best,

      The EZShield Team

      Reply
    • Hi Randall,

      Thanks so much for reaching out. We worked hard to investigate this claim because your concerns are valid — especially after a security event as large as this one. While we cannot comment for the company itself, Equifax’s breach resource website (equifaxsecurity2017.com) states that the Terms of Use agreement does not apply to the services offered as a result of this breach event. We encourage everyone to visit the website for extensive information about the breach, who was affected and what the company is doing in response.

      If you have EZShield services, visit your dashboard to secure sensitive information in your Online Identity Vault™, and review any alerts that could mean you were affected by this breach. Reach out to the Resolution Center with any further questions or concerns about your potential impact.

      Best,

      The EZShield Team

      Reply

Leave a Comment.