If you haven’t been busy this week choking on smoke and running from forest fires in the western US, recovering from flooding in Texas, preparing for one of the strongest Atlantic hurricanes ever in Florida and the Caribbean, or simply fighting the good fight, you might have heard about the Equifax data leak - Equifax, a consumer credit reporting company, admitted that their database was breached and information on roughly 143 million US citizens (and some in the UK and Europe).
Equifax collects data about you and sells it to third parties. They’re an integral part of the credit infrastructure both in the US and worldwide. When you apply for a student or car loan, a mortgage or rent an apartment, car or even just tools, the organization you’re applying to will very likely check you out via Equifax. They’re one of the companies that calculates the “credit score” that determines how much will be extended to you. They collect and store the information that’s used to determine that you are you, and to decide whether to extend credit to you. And they just leaked the data they had on more than half the adults in the US.
While it’s possible that your business may be Equifax’ customer, you as an individual are not - you’re their asset. You may occasionally wrestle with them to try to correct information about you that they use to advise the business world on whether to extend credit to you, but you have no say and no control over what they know about you.
And now there’s a very good chance that they’ve leaked what they know about you - social security number, address, phone number, possibly credit card or bank account information - to thieves who’ll sell it to the highest, or possibly, any bidder. They’ve taken five weeks to let us all know about this, and they’ve set up a half-assed, insecure site to collect more information from you before they’ll let you know whether they did leak information about you (assuming they even know).
Ars Technica has two fine writeups about the situation:
How do you protect yourself, especially given that you cannot prevent Equifax from collecting information about you, and even if you did, you would then be unable to use credit?
First, some of this information has been out in the wild before. There’s a good chance your address and even your social security number has already been compromised.
For each credit card, bank or investment account that you use, be sure to enable any extra security that they offer - second factor will help a lot, especially if it uses an app rather than SMS (text messages), though second factor SMS is better than no second factor.
Update your personal security questions to use strong passwords (like “bzkev8Yq4zcHC%8jTz”) as answers rather than real answers (like “pizza”, which is easily guessable).
If you’ve been thinking about closing an account or switching banks, now might be a great time to do that.
Keep an eye on your charges.
And keep an eye on your credit score. The information that’s been stolen not only enables crackers to get into your existing accounts, it enables them to open new accounts in your name.
Consider signing up for a credit protection service. Equifax’ crappy web site will offer you a year of free service. It’s likely this is better than not having a year of service.
The impact of this breach may go on for years - the best way to protect yourself is to stay vigilant and monitor all your financial information regularly.
Wired has more suggestions as well.